mkdir: cannot create directory ‘/bitnami/postgresql/data’: Permission denied

[docktermj]

Which chart:

bitnami/postgresql

Description

Although creating the bitnami/postgresql chart worked a few weeks ago in minikube, recently it has begun failing with the following error:

$ kubectl logs --namespace my-namespace my-postgresql-postgresql-0
 15:42:19.29 
 15:42:19.30 Welcome to the Bitnami postgresql container
 15:42:19.30 Subscribe to project updates by watching https://github.com/bitnami/bitnami-docker-postgresql
 15:42:19.30 Submit issues and feature requests at https://github.com/bitnami/bitnami-docker-postgresql/issues
 15:42:19.31 Send us your feedback at [email protected]
 15:42:19.31 
 15:42:19.34 INFO  ==> ** Starting PostgreSQL setup **
 15:42:19.43 INFO  ==> Validating settings in POSTGRESQL_* env vars..
 15:42:19.44 INFO  ==> Initializing PostgreSQL database...
 15:42:19.47 INFO  ==> postgresql.conf file not detected. Generating it...
 15:42:19.49 INFO  ==> pg_hba.conf file not detected. Generating it...
mkdir: cannot create directory ‘/bitnami/postgresql/data’: Permission denied
 15:42:19.51 INFO  ==> Stopping PostgreSQL...

Steps to reproduce the issue:

1. Start MiniKube

minikube start --cpus 4 --memory 8192 --vm-driver kvm2

2. Install Tiller

kubectl create serviceaccount -n kube-system tiller
kubectl create clusterrolebinding tiller-cluster-rule \
  --clusterrole=cluster-admin \
  --serviceaccount=kube-system:tiller
helm init --service-account tiller

3. Contents of namespace.yaml file:

apiVersion: v1
kind: Namespace
metadata:
  name: my-namespace
  labels:
    name: my-namespace

4. Create namespace:

kubectl create -f namespace.yaml

5. Contents of persistent-volume-postgresql.yaml file:

apiVersion: v1
kind: PersistentVolume
metadata:
  name: postgresql-volume
  labels:
    type: local
  namespace: my-namespace
spec:
  storageClassName: manual
  capacity:
    storage: 10Gi
  accessModes:
    - ReadWriteOnce
  persistentVolumeReclaimPolicy: Retain
  hostPath:
    path: "/var/postgresql"

6. Create persistent volume:

kubectl create -f persistent-volume-postgresql.yaml

7. Contents of persistent-volume-claim-postgresql.yaml file

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  finalizers:
  - kubernetes.io/pvc-protection
  labels:
    cattle.io/creator: norman
  name: postgresql-claim
  namespace: my-namespace
spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 10Gi
  storageClassName: "manual"
  volumeName: postgresql-volume

8. Create persistent volume claim:

kubectl create -f persistent-volume-claim-postgresql.yaml

9. Add Bitnami Helm repository

helm repo add bitnami https://charts.bitnami.com

10. Contents of postgresql.yaml file:

image:
  pullPolicy: Always

persistence:
  existingClaim: postgresql-claim

postgresqlDatabase: G2
postgresqlPassword: postgres

securityContext:
  enabled: false

11. Install bitnami/postgresql helm chart.

helm install \
  --name my-postgresql \
  --namespace my-namespace \
  --values postgresql.yaml \
  bitnami/postgresql

12. Watch for error.

kubectl get pods \
  --namespace my-namespace \
  --watch

Describe the results you received:

13. View error.

$ kubectl logs --namespace my-namespace my-postgresql-postgresql-0
 15:42:19.29 
 15:42:19.30 Welcome to the Bitnami postgresql container
 15:42:19.30 Subscribe to project updates by watching https://github.com/bitnami/bitnami-docker-postgresql
 15:42:19.30 Submit issues and feature requests at https://github.com/bitnami/bitnami-docker-postgresql/issues
 15:42:19.31 Send us your feedback at [email protected]
 15:42:19.31 
 15:42:19.34 INFO  ==> ** Starting PostgreSQL setup **
 15:42:19.43 INFO  ==> Validating settings in POSTGRESQL_* env vars..
 15:42:19.44 INFO  ==> Initializing PostgreSQL database...
 15:42:19.47 INFO  ==> postgresql.conf file not detected. Generating it...
 15:42:19.49 INFO  ==> pg_hba.conf file not detected. Generating it...
mkdir: cannot create directory ‘/bitnami/postgresql/data’: Permission denied
 15:42:19.51 INFO  ==> Stopping PostgreSQL...

