[Feature Request] Support for OpenShift #241
Labels
enhancement
New feature or request
Comments
This was referenced Sep 13, 2024
|
The below article explains what needs to done to use single Dockerfile to create an image that functions correctly, both on OpenShift and on Kubernetes.
|
|
We will be removing the need for Temporal to write to the filesytem for our docker containers, which will avoid this issue. |
|
Relevant PR: temporalio/temporal#6251 |
|
temporalio/ui also writes to the filesytem. the above PR fix ui image also? |
|
That would need to be handled separately, I'll look at this once we've fixed it for Temporal server. temporalio/ui#1703 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
I attempted to deploy temporal via helm (https://github.com/temporalio/helm-charts/tree/main) onto an openshift cluster.
Ran into issues running the temporal server and temporal ui containers on openshift due to security constraints (running on openshift - https://cloud.redhat.com/blog/a-guide-to-openshift-and-uids)
Identified the root cause to be the following sections:
Essentially what we are observing is openshift enforces specific UID and GID for the running containers that do not match the predefined values in the image definition and therefore fail with the following error:
Describe the solution you'd like
Dockerfile definition should not pin specific UIDs for non root user enforcement, but instead ensure that all directories that are required for functionality have sufficient privileges.
To get around this issue the following Dockerfile was used and confirmed to work
The text was updated successfully, but these errors were encountered: