Skip to content

Fix postgres StatefulSet crash under readOnlyRootFilesystem#7

Open
BryanR77 wants to merge 2 commits into
HellstromIT:mainfrom
BryanR77:main
Open

Fix postgres StatefulSet crash under readOnlyRootFilesystem#7
BryanR77 wants to merge 2 commits into
HellstromIT:mainfrom
BryanR77:main

Conversation

@BryanR77

@BryanR77 BryanR77 commented Jul 2, 2026

Copy link
Copy Markdown

The postgres container sets readOnlyRootFilesystem: true but never mounted a writable volume at /var/run/postgresql, so the official postgres image's entrypoint fails to create its Unix socket lock file on every start:

FATAL: could not create lock file
"/var/run/postgresql/.s.PGSQL.5432.lock": Read-only file system

Add an emptyDir volume mounted at /var/run/postgresql, matching the existing dshm pattern.

Bryan Rawlins added 2 commits July 2, 2026 08:44
The postgres container sets readOnlyRootFilesystem: true but never
mounted a writable volume at /var/run/postgresql, so the official
postgres image's entrypoint fails to create its Unix socket lock file
on every start:

  FATAL: could not create lock file
  "/var/run/postgresql/.s.PGSQL.5432.lock": Read-only file system

Add an emptyDir volume mounted at /var/run/postgresql, matching the
existing dshm pattern.
lookup-based persistence only works against a live cluster (helm
upgrade/install). GitOps controllers that render via `helm template`
(ArgoCD, Flux) always get an empty lookup result, so these two secrets
were regenerating on every render and forcing a server pod restart via
the checksum/secret annotation on every sync — same class of issue as
the existing postgres.auth.existingSecret / patchmon.jwt.secret escape
hatches, just missing for these two fields.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant