Harbor database image incompatible with Harbor Helm chart
Summary
When running Go Harbor's Helm chart, the harbor-db
fails to deploy. Upstream goharbor/harbor-db
works.
Steps to reproduce
Substitute the IB image into the Helm chart listed above and deploy to a cluster.
What is the current bug behavior?
The harbor-db
pod fails to deploy with a permission error in the logs (see below). In addition, it fails to execute liveness/readiness probes due to missing .sh scripts.
What is the expected correct behavior?
harbor-db
runs as user/group 999:999
and is able to write to /var/run/postgres
. It runs docker-entrypoint.sh, which initializes the database. It runs
docker-healthcheck.sh` successfully as the readiness probe and becomes ready.
Relevant logs and/or screenshots
database chmod: changing permissions of '/var/run/postgresql': Operation not permitted
database
database PostgreSQL Database directory appears to contain a database; Skipping initialization
database
database 2022-04-01 18:41:32.116 UTC [1] LOG: starting PostgreSQL 12.9 on x86_64-pc-linux-gnu, compiled by gcc (GCC) 8.5.0 20210514 (Red Hat 8.5.0-4), 64-database 2022-04-01 18:41:32.116 UTC [1] LOG: listening on IPv4 address "0.0.0.0", port 5432 database 2022-04-01 18:41:32.116 UTC [1] LOG: listening on IPv6 address "::", port 5432 database 2022-04-01 18:41:32.118 UTC [1] FATAL: could not create lock file "/var/run/postgresql/.s.PGSQL.5432.lock": Permission denied database 2022-04-01 18:41:32.119 UTC [1] LOG: database system is shut down
Possible fixes
- The base image uses uid:guid
26:26
for thepostgres
user. Since the Helm chart and upstream image use999:999
for thepostgres
user, the permissions are not transferrable. Add a command in the Dockerfile forusermod
andgroupmod
to change the uid/gid to999:999
for the postgres user. - From the
goharbor/harbor-db
image, copydocker-healthcheck.sh
script to the IB image.
Tasks
-
Bug has been identified and corrected within the container
Edited by Michael McLeroy