Troubleshooting | pgadmin in Kubernetes – mount Permission denied

If you are using Docker, or for this matter Kubernetes, you would need to mount a host folder into your container to store your data persistently. For pgadmin, you would like to persistently save the database, which holds all metadata and is per default located in pgadmin under /var/lib/pgadmin.

Given a PVC called pgadmin-data, you are most likely to deploy pgadmin in Kubernetes with the following yaml configuration.

apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2
kind: Deployment
metadata:
  name: pgadmin-deploy
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: pgadmin
    spec:
      containers:
        - image: dpage/pgadmin4:5.3
          name: pgadmin
          ports:
          - containerPort: 80
            name: http
            protocol: TCP
          volumeMounts:
            - name: pgadmin-data
              mountPath: /var/lib/pgadmin
      volumes:
        - name: pgadmin-data
          persistentVolumeClaim:
            claimName: pgadmin-data

However you will likely encount the following error: Permission denied: ‘/var/lib/pgadmin/sessions’

This happens because, when you mount a PVC, it is per default mounted under root. However the pgadmin/dpage image runs as pgadmin User with the UID:GI of 5050:5050, which is why you will get an error message, trying to acces that folder.

A workaround could be, by initializing an initContainer first, which changes the permission of the specific folder to the appropriate one .

      initContainers:
- name: pgadmin-init
image: alpine
args: [ "sh", "-c", "chown 5050:5050 /var/lib/pgadmin " ]
volumeMounts:
- name: pgadmin-data
mountPath: /var/lib/pgadmin

In this this github issue it is suggested, that you could create a custom storageclass, which has specific mountoptions. However the oracle cloud, with which i had to work with, did not support mountoptions.

There also appears to be a solution setting fsgroup in the SecurityContext, but at this point i can not say for sure, whether this is helpful for the problem at hand (see stackoverflow)

Leave a Comment

Your email address will not be published.