ACL permissions in Kubernetes statefulset for pgAdmin

Question

I'm following this tutorial for deploying pgAdmin in a kubernetes cluster: https://www.enterprisedb.com/blog/how-deploy-pgadmin-kubernetes

Mostly it works, but I get erros about the acl permissions of the volume:

WARNING: Failed to set ACL on the directory containing the configuration database:
[Errno 1] Operation not permitted: '/var/lib/pgadmin'
HINT   : You may need to manually set the permissions on
         /var/lib/pgadmin to allow pgadmin to write to it.

Since I saw some similar errors before I adjusted in the statefulset the securityContext to:

   spec:
     securityContext:
      runAsUser: 5050
      runAsGroup: 5050
      fsGroup: 5050
     containers:
       ...

Some of the issues are gone through this, but not the one above. In the pgAdmin docs I can only find how to solve this by using chmod on the folder, but I want these permissions in the yml files for stable deployment.

How can I do this in my configuration files?

I recommend you to check solution from this case on Stack: [Kubernetes persistent volume mount for PgAdmin](https://stackoverflow.com/questions/64201305/kubernetes-persistent-volume-mount-for-pgadmin) — Andrew Skorkin, Aug 20 '21 at 10:19
@AndrewSkorkin Thanks, but your suggestion corresponds not to a statefulset but a deployment. I could solve some issues by using an initContainer, but pgAdmin is still not working properly. — Heikkisorsa, Aug 23 '21 at 08:07
Hello @Heikkisorsa Did you resolve this issue? If no, you can try next solution with deployment of pgAdmin 4 via Helm. Additional information with configuring you can find on [GitHub](https://github.com/rowanruseler/helm-charts/tree/master/charts/pgadmin4) — Andrew Skorkin, Sep 07 '21 at 15:50
@AndrewSkorkin Thanks, Helm sure works, but we don't use it internally and we would like our deployments to be consistent. I guess it was a namespace issue with the config in the ConfigMap. — Heikkisorsa, Sep 08 '21 at 05:54

score 1 · Accepted Answer · answered Sep 08 '21 at 05:56

1

In a kubernetes cluster the tutorial seems to have multiple flaws: The ACL permissions can fail, which can be dealt with an initContainer, and the namespaces must fit. Afterwards, it works like a charm.

answered Sep 08 '21 at 05:56

Heikkisorsa

740
9
31

ACL permissions in Kubernetes statefulset for pgAdmin

1 Answers1