cmarteepants commented on issue #36696: URL: https://github.com/apache/airflow/issues/36696#issuecomment-1920025550
Postgres is a subchart, and is only there for convenience only. We strongly do not recommend that you use the postgresql chart for anything other than a POC. According to the[ bitnami postgres chart readme](https://github.com/bitnami/charts/tree/main/bitnami/postgresql#differences-between-bitnami-postgresql-image-and-docker-official-image), you need to do the following for Openshift 4.11+: > For OpenShift 4.11 and higher, let set OpenShift the runAsUser and fsGroup automatically. Configure the pod and container security context to restrictive defaults and disable the volume permissions setup: primary. podSecurityContext.fsGroup=null,primary.podSecurityContext.seccompProfile.type=RuntimeDefault,primary.containerSecurityContext.runAsUser=null,primary.containerSecurityContext.allowPrivilegeEscalation=false,primary.containerSecurityContext.runAsNonRoot=true,primary.containerSecurityContext.seccompProfile.type=RuntimeDefault,primary.containerSecurityContext.capabilities.drop=['ALL'],volumePermissions.enabled=false,shmVolume.enabled=false It may not work due to a [helm bug](https://github.com/helm/helm/issues/12637) with nulls and subcharts, but here are the values you will need to override: ``` postgresql: primary: podSecurityContext: fsGroup: null seccompProfile: type: RuntimeDefault containerSecurityContext: runAsUser: null allowPrivilegeEscalation: false runAsNonRoot: true seccompProfile: type: RuntimeDefault capabilities: drop: - ALL volumePermissions: enabled: false shmVolume: enabled: false ``` If you're running into the helm bug, your only other option is to download the chart and subchart, and edit the subchart values directly. Since Airflow itself is compatible with Openshift, I will be closing the issue. Good luck! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
