Description
Hey,
We tried to deploy the operator using this in the manifest to allow pod to run as non root:
kubernetes_use_configmaps: "false"
spilo_allow_privilege_escalation: "false"
spilo_runasuser: 101
spilo_runasgroup: 103
spilo_fsgroup: 103
spilo_privileged: "false"
pod are now starting but we have issue like this:
runsv pgqd: fatal: unable to start ./run: access denied
and this is not working as expected.
As a workaround we deployed custom images with this:
`RUN chown -R postgres:postgres /bin
#/etc/hosts and /etc/resolv.conf cannot be chowned
#RUN chown -R postgres:postgres /etc
RUN chown -R postgres:postgres /lib
RUN chown -R postgres:postgres /run
RUN chown -R postgres:postgres /sbin
RUN chown -R postgres:postgres /usr
RUN chown -R postgres:postgres /var
RUN chown postgres:postgres /launch.sh
RUN sed -i '10 a rm /etc/supervisor/conf.d/cron.conf' /launch.sh
USER 101
`
But this is clearly not the way to do it...
Images used are lastest released.
Do you have any idea on what can be the solution with official images?