1

I solved a permission issue when mounting /var/lib/postgresql/data by following this answer with initContainers.

Now I'm trying to mount postgresql.conf as a volume, and I'm running into a similar permissioning issue that throws chown: /var/lib/postgresql/data/postgresql.conf: Read-only file system.

What could I be missing? I've tried a bunch of different variations with little luck.

apiVersion: apps/v1beta1
kind: StatefulSet
metadata:
  name: postgres
  labels:
    app: postgres
spec:
  serviceName: postgres
  replicas: 1
  updateStrategy:
    type: RollingUpdate
  template:
    metadata:
      labels:
        app: postgres
    spec:
      terminationGracePeriodSeconds: 10
      initContainers:
      - name: chmod-er
        image: busybox:latest
        command:
        - /bin/chown
        - -R
        - '0'
        - /var/lib/postgresql/data
        volumeMounts:
        - name: postgredb
          mountPath: /var/lib/postgresql/data
        - name: pg-config
          mountPath: /var/lib/postgresql/data/postgresql.conf
          subPath: postgresql.conf
      containers:
        - name: postgres
          image: mdillon/postgis:10-alpine
          ports:
            - containerPort: 5432
          volumeMounts:
            - name: postgredb
              mountPath: /var/lib/postgresql/data
              subPath: data
            - name: pg-config
              mountPath: /var/lib/postgresql/data/postgresql.conf
              subPath: postgresql.conf
      volumes:
        - name: postgredb
          persistentVolumeClaim:
            claimName: postgres-pvc
        - name: pg-config
          configMap:
            name: pg-config
            items:
              - key: postgresql.conf
                path: postgresql.conf
Mike
  • 1,180
  • 3
  • 15
  • 28

4 Answers4

5

From kubernetes 1.8 on, configmap is mounted readonly, excerpt from the CHANGELOG-1.8.md:

Changes secret, configMap, downwardAPI and projected volumes to mount read-only, instead of allowing applications to write data and then reverting it automatically. Until version 1.11, setting the feature gate ReadOnlyAPIDataVolumes=false will preserve the old behavior. (#58720, @joelsmith)

If you want to change the file that mounted from the configmap, you can copy it to another directory, then update it.

Kun Li
  • 2,570
  • 10
  • 15
0

Update your entity configuration and set readonly to false:

volumeMounts:
- name: postgredb
  mountPath: /var/lib/postgresql/data
  readOnly: false
- name: pg-config
  mountPath: /var/lib/postgresql/data/postgresql.conf
  subPath: postgresql.conf
  readOnly: false
M-Razavi
  • 3,327
  • 2
  • 34
  • 46
0

The solution I use is to override the postgresql.conf parameters I need as command-line parameters of the container:

  containers:
    - name: postgres
      (...) 
      args:
        - -c
        - logging_collector=on
        - -c
        - log_directory=/var/log/postgresql

without mounting a modified postgresql.conf

Source: https://github.com/docker-library/docs/blob/master/postgres/README.md#database-configuration

Mossroy
  • 710
  • 6
  • 11
0

Unfortunately setting readOnly: false wasn't enough for my case.

To solve this issue with "Read-only file system" you have to mount your postgresql.conf in the directory other than Postgres Data Directory (/var/lib/postgresql/data by default)

Try the following:

  containers:
    - name: postgres
      image: mdillon/postgis:10-alpine
      args: ['-c', 'config_file=/etc/postgresql/postgresql.conf']
      volumeMounts:
        - mountPath: /var/lib/postgresql/data
          name: dbdata
          readOnly: false
        - mountPath: /etc/postgresql/postgresql.conf
          name: pg-server-config
          subPath: postgresql.conf
          readOnly: false
  volumes:
    - name: dbdata
      persistentVolumeClaim:
        claimName: dbdata
    - name: pg-server-config
      configMap:
        name: pg-server-configmap

Note the args section where the custom config is chosen.

Kecz
  • 90
  • 7