Describe the results you expected:

A chart that comes up. :-)

Additional information you deem important (e.g. issue happens only occasionally):

Version of Helm and Kubernetes:

• Output of helm version:

$ helm version
Client: &version.Version{SemVer:"v2.13.1", GitCommit:"618447cbf203d147601b4b9bd7f8c37a5d39fbb4", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.13.1", GitCommit:"618447cbf203d147601b4b9bd7f8c37a5d39fbb4", GitTreeState:"clean"}

• Output of kubectl version:

$ kubectl version
Client Version: version.Info{Major:"1", Minor:"14", GitVersion:"v1.14.0", GitCommit:"641856db18352033a0d96dbc99153fa3b27298e5", GitTreeState:"clean", BuildDate:"2019-03-25T15:53:57Z", GoVersion:"go1.12.1", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"14", GitVersion:"v1.14.0", GitCommit:"641856db18352033a0d96dbc99153fa3b27298e5", GitTreeState:"clean", BuildDate:"2019-03-25T15:45:25Z", GoVersion:"go1.12.1", Compiler:"gc", Platform:"linux/amd64"}

[docktermj]

Minikube version:

$ minikube version
minikube version: v1.0.0

[docktermj]

Cleanup:

helm delete --purge my-postgresql
helm repo remove bitnami
kubectl delete -f persistent-volume-claim-postgresql.yaml
kubectl delete -f persistent-volume-postgresql.yaml
kubectl delete -f namespace.yaml

minikube stop
minikube delete

[javsalgar]

I see that you manually created a PVC using hostpath. In that case, the permissions may be incorrect due to the non-root nature of the container. Could you try not creating the PVC instead?

[docktermj]

kubernetes/minikube#1990

[docktermj]

/bitnami/postgresql/data was introduced in upstreamed/postgresql/values.yaml 22 days ago (Around May 9, 2019) in the following commit:

• 36e63cf
• 36e63cf#diff-bda091bb710f66779e36a1b311888183

[docktermj]

Well I thought configuring minikube's mount point would help. It gets me further, but yet another roadblock:

Variables

export VAR_POSTGRESQL_MOUNT=~/bitnami-postgresql-data
export MINIKUBE_USER=me
export MINIKUBE_GROUP=me

Commands

mkdir -p ${VAR_POSTGRESQL_MOUNT}
minikube mount \
  --mode 511 \
  --uid ${MINIKUBE_USER} \
  --gid ${MINIKUBE_GROUP} \
  ${VAR_POSTGRESQL_MOUNT}:/var/postgresql

Results (after running commands in original issue description):

$ kubectl logs --namespace my-namespace my-postgresql-postgresql-0
 18:14:23.25 
 18:14:23.25 Welcome to the Bitnami postgresql container
 18:14:23.25 Subscribe to project updates by watching https://github.com/bitnami/bitnami-docker-postgresql
 18:14:23.26 Submit issues and feature requests at https://github.com/bitnami/bitnami-docker-postgresql/issues
 18:14:23.26 Send us your feedback at [email protected]
 18:14:23.26 
 18:14:23.29 INFO  ==> ** Starting PostgreSQL setup **
 18:14:23.37 INFO  ==> Validating settings in POSTGRESQL_* env vars..
 18:14:23.38 INFO  ==> Initializing PostgreSQL database...
 18:14:23.40 INFO  ==> postgresql.conf file not detected. Generating it...
 18:14:23.41 INFO  ==> pg_hba.conf file not detected. Generating it...
 18:14:23.43 INFO  ==> Deploying PostgreSQL with persisted data...
 18:14:23.44 INFO  ==> Configuring replication parameters
 18:14:23.50 INFO  ==> Loading custom scripts...
 18:14:23.50 INFO  ==> Enabling remote connections
 18:14:23.52 INFO  ==> Stopping PostgreSQL...
 18:14:23.53 INFO  ==> ** PostgreSQL setup finished! **

 18:14:23.60 INFO  ==> ** Starting PostgreSQL **
2019-05-31 18:14:23.627 GMT [1] LOG:  skipping missing configuration file "/bitnami/postgresql/data/postgresql.auto.conf"
2019-05-31 18:14:23.630 GMT [1] FATAL:  data directory "/bitnami/postgresql/data" has wrong ownership
2019-05-31 18:14:23.630 GMT [1] HINT:  The server must be started by the user that owns the data directory.

