| From: | Albert Serrallé <albert(dot)serralle(at)adevinta(dot)com> |
|---|---|
| To: | "pgadmin-support lists(dot)postgresql(dot)org" <pgadmin-support(at)lists(dot)postgresql(dot)org> |
| Subject: | Pgadmin python executable requires extended capabilities |
| Date: | 2021-07-19 19:52:55 |
| Message-ID: | CACDjGi1oOPCRsW+E7nu88zBMKn5CB+LU71P11-A_tVO5OD9Log@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgadmin-support |
Hello all,
I'm trying to run pgadmin in a Kubernetes cluster with enforced Pod
Security Policies. Long story short, in the cluster, *none* of the Linux
capabilities are allowed.
The Dockerfile enables this for the python exec:
setcap CAP_NET_BIND_SERVICE=+eip /usr/bin/python3.8 && \
>
So the entrypoint.sh fails at startup time, as soon as it invokes the
python executable:
/entrypoint.sh: line 70: /venv/bin/python3: Operation not permitted
I removed this requirement creating a new Docker image with the following
definition:
FROM dpage/pgadmin4:5.5
> USER root
> RUN setcap -r /usr/bin/python3.8
> USER pgadmin
>
And then it boots without problem (using the 5050 port).
Do you think it makes sense to modify the main Dockerfile to avoid this
problem? Is there any other workaround that doesn't require creating a new
image?
Thanks.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dave Page | 2021-07-20 08:12:45 | Re: Pgadmin python executable requires extended capabilities |
| Previous Message | Fahar Abbas | 2021-07-19 10:37:23 | Re: postgreSQL connectivity issue |