0

I'm trying to deploy postgres/postgis on GKE, but I continue to get the permission error: initdb: could not change permissions of directory "/var/lib/postgresql/data": Operation not permitted. I've tried various fixes that I've researched but I've yet to get passed this error. Below is my deployment yaml.

What am I missing?

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: postgres
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: postgres
    spec:
      terminationGracePeriodSeconds: 10
      securityContext:
        runAsUser: 1000
        fsGroup: 1000
      containers:
        - name: postgres
          image: mdillon/postgis:10
          imagePullPolicy: "IfNotPresent"
          ports:
            - containerPort: 5432
          env:
            - name: POSTGRES_DB
              value: "database"
            - name: POSTGRES_USER
              value: "postgres"
            - name: POSTGRES_PASSWORD
              value: "postgres"
          volumeMounts:
            - name: postgredb
              mountPath: /var/lib/postgresql/data
              subPath: data
      volumes:
        - name: postgredb
          persistentVolumeClaim:
            claimName: postgres-pvc
Mike
  • 1,180
  • 3
  • 15
  • 28

2 Answers2

2

While it is not exactly the same question, this "use an initContainer: to chmod" answer will interest you: chown: changing ownership of '/data/db': Operation not permitted

mdaniel
  • 31,240
  • 5
  • 55
  • 58
2

The clue can be found under the PGDATA section:

https://hub.docker.com/_/postgres

This optional variable can be used to define another location - like a subdirectory - for the database files. The default is /var/lib/postgresql/data. If the data volume you're using is a filesystem mountpoint (like with GCE persistent disks) or remote folder that cannot be chowned to the postgres user (like some NFS mounts), Postgres initdb recommends a subdirectory be created to contain the data.

For example:

$ docker run -d
--name some-postgres
-e POSTGRES_PASSWORD=mysecretpassword
-e PGDATA=/var/lib/postgresql/data/pgdata
-v /custom/mount:/var/lib/postgresql/data
postgres

So you would need 2 items in the YAML to get the equivalent of the Docker command above:

  1. Mount the PVC to the default directory used by Postgres (which you already have in you YAML)

    volumeMounts:
  - name: <volume_name>
    mountPath: /var/lib/postgresql/data
    readOnly: false

  2. Add PGDATA variable to the env variables:

    env:
  - name: PGDATA
    value: /var/lib/postgresql/data/pgdata
jersey bean
  • 3,321
  • 4
  • 28
  • 43