[docktermj]

@javsalgar, Unfortunately running without a PVC is a non-starter. The demonstration I'm creating needs to illustrate the use of PV and PVC. We anticipate customers wanting to try it out on minikube and then use "real" PV/PVC on their production Kubernetes.

We're delighted with Bitnami Docker images and Helm charts, we don't want to highlight any short-comings with them. So I'm looking for a straight-forward way of illustrating the use of Bitnami charts for PostgreSQL (and RabbitMQ) in a minikube environment.

[docktermj]

Although it doesn't help me get where I want to go, If I change the contents of postgresql.yaml to

image:
  pullPolicy: Always

persistence:
  enabled: false

postgresqlDatabase: G2
postgresqlPassword: postgres

That is persistence.enabled: false. It works. But that doesn't get me what I need.

[docktermj]

...what gets me is that this chart and the RabbitMQ chart were working about a month ago in minikube. So this issue concerns something that changed in the last month.

[docktermj]

https://github.com/bitnami/bitnami-docker-postgresql/issues/91

[javsalgar]

Hi,

I saw that you opened an issue in helm/charts#14390. Let's continue the conversation there.

[docktermj]

Closed in favor of helm/charts#14390

[mirekphd]

@docktermj : incorrect ownership of '/bitnami/postgresql/data’ is a more generic problem, not specific to Helm charts, so I'd rather re-open the issue if you can, if only to correct the volumes documentation on Docker Hub overview page to incorporate my solution I found here.

It has just resurfaced for bitnami/postgres:12 in our Openshift 3.11 cluster with data persistence provided by PVCs mapped to local NFS.

If I set mountPath to /bitnami/postgresql or /bitnami/postgresql/data, I still get the error. The message (printed in application logs only when I set BITNAMI_DEBUG="true") is just as the OP reported:

See error log details

postgresql 10:33:22.43
postgresql 10:33:22.44 Welcome to the Bitnami postgresql container
postgresql 10:33:22.44 Subscribe to project updates by watching https://github.com/bitnami/bitnami-docker-postgresql
postgresql 10:33:22.44 Submit issues and feature requests at https://github.com/bitnami/bitnami-docker-postgresql/issues
postgresql 10:33:22.44
postgresql 10:33:22.45 DEBUG ==> Configuring libnss_wrapper...
postgresql 10:33:22.46 INFO  ==> ** Starting PostgreSQL setup **
postgresql 10:33:22.48 INFO  ==> Validating settings in POSTGRESQL_* env vars..
postgresql 10:33:22.48 INFO  ==> Loading custom pre-init scripts...
postgresql 10:33:22.49 INFO  ==> Initializing PostgreSQL database...
postgresql 10:33:22.50 DEBUG ==> Copying files from /bitnami/postgresql/conf to /opt/bitnami/postgresql/conf
postgresql 10:33:22.50 DEBUG ==> Ensuring expected directories/files exist...
postgresql 10:33:22.52 INFO  ==> pg_hba.conf file not detected. Generating it...
postgresql 10:33:22.52 INFO  ==> Generating local authentication configuration
postgresql 10:33:22.53 INFO  ==> Deploying PostgreSQL with persisted data...
postgresql 10:33:22.54 INFO  ==> Configuring replication parameters
postgresql 10:33:22.56 INFO  ==> Configuring fsync
postgresql 10:33:22.57 INFO  ==> Loading custom scripts...
postgresql 10:33:22.57 INFO  ==> Enabling remote connections
postgresql 10:33:22.58 INFO  ==> Stopping PostgreSQL...
postgresql 10:33:22.59 INFO  ==> ** PostgreSQL setup finished! **

postgresql 10:33:22.60 INFO  ==> ** Starting PostgreSQL **
2020-08-23 10:33:22.621 GMT [1] LOG:  skipping missing configuration file "/bitnami/postgresql/data/postgresql.auto.conf"
2020-08-23 10:33:22.622 GMT [1] FATAL:  data directory "/bitnami/postgresql/data" has wrong ownership
2020-08-23 10:33:22.622 GMT [1] HINT:  The server must be started by the user that owns the data directory.

However, if I move the mountPath up one level to /bitnami/, then bitnami/postgresql:12 container starts correctly:

See correct log details

postgresql 10:52:42.80
postgresql 10:52:42.80 Welcome to the Bitnami postgresql container
postgresql 10:52:42.80 Subscribe to project updates by watching https://github.com/bitnami/bitnami-docker-postgresql
postgresql 10:52:42.80 Submit issues and feature requests at https://github.com/bitnami/bitnami-docker-postgresql/issues
postgresql 10:52:42.80
postgresql 10:52:42.81 DEBUG ==> Configuring libnss_wrapper...
postgresql 10:52:42.82 INFO  ==> ** Starting PostgreSQL setup **
postgresql 10:52:42.84 INFO  ==> Validating settings in POSTGRESQL_* env vars..
postgresql 10:52:42.85 INFO  ==> Loading custom pre-init scripts...
postgresql 10:52:42.85 INFO  ==> Initializing PostgreSQL database...
postgresql 10:52:42.86 DEBUG ==> Copying files from /bitnami/postgresql/conf to /opt/bitnami/postgresql/conf
postgresql 10:52:42.86 DEBUG ==> Ensuring expected directories/files exist...
postgresql 10:52:42.88 INFO  ==> pg_hba.conf file not detected. Generating it...
postgresql 10:52:42.88 INFO  ==> Generating local authentication configuration
The files belonging to this database system will be owned by user "postgres".
This user must also own the server process.

The database cluster will be initialized with locale "en_US.UTF-8".
The default text search configuration will be set to "english".

Data page checksums are disabled.

fixing permissions on existing directory /bitnami/postgresql/data ... ok
creating subdirectories ... ok
selecting dynamic shared memory implementation ... posix
selecting default max_connections ... 100
selecting default shared_buffers ... 128MB
selecting default time zone ... Etc/UTC
creating configuration files ... ok
running bootstrap script ... ok
performing post-bootstrap initialization ... ok
initdb: warning: enabling "trust" authentication for local connections
You can change this by editing pg_hba.conf or using the option -A, or
--auth-local and --auth-host, the next time you run initdb.
syncing data to disk ... ok


Success. You can now start the database server using:

    /opt/bitnami/postgresql/bin/pg_ctl -D /bitnami/postgresql/data -l logfile start

postgresql 10:52:43.87 INFO  ==> Starting PostgreSQL in background...
waiting for server to start....2020-08-23 10:52:43.898 GMT [68] LOG:  starting PostgreSQL 12.4 on x86_64-pc-linux-gnu, compiled by gcc (Debian 8.3.0-6) 8.3.0,64-bit
2020-08-23 10:52:43.899 GMT [68] LOG:  listening on IPv6 address "::1", port 5432
2020-08-23 10:52:43.899 GMT [68] LOG:  listening on IPv4 address "127.0.0.1", port 5432
2020-08-23 10:52:43.899 GMT [68] LOG:  listening on Unix socket "/tmp/.s.PGSQL.5432"
2020-08-23 10:52:43.907 GMT [69] LOG:  database system was shut down at 2020-08-23 10:52:43 GMT
2020-08-23 10:52:43.910 GMT [68] LOG:  database system is ready to accept connections
 done
server started
postgresql 10:52:44.00 INFO  ==> Creating user ${POSTGRESQL_USER}
CREATE ROLE
postgresql 10:52:44.01 INFO  ==> Granting access to "${POSTGRESQL_USER}" to the database "postgres"
GRANT
postgresql 10:52:44.03 INFO  ==> Configuring replication parameters
postgresql 10:52:44.05 INFO  ==> Configuring fsync
postgresql 10:52:44.06 INFO  ==> Loading custom scripts...
postgresql 10:52:44.07 INFO  ==> Enabling remote connections
postgresql 10:52:44.08 INFO  ==> Stopping PostgreSQL...
2020-08-23 10:52:44.088 GMT [68] LOG:  received smart shutdown request
2020-08-23 10:52:44.089 GMT [68] LOG:  background worker "logical replication launcher" (PID 75) exited with exit code 1
2020-08-23 10:52:44.090 GMT [70] LOG:  shutting down
2020-08-23 10:52:44.096 GMT [68] LOG:  database system is shut down
postgresql 10:52:45.09 INFO  ==> ** PostgreSQL setup finished! **

