Fix postgres StatefulSet crash under readOnlyRootFilesystem#7
Open
BryanR77 wants to merge 2 commits into
Open
Conversation
added 2 commits
July 2, 2026 08:44
The postgres container sets readOnlyRootFilesystem: true but never mounted a writable volume at /var/run/postgresql, so the official postgres image's entrypoint fails to create its Unix socket lock file on every start: FATAL: could not create lock file "/var/run/postgresql/.s.PGSQL.5432.lock": Read-only file system Add an emptyDir volume mounted at /var/run/postgresql, matching the existing dshm pattern.
lookup-based persistence only works against a live cluster (helm upgrade/install). GitOps controllers that render via `helm template` (ArgoCD, Flux) always get an empty lookup result, so these two secrets were regenerating on every render and forcing a server pod restart via the checksum/secret annotation on every sync — same class of issue as the existing postgres.auth.existingSecret / patchmon.jwt.secret escape hatches, just missing for these two fields.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The postgres container sets readOnlyRootFilesystem: true but never mounted a writable volume at /var/run/postgresql, so the official postgres image's entrypoint fails to create its Unix socket lock file on every start:
FATAL: could not create lock file
"/var/run/postgresql/.s.PGSQL.5432.lock": Read-only file system
Add an emptyDir volume mounted at /var/run/postgresql, matching the existing dshm pattern.