3

I am trying to set a postgres parameter (shared_buffers) into my postgres database pod. I am trying to set an init container to set the db variable, but it is not working because the init container runs as the root user.

What is the best way to edit the db variable on the pods? I do not have the ability to make the change within the image, because the variable needs to be different for different instances. If it helps, the command I need to run is a "postgres -c" command.

"root" execution of the PostgreSQL server is not permitted.
The server must be started under an unprivileged user ID to prevent
possible system security compromise.  See the documentation for
more information on how to properly start the server.
Improve this question
1
  • Can you include the deployment yaml you are trying? Commented Mar 21, 2020 at 1:24

2 Answers 2

Reset to default
9

In my case, the @Rico answer didn't help me out of the box because I don't use postgres with a persistent storage mount, which means there is no /var/lib/postgresql/data folder and pre-existed database (so both proposed options have failed in my case).

To successfully apply postgres settings, I used only args (without command section).

In that case, k8s will pass these args to the default entrypoint defined in the docker image (docs), and as for postgres entrypoint, it is made so that any options passed to the docker command will be passed along to the postgres server daemon (look section Database Configuration at: https://hub.docker.com/_/postgres)

apiVersion: v1
kind: Pod
metadata:
  name: postgres
spec:
  containers:
    - image: postgres:9.6.8
      name: postgres
      args: ["-c", "shared_buffers=256MB", "-c", "max_connections=207"]

To check that the settings applied:

$ kubectl exec -it postgres -- bash
root@postgres:/# su postgres
$ psql -c 'show max_connections;'
 max_connections
-----------------
 207
(1 row)
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

5

You didn't share your Pod/Deployment definition, but I believe you want to set shared_buffers from the command line of the actual container (not the init container) in your Pod definition. Something like this if you are using a deployment:

apiVersion: v1
kind: Deployment
metadata:
  name: postgres
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: postgres
    spec:
      containers:
        - name: postgres
          image: postgres:12.2
          imagePullPolicy: "IfNotPresent"
          command: ["postgres"] # <-- add this
          args: ["-D", "-c", "shared_buffers=128MB"] # <-- add this
          ports:
            - containerPort: 5432
          securityContext:
            runAsUser: 1000
            runAsGroup: 1000
            fsGroup: 1000
          volumeMounts:
            - mountPath: /var/lib/postgresql/data
              name: postgredb
            - name: postgresql-config-volume # <-- use if you are using a ConfigMap (see below)
              mountPath: /var/lib/postgres/data/postgresql.conf
      volumes:
        - name: postgredb
          persistentVolumeClaim:
            claimName: postgres-pv-claim # <-- note: you need to have this already predefined
        - name: postgresql-config-volume # <-- use if you are using a ConfigMap (see below)
          configMap:
            name: postgresql-config

Notice that if you are using a ConfigMap you can also do this (note that you may want to add more configuration options besides shared_buffers):

apiVersion: v1
kind: ConfigMap
metadata:
  name: postgresql-config
data:
  postgresql.conf: |
    shared_buffers=256MB
Improve this answer

2 Comments

I have added what I am seeing in the question at the bottom. Looks like I am unable to use the command as the root user. Any way to run the command as the postgres user?
You can try running the container with a securityContext that uses the postgres user/group. I updated the Deployment definition.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.