postgresql 10:52:45.11 INFO  ==> ** Starting PostgreSQL **
2020-08-23 10:52:45.124 GMT [1] LOG:  starting PostgreSQL 12.4 on x86_64-pc-linux-gnu, compiled by gcc (Debian 8.3.0-6) 8.3.0, 64-bit
2020-08-23 10:52:45.125 GMT [1] LOG:  listening on IPv4 address "0.0.0.0", port 5432
2020-08-23 10:52:45.125 GMT [1] LOG:  listening on IPv6 address "::", port 5432
2020-08-23 10:52:45.126 GMT [1] LOG:  listening on Unix socket "/tmp/.s.PGSQL.5432"
2020-08-23 10:52:45.135 GMT [116] LOG:  database system was shut down at 2020-08-23 10:52:44 GMT
2020-08-23 10:52:45.138 GMT [1] LOG:  database system is ready to accept connections

[javsalgar]

Hi,

We would need to check in more detail the cause of the issue. We test the chart in the major Kubernetes platforms and we don't see the issue. It would be great if you could share the permissions of the /bitnami/, /bitnami/postgresql and the /bitnami/postgresql/data folders to see the cause of the conflict.

[swapnilpotnis]

@javsalgar : Facing the same issue for one of my app. as well deployed via HELM. Following are its logs:

postgresql 17:09:01.22 WARN ==> Data directory is set with a legacy value, adapting POSTGRESQL_DATA_DIR... postgresql 17:09:01.22 WARN ==> POSTGRESQL_DATA_DIR set to "/bitnami/postgresql/data"!! postgresql 17:09:01.23 postgresql 17:09:01.24 Welcome to the Bitnami postgresql container postgresql 17:09:01.24 Subscribe to project updates by watching https://github.com/bitnami/bitnami-docker-postgresql postgresql 17:09:01.24 Submit issues and feature requests at https://github.com/bitnami/bitnami-docker-postgresql/issues postgresql 17:09:01.24 Send us your feedback at [email protected] postgresql 17:09:01.24 postgresql 17:09:01.26 INFO ==> ** Starting PostgreSQL setup ** postgresql 17:09:01.31 INFO ==> Validating settings in POSTGRESQL_* env vars.. postgresql 17:09:01.31 INFO ==> Loading custom pre-init scripts... postgresql 17:09:01.32 INFO ==> Initializing PostgreSQL database... mkdir: cannot create directory ‘/bitnami/postgresql’: Permission denied postgresql 17:09:01.35 INFO ==> Stopping PostgreSQL...

[javsalgar]

Hi,

It seems that you were doing an upgrade. Could you tell us from which version of the container you were upgrading and which are the storage provider you have configured in the cluster?

[swapnilpotnis]

StorageProvider is "local-storage" or "manual" as its an On-Prem k8s-cluster.
Bitnami-Postgresql Version:
Image: docker.io/bitnami/postgresql:11.8.0-debian-10-r57

[javsalgar]

Hi,

Could it be that this kind of storage provider does not work well with the fsGroup setting in Kubernetes? Could you try setting the valuevolumePermissions=true? This will launch an init container that should fix any permission issue

[cloudtrov]

Setting the fsGroup securityContext with latest bitnami image seems to work:

securityContext:
fsGroup: 0

[tuxpeople]

Same Problem here with docker-compose and bind mounts. Looks like if I change permissions on the folder beeing nmounted (which was automatically created by docker) to 777 the container is able to create its subfolder. Afterwards, changing the folders permission back works fine.

  postgresql:
    image: docker.io/bitnami/postgresql:11-debian-10
    container_name: harbor-db
    environment:
      - POSTGRESQL_PASSWORD=xxxxxxxxx
      - POSTGRESQL_DATABASE=registry
    volumes:
      - /opt/docker/compose/data/harbor/postgresql_data:/bitnami/postgresql
    networks:
      - harbor
    restart: always

[mirekphd]

Another and perhaps connected issue is hard-coded non-standard (not equal to 1000) user ID of 1001 used in bitnami:postgresql containers (the host folder mapped to the container for persisting Postgres data must be owned by user 1001).

[javsalgar]

Hi,

Note that our containers are meant to work with any random user ID. We configure them so they work in Openshift, were there is no fixed user id for the container. The only requisite is that the random user ID must belong to the root group.

[CarlosIVI]

root@k8s-masterdev01:~/yamlVolumeFiles# kubectl logs keycloak-postgresql-0 -n keycloak
postgresql 21:36:51.60
postgresql 21:36:51.60 Welcome to the Bitnami postgresql container
postgresql 21:36:51.61 Subscribe to project updates by watching https://github.com/bitnami/bitnami-docker-postgresql
postgresql 21:36:51.61 Submit issues and feature requests at https://github.com/bitnami/bitnami-docker-postgresql/issues
postgresql 21:36:51.61
postgresql 21:36:51.62 INFO  ==> ** Starting PostgreSQL setup **
postgresql 21:36:51.64 INFO  ==> Validating settings in POSTGRESQL_* env vars..
postgresql 21:36:51.65 INFO  ==> Loading custom pre-init scripts...
postgresql 21:36:51.65 INFO  ==> Initializing PostgreSQL database...
mkdir: cannot create directory ‘/bitnami/postgresql/data’: Permission denied

root@k8s:~/yamlVolumeFiles# kubectl get pvc -n keycloak
NAME                    STATUS   VOLUME                 CAPACITY   ACCESS MODES   STORAGECLASS       AGE
keycloak-postgres-pvc   Bound    keycloak-postgres-pv   10Gi       RWO            my-local-storage   9m

root@k8s:~/yamlVolumeFiles# kubectl describe pvc -n keycloak
Name:          keycloak-postgres-pvc
Namespace:     keycloak
StorageClass:  my-local-storage
Status:        Bound
Volume:        keycloak-postgres-pv
Labels:        <none>
Annotations:   pv.kubernetes.io/bind-completed: yes
Finalizers:    [kubernetes.io/pvc-protection]
Capacity:      10Gi
Access Modes:  RWO
VolumeMode:    Filesystem
Used By:       keycloak-postgresql-0
Events:        <none>

I have same issue on k8s, but im sure that the pod keycloak-postgres-pv is using the PVC, im actually running a multi-node cluster with kubeadm, i have 2 workers and 1 master node. I also have Docker as container runtime and calico as cni

[javsalgar]

It seems that you are using a local storage provider. Is it compatible with fsGroups?

[docktermj]

Based on renewed interest from others, I'm re-opening.

[javsalgar]

Hi!

I think that, for this case, the best option would be to use init containers in docker-compose, emulating the volumePermissions commands.

Find an example here docker/docs#12633 (comment)

[cdprete]

Hi!

I think that, for this case, the best option would be to use init containers in docker-compose, emulating the volumePermissions commands.

Find an example here docker/docker.github.io#12633 (comment)

I disagree :)
It's more an hack than a real solution. It's like "since we can't/don't want to fix it then apply this workaround here".
Also, I'm not using docker-compose but Rancher k3s.
This would mean to put an additional container in the pod just to workaround an issue in another container in the same pod. That's really ugly...

[javsalgar]

Note that, in that case, the container would need to have root privileges in order for chown operations to work. The containers are non-root and that's the main reason we rely on the volumePermissions init containers in the chart.

[cdprete]

Note that, in that case, the container would need to have root privileges in order for chown operations to work. The containers are non-root and that's the main reason we rely on the volumePermissions init containers in the chart.

Can't you just switch temporarily to root?
Like

USER root
RUN chown ...
USER jboss

[javsalgar]

But that's at the docker build level, not at runtime. I believe we're talking about using the container at runtime.

[cdprete]

But that's at the docker build level, not at runtime. I believe we're talking about using the container at runtime.

Yes. I didn't check the image definition honestly, so when do you the chown exactly?
If is part of the image definition (aka a RUN command), then I think it should be possible to do the switch as I was suggesting...

[javsalgar]

I think I'm not following in this case, what would we exactly want to achieve by doing a chown at the docker build level? Right now, it is configured so any random user that belongs to the root group works. If we perform a chown then it wouldn't work with random users.

[cdprete]

Right now, it is configured so any random user that belongs to the root group works.

Ok, I was not aware of this.

[batazor]

Are there ways to solve this problem?

[javsalgar]

@batazor could you provide more details of your configuration and the issue you are facing?

[github-actions]

This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.

[github-actions]

Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Issue. Do not hesitate to reopen it later if necessary.

[abhi10agarwal]

Hi, I am using a cluster-based environment and getting the below error while starting the Postgresql pod.

