PostgreSQL pods show CreateContainerConfigError

The EnterpriseDB (EDB) PostgreSQL ClusterServiceVersion (CSV) and deployment fail to run on an Amazon Elastic Kubernetes Service (EKS) cluster.


You see an error message similar to the following message:

  - image:
    imageID: ""
    lastState: {}
    name: manager
    ready: false
    restartCount: 0
    started: false
        message: 'container has runAsNonRoot and image has non-numeric user (nonroot),
          cannot verify user is non-root (pod: "postgresql-operator-controller-manager-1-18-4-5d5c48fc7-c92z9_ibm-common-services(be9f0916-87b9-4871-a244-b162e50cb32f)",
          container: manager)'
        reason: CreateContainerConfigError


The PostgreSQL container sets securityContext.runAsNonRoot: true, which requires that the container runs with a user with any UID other than 0. The container image does have a user with a non-numeric name. However, Kubernetes is unable to verify that the user is not a root user.


Patch the PostgreSQL CSV and deployment to set securityContext.runAsUser: 1001.

  1. Create an environment variable with your PostgreSQL operator namespace.

  2. Get the PostgreSQL CSV name.

     edb_csv=$(kubectl -n ${namespace} get csv -l${namespace}="" -o name)
  3. Patch the CSV with a numeric user.

     kubectl -n ${namespace} patch $edb_csv  --type=json -p '[{"op":"add","path":"/spec/install/spec/deployments/0/spec/template/spec/securityContext/runAsUser","value":1001}]'
  4. Get the PostgreSQL deployment name.

     edb_deployment=$(kubectl -n ${namespace} get deployment -l${namespace}="" -o name)
  5. Patch the deployment with a numeric user.

     kubectl -n ${namespace} patch $edb_deployment  --type=json -p '[{"op":"add","path":"/spec/template/spec/securityContext/runAsUser","value":1001}]'