Origin: Can't deploy postgres image from Docker Hub

Created on 2 Aug 2017  路  6Comments  路  Source: openshift/origin

When I tring to deploy postgres which I downloaded from Docker Hub, I got below error, but there is not such issue if I just use Docker engine to run it.
initdb: could not look up effective user ID 1000040000: user does not exist

Version

Mac OS Sierra Version 10.12.6
oc version v1.5.1+7b451fc
docker version 17.06.0-ce

Steps To Reproduce
  1. oc cluster up
  2. Deploy postgres image from Docker hub
Current Result

initdb: could not look up effective user ID 1000040000: user does not exist

Expected Result

The app/image should deploy properly and postgres DB is available for use

Additional Information

Please let me know if you need more information

areusability kinquestion prioritP3
Source
picture kunallimaye

Most helpful comment

Yes, it should be possible. In this case you should use different service accounts that will have different access to SCCs.

For example, you may use redhat postgres image with default service account but for an image from dockerhub you should create another service account, modify serviceAccount field in pod spec to use this new SA and grant access to anyuid SCC to this SA.

Here is a link to docs: https://docs.openshift.org/latest/admin_guide/manage_scc.html#grant-a-service-account-access-to-the-privileged-scc

picture php-coder on 7 Aug 2017
👍3

All 6 comments

You cannot run this Docker Hub image on OpenShift without modification. Just use the official OpenShift supported Postgres Image: https://docs.openshift.org/latest/using_images/db_images/postgresql.html

tobru picture tobru on 2 Aug 2017

I'd try to run the image under root user by granting access to the anyuid SCC: https://docs.openshift.org/latest/admin_guide/manage_scc.html#enable-dockerhub-images-that-require-root

php-coder picture php-coder on 2 Aug 2017

@kunallimaye official docker images run as root which is (still) considered as insecure and OpenShift sets a defaults to forbid that (unless you explicitly enable that using what @php-coder mentioned).

mfojtik picture mfojtik on 2 Aug 2017

closing based on above answers

pweil- picture pweil- on 3 Aug 2017

Is there a way to deploy the two kinds of docker images in one cluster project? i.e.
images postgres from Docker hub and registry.access.redhat.com/rhscl/postgresql-95-rhel7
With command: _oc adm policy add-scc-to-user anyuid -z default_ Docker hub postgres image can be deployed successfully but error for redhat image.
without the command, redhat postgres image can be deployed successfully but error from Docker hub image.

stararks picture stararks on 7 Aug 2017

Yes, it should be possible. In this case you should use different service accounts that will have different access to SCCs.

For example, you may use redhat postgres image with default service account but for an image from dockerhub you should create another service account, modify serviceAccount field in pod spec to use this new SA and grant access to anyuid SCC to this SA.

Here is a link to docs: https://docs.openshift.org/latest/admin_guide/manage_scc.html#grant-a-service-account-access-to-the-privileged-scc

php-coder picture php-coder on 7 Aug 2017
👍3
Was this page helpful?
0 / 5 - 0 ratings

Related issues

crobby picture crobby  路  4Comments
thincal picture thincal  路  5Comments
thescouser89 picture thescouser89  路  3Comments
nicolaferraro picture nicolaferraro  路  3Comments
warmchang picture warmchang  路  4Comments