In this blog post I want to point out a simple topic: How to run a simple PostgreSQL Docker image as a non-productive container in OpenShift? As you maybe know, OpenShift doesn’t allow by default to run container images as root.
The image below shows the result of the simply deployed postgreSQL image from dockerhub.
But, in this blog post we choose an alternative way, where we don’t change the security in OpenShift, here we will customize the postgreSQL Docker image a bit. We will follow the steps to create a postgreSQL database on OpenShift, along the creation of the database called postgreSQL database-articles for the Cloud Native Starter reactive example .
These are the major steps:
- Write the specifications and configurations for:
- Execute the oc CLI commands to:
Specifications and configurations
In the content of the
Dockerfile below you see, that it specifies a non-root user and group. The user is called
non-root-postgres-user. That user get’s all access rights to the
/temp folder to create the needed database files in the container. To run the container later as non root we change the user for the execution to the
FROM postgres:12 # Create the needed temp file before the first postgreSQL execution RUN mkdir temp # Create group and user RUN groupadd non-root-postgres-group RUN useradd non-root-postgres-user --group non-root-postgres-group # Set user rights to allow the on-root-postgres-user # to access the temp folder RUN chown -R non-root-postgres-user:non-root-postgres-group /temp RUN chmod 777 /temp # Change to non-root privilege USER non-root-postgres
The Kubernetes Deployment and Kubernetes Service specification
In the Deployment and Service specification for OpenShift we need to define the name for the Pod and Service. As you see in the yaml extract below the name is database-articles, that’s needed by our Cloud Native Starter example application. The needed
env settings for the
postgreSQL container to create the database in the container are defined in the
spec.template.spec.container.env Deployment section of the yaml.
You find the definition for that environment configuration in the postgreSQL Docker image on dockerhub.
apiVersion: apps/v1 kind: Deployment metadata: labels: app: database-articles name: database-articles namespace: postgres spec: selector: matchLabels: app: database-articles template: metadata: labels: app: database-articles spec: containers: - env: - name: POSTGRES_DB value: postgres - name: POSTGRES_USER value: postgres - name: POSTGRES_PASSWORD value: postgres - name: PGDATA value: /temp/data image: image-registry.openshift-image-registry.svc:5000/postgres/build-postgres:latest imagePullPolicy: Always name: postgres ports: - containerPort: 5432 protocol: TCP resources: limits: cpu: 60m memory: 512Mi requests: cpu: 30m memory: 128Mi restartPolicy: Always --- apiVersion: v1 kind: Service metadata: labels: app: database-articles name: database-articles namespace: postgres spec: ports: - name: http port: 5432 protocol: TCP selector: app: database-articles
Deploy postgreSQL with the oc CLI commands
- To separate the postgreSQL database from the Cloud Native Starter example application, we create an additional project called
oc new-project postgres
- Then we create a OpenShift build configuration. The name of the configuration is
build-postgres. The reason why we don’t use the same name as for the Deployment and Service, you remember the name is database-articles, is: later we maybe want to automate the deployment to OpenShift with a bash script and it that bash script we will use grep and awk to verify the oc CLI outputs to get the status of the deployment.
oc new-build --name build-postgres --binary --strategy docker
- Now it’s time to start the build and then directly apply the Kubernetes Deployment and a Kubernetes Service specification in the
oc start-build build-postgres --from-dir=. oc apply -f ./postgres-oc.yaml
- The last step is to expose the service, so that we can access our database with our sample application.
oc expose svc/database-articles
In the following gif you see the result of the steps above in a OpenShift cluster on IBM Cloud.
I hope this was useful for you and let’s see what’s next?
#IBMDeveloper, #IBMCloud, #postgreSQL, #OpenShift , #container, #docker