Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

openshift: improve compatibility #131

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

openshift: improve compatibility #131

wants to merge 1 commit into from

Conversation

blazdivjak
Copy link

@blazdivjak blazdivjak commented Apr 12, 2019
edited
Loading

This pull request includes updates for Openshift compatibility.

Tested:

  • Openshift 3.11
  • Kubernetes v1.10.11

Includes:

  • update container image permissions and user handling
  • update helm chart deployment docs
  • add security context related docs to Helm chart values

Container images: https://hub.docker.com/r/blazdivjak/docker-vernemq

@blazdivjak
openshift: improve compatibility
1e664e1 
- update container image permissions and user handling
- add security context related docs to Helm chart values
- update helm chart deployment docs
@blazdivjak blazdivjak mentioned this pull request Apr 12, 2019
Closed
@dergraf
Copy link
Contributor

dergraf commented May 15, 2019

@blazdivjak Sorry for the delay, but thanks for the contribution. To be honest we don't know a lot about Openshift, maybe others from the community could step in to review this.
cc @drf @francois-travais @codeadict

@loldiges
Copy link

I like the changes you did. I did not use helm or the deployments but your changes to the Dockerfiles work perfectly and deploy on Openshift without root or any other extra-permissions.
I will not add a review and leave this to the contributers mentioned above.

dergraf
dergraf reviewed Jul 2, 2019
View reviewed changes
Dockerfile.alpine
@@ -54,9 +54,21 @@ EXPOSE 1883 8883 8080 44053 4369 8888 \
9100 9101 9102 9103 9104 9105 9106 9107 9108 9109


VOLUME ["/vernemq/log", "/vernemq/data", "/vernemq/etc"]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you explain why you've removed the /vernemq/etc volume?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • Docker container runtime modifies permissions for folders listed as volumes when spinning up a container if no special mount point is defined.
  • Helm chart does not mount anything to /vernemq/etc.
  • This creates issues when running as random user.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

With your addition would mounting a custom /vernemq/etc/vernemq.conf.local still work?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dergraf it shouldn't make a difference, and @blazdivjak is probably right, it shouldn't have been there in the first place most likely. You can still mount that file from within docker run or k8s even without the volume statement.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, thanks. Does this mean that we can get rid of log and data too?

@drf
Copy link
Contributor

drf commented Jul 2, 2019

Sorry for being late to the party. However, the changes are sound to me, but I wonder whether this has been tested outside OpenShift given the various permission changes (apparently shouldn't be an issue, but better safe than sorry). So thumbs up, especially if somebody tested this on standard k8s :)

@blazdivjak
Copy link
Author

I did test it on k8s as well. Not extensively however.

greggiles
greggiles reviewed Feb 18, 2020
View reviewed changes
Copy link

@greggiles greggiles left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am able to run with these changes in OpenShift and on a Docker Swarm without apparent issue ... would like to see these officially approved and merged

@ioolkos
Copy link
Contributor

ioolkos commented Feb 18, 2020

@greggiles thanks a lot for your testing and vote to merge this.
@dergraf merge?
@ertanden given your experience, could you give a comment on this?

@ertanden
Copy link

ertanden commented Mar 2, 2020

@ioolkos this looks good to me.

Maybe a small comment, instead of adding the new file uid_entrypoint, we could also put the content of it at the beginning of the start_vernemq script. It would simplify things I guess.

@ioolkos ioolkos mentioned this pull request Jan 5, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@greggiles greggiles greggiles left review comments

@dergraf dergraf dergraf left review comments

@drf drf drf left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@blazdivjak @dergraf @loldiges @drf @ioolkos @ertanden @greggiles