4

I have an azure container service (aks) cluster. It is migrated to version 1.8.1. I am trying to deploy postgres database and use AzureFileVolume to persist postgres data on.

By default, if I deploy the postgres database without mounting volume, everything is working as excepted, i.e. pod is created and database is initialized.

When I try to mount a volume using the yaml below, I get initdb: could not access directory "/var/lib/postgresql/data": Permission denied.

I tried various hacks as suggested in this long github thread, like: setting security context for the pod or running chown commands in initContainers. The result was the same - permission denied.

Any ideas would be appreciated.

apiVersion: v1
kind: Service
metadata:
  labels:
    app: myapp
    component: test-db
  name: test-db
spec:
  ports:
    - port: 5432
  selector:
    app: myapp
    component: test-db
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: test-db
spec:
  template:
    metadata:
      labels:
        app: myapp
        component: test-db
    spec:
      securityContext:
        fsGroup: 999
        runAsUser: 999      
      containers:
      - name: test-db  
        image: postgres:latest  
        securityContext:
          allowPrivilegeEscalation: false          
        ports:
        - containerPort: 5432
        env:
        - name: POSTGRES_DB
          value: myappdb
        - name: POSTGRES_USER
          value: myappdbuser  
        - name: POSTGRES_PASSWORD
          value: qwerty1234
        volumeMounts:
          - name: azure
            mountPath: /var/lib/postgresql/data              
      volumes:
        - name: azure
          azureFile:
            secretName: azure-secret
            shareName: acishare
            readOnly: false
regnauld
  • 4,046
  • 3
  • 23
  • 22
  • You specified `runAsUser: 999`, but remember that all Docker volumes will be [mounted as root](https://github.com/moby/moby/issues/2259). This might lead to permission issues. Also, I experienced that kubernetes sometimes remounts the volume, so an initial `chmod` might not be enough. – user3151902 Nov 08 '17 at 15:54

2 Answers2

2

We came across the same problems and figured out the following solution:

Instead of using an AzureFileVolume, we used an AzureDisk. So what we needed in Kubernetes is the following...

Storage Class

enter image description here

With your Azure account name

Persistent Volume Claim

Persistent Volume Claim

PostgreSQL Deployment Include PVC in the Kubernetes Deployment

- name: postgres-db
  persistentVolumeClaim:
      claimName: pvc-postgresdb

Additionally we need to point the PGDATA var to a subdirectory of the mounted directory. Because Azure is creating some issues with the AzureDisk type in the base directory.

#... evn definitions... 
- name: PGDATA
  value: /var/lib/postgresql/data/pgdata
volumeMounts:
- mountPath: /var/lib/postgresql/data/
  name: postgres-db
Lennart Blom
  • 513
  • 3
  • 19
  • Yes, I heard from different place that AzureBlob/Disk should be used instead of FileStorage. I'll give it a try again in the next days. Thanks – regnauld Nov 22 '17 at 10:16
  • Feel free to message me on twitter (@lennartblom) for details (YAMLs, Azure settings). We stuck the last 5 days figuring this out... we are happy to help! – Lennart Blom Nov 22 '17 at 10:57
  • @LennartBlom are you running multiple replicas of postgres like this? – jKlaus Jan 24 '18 at 20:41
2

This won't work you need to use azure disks, reason postgres uses hard links which are not supported by azure files https://github.com/docker-library/postgres/issues/548

Anass Kartit
  • 2,017
  • 15
  • 22