Make RoleBinding for Postgres ServiceAccount Work #88
Comments
eberlep
added a commit
that referenced
this issue
Apr 25, 2024
eberlep
added a commit
that referenced
this issue
Jun 28, 2024
* Bump controller-runtime * Fix metricsserver BindAddress * ... * Use same keys for logging in both reconcilers * Use common ns key in operatormanager as well * Add keys in lbmanager as well * Use both keys * Revert "Use both keys" This reverts commit d66c243. * Pass along logger * key naming * Logging * Logging * Logging * Logging * Logging * Logging * Logging * Logging * Logging * Set RequeueAfter * Logging * Logging * Logging * Logging * Logging * Add delay for requeueing * Add privileged label for initial development * operator-update step 1: bump version * operator update step 2: make svc-postgres-operator-yaml * operator update step 3: check config * operator update: update securityContext * Update YAML * Update YAML * Update securityContext of initDBJob * Add TODO * Add securityContext to etcd * Add runAsUser * Disable readonly filesystem * Update backup-restore-sidecar (and etcd) * Update etcd configMap * Revert "Set RequeueAfter" This reverts commit bdd9df0. * #88 Use default serviceAccount * Update existing namespaces with new label * Rename, logging and cleanup * (Temporarily) removing call to patroni for testing * Update to latest v0.16.x bugfix release * Add option for patroni failsafe mode (for e.g. when using K8s as DCS) * Change name again (fix for old cert-manager versions) * Revert "Change name again (fix for old cert-manager versions)" This reverts commit 9a5e7d6. * Set to nil when not needed (so it will actually be removed from the CR) * Sync mode reloaded (#572) * Check patronic config and only update if neccessary * Refactoring * ... * Refactoring * Fix linter warnings * Fix linter warning * Delay requeue by 10 secs * Check before updating standby configs as well * Improve logging * Improve logging * Improve logging * Fix check for SynchronousNodesAdditional * Fix comparison, improve logging * Additional nil check... * Test different execution order for primaries and standbies * Revert "Test different execution order for primaries and standbies" This reverts commit 3f57b1c. * Logging * Refactoring * Make requeue duration configurable * Rename variable * Add additional check (but only log the result for now) * Only requeue when REST call was successful * Fix linter errors * Set to nil when not needed (so it will actually be removed from the CR) * Only set the params required for sync replication and leave the rest to the postgres operator * Remove unneccessary code * logging * Remove unused code * Fix logic * Update logic * Revert "Remove unused code" This reverts commit 7e525ec. * Revert "Remove unneccessary code" This reverts commit 00cc28f. * Update previously reverted code * Set all values when paching * Logging * Back to status quo: set the whole config * typo * Logging * Remove TODOs after review * Simplify
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It seems I can't get the RoleBinding of the
postgres-podServiceAccount to thepostgres-podClusterRole to work. This is, however, neccessary for us so that our updated PodSecurityPolicy takes effect.We have updated the ClusterRole
postgres-pod:The default RoleBinding (as taken from the operator's log) should be sufficient (and does indeed work if I apply it manually):
However, when the operator gets deployed an the postgres cluster is being created, the pods fail to start due to a lack of
persistentVolumeClaimpermissions, and no RoleBinding for the ServiceAccountpostgres-podexists.There are several routes to take here:
The text was updated successfully, but these errors were encountered: