Pgbouncer - pod creation fail on Openshift cluster

[ssteczek]

• Which image of the operator are you using? registry.opensource.zalan.do/acid/postgres-operator:v1.8.2
• Where do you run it - cloud or metal? Kubernetes or OpenShift? Openshift - on-prem cluster
• Are you running Postgres Operator in production? no
• Type of issue? question

Hello.

We have been trying to set up a postgres-operator cluster on Openshift. Postgres cluster (statefulset) is created and all pods are running properly. But pgbouncer pods don't want to start.

Pgbouncer pod logs show following message:

+ '[' pooler '=' postgres ]
+ openssl req -nodes -new -x509 -subj '/CN=spilo.dummy.org' -keyout /etc/ssl/certs/pgbouncer.key -out /etc/ssl/certs/pgbouncer.crt
Generating a RSA private key
.......................+++++
...............................................+++++
writing new private key to '/etc/ssl/certs/pgbouncer.key'
req: Can't open "/etc/ssl/certs/pgbouncer.key" for writing, Permission denied

Did someone have the same problem and managed to find a solution? If so - what configuration/changes needs to be applied in order to enable pgbouncer pods? Thanks in advance for answers!

Below code describes configuration we used to deploy postgres-operator:

• postgres-operator deployed via Helm Chart. Values.yml file contents: https://gist.github.com/ssteczek/b18d4a005755e81439bb9d4a281ae6ce
• cluster manifest contents: https://gist.github.com/ssteczek/df4b1fee768947850163a1be3dfb13c2
• RBAC configuration is created using operator-service-account-rbac-openshift.yaml from Github repository: https://github.com/zalando/postgres-operator/blob/master/manifests/operator-service-account-rbac-openshift.yaml