我正在尝试在OpenShift集群中运行一个pgAdmin容器(我正在使用的那个来自here),我没有管理员权限,并且管理员不希望允许容器以root身份运行,出于安全原因。
我目前收到的错误如下:
Error with Standard Image我创建了一个Dockerfile,根据上面链接的图像提前创建该目录,我收到此错误:
Error with Edited Image有没有办法在OpenShift中运行pgAdmin?我希望能够让DB管理员登录到pgAdmin的实例并从那里配置数据库,而无需使用OpenShift CLI和端口转发。当我使用该方法时,端口转发连接会非常频繁地丢失。
EDIT1
有没有办法我可以编辑Dockerfile上找到的entrypoint.sh和pgAdmin's github文件?
Aaditi:
看起来这是pgAdmin的错误......:/
https://www.postgresql.org/message-id/15470-c84b4e5cc424169d%40postgresql.org
投票
如果您通过Dockerfile创建一个pgadmin用户,并且授予它写入/var/log/pgadmin的权限,这可能会有效。
您可以使用RUN命令在Dockerfile中创建用户;这样的事情:
# Create pgadmin user
ENV_HOME=/pgadmin
RUN mkdir -p ${HOME} && \
mkdir -p ${HOME}/pgadmin && \
useradd -u 1001 -r -g 0 -G pgadmin -d ${HOME} -s /bin/bash \
-c "Default Application User" pgadmin
# Set user home and permissions with group 0 and writeable.
RUN chmod -R 700 ${HOME} && chown -R 1001:0 ${HOME}
# Create the log folder and set permissions
RUN mkdir /var/log/pgadmin && \
chmod 0600 /var/log/pgadmin && \
chown 1001:0 /var/log/pgadmin
# Run as 1001 (pgadmin)
USER 1001
调整你的pgadmin安装,使其运行为1001,我认为你应该设置。
投票
我已经回答了类似问题的本地安装OSError: [Errno 13] Permission denied: '/var/lib/pgadmin'
对于泊坞窗图像,您可以使用环境变量映射/pgadmin4/config_local.py,在Mapped Files and Directories上检查https://hub.docker.com/r/dpage/pgadmin4/部分
投票
默认情况下,打开切换doesn't allow to run containers with root privilege,您可以将Security Context Constraints (SCC)添加到用户anyuid,以用于部署容器的项目。
为项目添加SCC:
$ oc adm policy add-scc-to-user anyuid system:serviceaccount:<your-project>:default
scc "anyuid" added to: ["system:serviceaccount:data-base-administration:default"]
$ oc get scc
NAME PRIV CAPS SELINUX RUNASUSER FSGROUP SUPGROUP PRIORITY READONLYROOTFS VOLUMES
anyuid false [] MustRunAs RunAsAny RunAsAny RunAsAny 10 false [configMap downwardAPI emptyDir persistentVolumeClaim projected secret]
PGAdmin部署:
$ oc describe pod pgadmin4-4-fjv4h
Name: pgadmin4-4-fjv4h
Namespace: data-base-administration
Priority: 0
PriorityClassName: <none>
Node: host/IP
Start Time: Mon, 18 Feb 2019 23:22:30 -0400
Labels: app=pgadmin4
deployment=pgadmin4-4
deploymentconfig=pgadmin4
Annotations: openshift.io/deployment-config.latest-version=4
openshift.io/deployment-config.name=pgadmin4
openshift.io/deployment.name=pgadmin4-4
openshift.io/generated-by=OpenShiftWebConsole
openshift.io/scc=anyuid
Status: Running
IP: IP
Controlled By: ReplicationController/pgadmin4-4
Containers:
pgadmin4:
Container ID: docker://ID
Image: dpage/pgadmin4@sha256:SHA
Image ID: docker-pullable://docker.io/dpage/pgadmin4@sha256:SHA
Ports: 80/TCP, 443/TCP
Host Ports: 0/TCP, 0/TCP
State: Running
Started: Mon, 18 Feb 2019 23:22:37 -0400
Ready: True
Restart Count: 0
Environment:
PGADMIN_DEFAULT_EMAIL: secret
PGADMIN_DEFAULT_PASSWORD: secret
Mounts:
/var/lib/pgadmin from pgadmin4-1 (rw)
/var/run/secrets/kubernetes.io/serviceaccount from default-token-74b75 (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
pgadmin4-1:
Type: EmptyDir (a temporary directory that shares a pod's lifetime)
Medium:
default-token-74b75:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-74b75
Optional: false
QoS Class: BestEffort
Node-Selectors: node-role.kubernetes.io/compute=true
Tolerations: <none>
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 51m default-scheduler Successfully assigned data-base-administration/pgadmin4-4-fjv4h to host
Normal Pulling 51m kubelet, host pulling image "dpage/pgadmin4@sha256:SHA"
Normal Pulled 51m kubelet, host Successfully pulled image "dpage/pgadmin4@sha256:SHA"
Normal Created 51m kubelet, host Created container
Normal Started 51m kubelet, host Started container
