Replies: 3 comments 1 reply
-
|
Hi @ikke-t, very interesting contribution! Question:Did you check with the latest docker container? There is only 1 job running (either LB or cron, depending on how you run the container). When running LB, it is no longer running as Comment:When looking at the Dockerfile and entrypoint, I have the feeling that there are many things that are not done in the example you gave, but I could be wrong... |
Beta Was this translation helpful? Give feedback.
-
|
Thanks, I gave a try for the provided container. I can try it later again at some point. Like said, I'd need to override the apache port, and change some file permissions to get it work with random uid. Perhaps it would be easier if I do it now once I have familiarized more with LB. And yes, this method doesn't do any of the initialization bits the LB provided container does. The s2i tool builds the php stuff, and when not in build phase, it just runs it. Its a generic tooling to build and run any generic php app. |
Beta Was this translation helpful? Give feedback.
-
|
Now that I am back at the laptop, I gave another shot for the provided debian image. With some extra settings it works now. I did these modifications to configs:
It seems to work fine. I wish the container image would get changed to not need these workarounds. It would require changing the port to 8080, and making the directories librebooking needs to write owned by group root, and to allow group to write there: The apache change is in the following ports.conf file. So all of the above applies, but replace deployment with the below one, and add the following ServiceAccount with rolebinding. ServiceAccount---
apiVersion: v1
kind: ServiceAccount
metadata:
name: librebooking
namespace: librebookingRoleBinding---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: sa-to-scc-anyuid
namespace: librebooking
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:openshift:scc:anyuid
subjects:
- kind: ServiceAccount
name: librebooking
namespace: librebookingChange apache port---
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/name: librebooking
name: ports
namespace: librebooking
data:
ports.conf: |
Listen 8080
000-default.conf: |
<VirtualHost *:8080>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>Deployment for the debian imageapiVersion: apps/v1
kind: Deployment
metadata:
annotations:
name: librebooking-debian
namespace: librebooking
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app: librebooking
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
annotations:
labels:
app: librebooking
spec:
containers:
- image: docker.io/librebooking/librebooking:4.0.0
imagePullPolicy: IfNotPresent
name: librebooking-app
ports:
- containerPort: 8080
protocol: TCP
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /config
name: config
subPath: config
- mountPath: /var/www/html/Web/uploads/images
name: images
- mountPath: /var/www/html/config/Web/uploads/reservation
name: reservation
- mountPath: /etc/apache2/ports.conf
name: ports
subPath: ports.conf
- mountPath: /etc/apache2/sites-enabled/000-default.conf
name: site
subPath: 000-default.conf
- mountPath: /var/www/html/config/config.dist.php
name: librebooking
subPath: config
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext:
runAsGroup: 33
runAsUser: 33
serviceAccount: librebooking
serviceAccountName: librebooking
terminationGracePeriodSeconds: 30
volumes:
- name: config
persistentVolumeClaim:
claimName: config
- name: images
persistentVolumeClaim:
claimName: images
- name: reservation
persistentVolumeClaim:
claimName: reservation
- configMap:
defaultMode: 420
name: ports
name: ports
- configMap:
defaultMode: 420
name: ports
name: site
- configMap:
defaultMode: 420
name: librebooking
name: librebookingThat's it, now it runs. If the Dockerfile changes for permission and ports get done one day, you don't need to do the ports ConfigMap, SA, RoleBinding parts. But it works with this no problem, for production I'd fix the Dockerfile for those in name of security so that it's harder to get to memory pages as each container runs in different uid. If I was running production, I'd also probably add supercronic cron which works better with kube. Anyhow, thanks for the Docker image, it's excellent to have it! |
Beta Was this translation helpful? Give feedback.
-
|
I'll now close this discussion as the LB container got enhanced to work without port and permissiom tricks. There is simplified setup available at container docs: https://github.com/LibreBooking/docker/tree/master/.examples/kubernetes |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
I thought I share my experience for the next one since I saw the effort creating environment on OpenShift kubernetes. Difference to provided docker compose is that there are additional system requirements for security:
I also took some time to try go around the requirements to get the provided container image working, but run into trouble after trouble, so I just write summary of an easier way.
I did not set mariadb in here as I use existing one. Also I don't need http reverse proxy, as I use kube ingress.
My kube is microshift on raspberry pi4, kube v1.33.5
Building the container
** UPDATE 2026-1-12: This is not needed. Skip forward and read the instructions for using the provided debian image. **
First I used s2i image to build myself Red Hat maintained php apache image including LB with the following Containerfile. Benefit is it has all the permissions and such preconfigured. It is also quite customizeable via environment parameters. For prod this should be done as two step build to get tiny runtime container. I don't need such for now.
More info about the image
After cloning the git repo to app directory, I build the container using podman, docker would work too:
Create kube objects for the following
Use
kubectl create -ffor the following yaml filesConfiguration
Take the config-dist.php and copy it into below file. Follow LB instructions for options.
Storage
This saves uploads. For some reason favicon and logo are stored elsewhere. Until I figure out where I loose the logo at restart. Ideas welcome 😁.
Service
Here you can define the load-balancing options.
Route
I use the OpenShift default ingress router.
Deployment
Here I launch the container. It maps the config.php from the above config map.
ToDo
As this is just a playground until I know if we will use LB, I didn't do the above.
Beta Was this translation helpful? Give feedback.
All reactions