问题

KeyCloack操作员/PotGressQL拒绝了

  • 2020年12月14日
  • 1回复
  • 793意见
C

大家好,

我使用KeyCloak操作员在Karbon上的简单Kubernetes群集上安装了一些麻烦

基本上,发生的事情是,当我安装新的KeyCloak时,PostGressQL无法正常运行,因为它没有权限在/var/lib/pgsql/data/userdata上创建新目录

据我了解,问题与SecurityContext有关,即使Postgres运行始终使用用户26,也未设置为Postgres部署(如下所示:https://catalog.redhat.com/software/containers/rhscl/postgresql-10-rhel7/5AA63541AC3DB95F196086F1?container-tabs = dockerfile

我不得不做很多解决方法才能使它起作用,最后,我通过手动配置安全性上下文来成功完成:

SecurityContext:

FSGroup:26

Runasuser:26

是否有可能通过操作员设置安全环境?如果没有,您可以指出我的正确解决方案是什么?

    Hello everyone,\u00a0<\/p>

    \u00a0<\/p>

    I'm having some trouble using the keycloak operator installing on a simple Kubernetes Cluster on Karbon<\/p>

    \u00a0<\/p>

    Basically, what happens is that when I install a new Keycloak, the PostgresSQL is not able to run properly because it does not have permissions to create a new directory on \/var\/lib\/pgsql\/data\/userdata<\/p>

    \u00a0<\/p>

    As far as I understood, the problem is related to the securityContext which is not set to the postgres deployment even if Postgres runs always using user 26 (as can be noted here: https:\/\/catalog.redhat.com\/software\/containers\/rhscl\/postgresql-10-rhel7\/5aa63541ac3db95f196086f1?container-tabs=dockerfile<\/a>)<\/p>

    \u00a0<\/p>

    I had to do a lot of workarounds to make it work, and finally I succeded by configuring manually the security context as follows:<\/p>

    \u00a0<\/p>

    securityContext:<\/p>

    \u00a0 fsGroup: 26<\/p>

    \u00a0 runAsUser: 26<\/p>

    \u00a0<\/p>

    There is any possibility to set the security context via the operator? if not, can you please point me out what is the correct solution to apply?<\/p>","quoteUsername":"Cecia","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">

    1回复

    vshuguet
    秩
    Userlevel 1
    徽章 +4

    你好 @cecia,,,,

    欢迎来到Karbon Clusters社区!

    您上面提到的问题看起来并不是针对Karbon Clusters部署的Kubernetes群集的特定问题。

    据我所知,您应该能够通过运算符清单中的这些设置(整个SecurityContext YAML块)(整个SecurityContext YAML块)(您通过“ Kubectl -f Apply”应用的YAML文件来创建该操作员对象),这是操作员捡起它并纪念环境。

    希望能帮助到你,

    此致,

    Sylvain Huguet

    产品经理-Karbon Clusters&Kubernetes @ nutanix
    Hello @Cecia<\/user-mention>\u00a0,<\/p>

    Welcome to the Karbon Clusters community!<\/p>

    The issue you mention above doesn\u2019t look like it would be specific to a Kubernetes cluster deployed by Karbon Clusters.<\/p>

    As far as I know, you should be able to pass those settings (the whole securityContext YAML block) in the Operator manifest (the YAML file you apply via \u201ckubectl -f apply\u201d to create that Operator object) and it is the job of the Operator to pick it up and honor the setting.<\/p>

    Hope it helps,<\/p>

    Best regards,<\/p>

    Sylvain Huguet<\/p>","quoteUsername":"vshuguet","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">

    回复


    条款和条件
    Learn more about our cookies.<\/a>","cookiepolicy.button":"Accept cookies","cookiepolicy.button.deny":"Deny all","cookiepolicy.link":"Cookie settings","cookiepolicy.modal.title":"Cookie settings","cookiepolicy.modal.content":"We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.<\/a>","cookiepolicy.modal.level1":"Basic
    Functional","cookiepolicy.modal.level2":"Normal
    Functional + analytics","cookiepolicy.modal.level3":"Complete
    Functional + analytics + social media + embedded videos"}}}">
    Baidu