Storage mode - nfs-storage-class

 $ kubectl logs -n gss-qa postgres-lb-deployment-7b45c5f6f5-zb5c9

postgresql 07:32:23.80
postgresql 07:32:23.81 Welcome to the Bitnami postgresql container
postgresql 07:32:23.81 Subscribe to project updates by watching https://github.com/bitnami/bitnami-docker-postgresql
postgresql 07:32:23.81 Submit issues and feature requests at https://github.com/bitnami/bitnami-docker-postgresql/issues
postgresql 07:32:23.81
postgresql 07:32:23.83 INFO  ==> ** Starting PostgreSQL setup **
postgresql 07:32:23.85 INFO  ==> Validating settings in POSTGRESQL_* env vars..
postgresql 07:32:23.86 INFO  ==> Loading custom pre-init scripts...
postgresql 07:32:23.87 INFO  ==> Initializing PostgreSQL database...
mkdir: cannot create directory ‘/bitnami/postgresql/data’: Read-only file system

[abhi10agarwal]

The issue Read-only file system was resolved by properly setting up the NFS server and client configuration.

[jorgealziro]

Passing --set volumePermissions.enabled=true for the helm install command did it for me

[nate-benton90]

Passing --set volumePermissions.enabled=true for the helm install command did it for me

indeed. this worked for me using the following helm version: version.BuildInfo{Version:"v3.8.2", GitCommit:"6e3701edea09e5d55a8ca2aae03a68917630e91b", GitTreeState:"clean", GoVersion:"go1.17.5"}.

however, just for psa: using the following for values.yml instead (does the same thing in a different way)...

volumePermissions:
     enabled: true

more useful docs about the this postgres chart config

[marcusnh]

i'm experiencing this issue where I have permission denied for:

• harbor-redis
  

• harbor-trivy
  

• harbor-jobservice
  

• harbor-registry
  

It did not work with setting :
volumePermissions: enabled: true
is there a way to workaround this?

[jsemohub]

Similar issue when installing latest keycloak
helm install keycloak -n identity bitnami/keycloak --set volumePermissions.enabled=true -f values.yaml

NOTES:
CHART NAME: keycloak
CHART VERSION: 10.1.6
APP VERSION: 19.0.3

kubectl logs --all-containers=true -n identity keycloak-postgresql-0
postgresql 15:30:09.21
postgresql 15:30:09.21 Welcome to the Bitnami postgresql container
postgresql 15:30:09.21 Subscribe to project updates by watching https://github.com/bitnami/containers
postgresql 15:30:09.21 Submit issues and feature requests at https://github.com/bitnami/containers/issues
postgresql 15:30:09.22
postgresql 15:30:09.23 INFO ==> ** Starting PostgreSQL setup **
postgresql 15:30:09.25 INFO ==> Validating settings in POSTGRESQL_* env vars..
postgresql 15:30:09.26 INFO ==> Loading custom pre-init scripts...
postgresql 15:30:09.27 INFO ==> Initializing PostgreSQL database...
mkdir: cannot create directory ‘/bitnami/postgresql/data’: Permission denied

--set volumePermissions.enabled=true <-- didn't help

Any workaround for this?
Thank you in advance.

[klippo]

Similar issue when installing latest keycloak helm install keycloak -n identity bitnami/keycloak --set volumePermissions.enabled=true -f values.yaml

NOTES: CHART NAME: keycloak CHART VERSION: 10.1.6 APP VERSION: 19.0.3

kubectl logs --all-containers=true -n identity keycloak-postgresql-0 postgresql 15:30:09.21 postgresql 15:30:09.21 Welcome to the Bitnami postgresql container postgresql 15:30:09.21 Subscribe to project updates by watching https://github.com/bitnami/containers postgresql 15:30:09.21 Submit issues and feature requests at https://github.com/bitnami/containers/issues postgresql 15:30:09.22 postgresql 15:30:09.23 INFO ==> ** Starting PostgreSQL setup ** postgresql 15:30:09.25 INFO ==> Validating settings in POSTGRESQL_* env vars.. postgresql 15:30:09.26 INFO ==> Loading custom pre-init scripts... postgresql 15:30:09.27 INFO ==> Initializing PostgreSQL database... mkdir: cannot create directory ‘/bitnami/postgresql/data’: Permission denied

--set volumePermissions.enabled=true <-- didn't help

Any workaround for this? Thank you in advance.

Add it under postgresql in values.

postgresql:
  volumePermissions:
     enabled: true

This should also work --set postgresql.volumePermissions.enabled=true