Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
[OpenShift] Support Thread
See original GitHub issue⚠️ Please verify that this bug has NOT been raised before.
- I checked and didn’t find similar issue
🛡️ Security Policy
- I agree to have read this project Security Policy
📝 Describe your problem
As part of #1286 ppl asked if I could share my config to get Uptime Kuma running on OpenShift. So to provide a starting point for everyone interested this “question”/help issue now exists.
So for various reasons I ended up creating my own Docker image based on the official uptime-kuma image, but long story short:
- I needed to for work (due to base image policy)
- I wanted to have full control over how the image and configure how the permissions are set (according to the RedHat Docs)
Containerfile
FROM docker.io/louislam/uptime-kuma:1.11.4-debian AS app-src
FROM docker.io/node:14-bullseye-slim
ARG UID=3310
ARG GID=3310
COPY --from=app-src /app /app
RUN apt-get update -qqy \
&& apt-get install --no-install-recommends -qqy \
python3 python3-pip python3-cryptography python3-six python3-yaml python3-click python3-markdown python3-requests python3-requests-oauthlib \
sqlite3 iputils-ping util-linux dumb-init wget curl ca-certificates bash \
&& pip3 --no-cache-dir install apprise==0.9.7 \
&& rm -rf /var/lib/apt/lists/* \
\
&& addgroup --system --gid ${GID} uptime-kuma || true \
&& adduser --system --disabled-login --ingroup uptime-kuma --no-create-home --home /nonexistent --gecos "uptime-kuma" --shell /bin/false --uid ${UID} uptime-kuma || true \
&& mkdir /app/data \
&& chown -R uptime-kuma:0 /app \
&& chmod -R g=u /app
WORKDIR /app
USER uptime-kuma
EXPOSE 3001
VOLUME ["/app/data"]
ENTRYPOINT ["/usr/bin/dumb-init", "--"]
CMD ["node", "server/server.js"]
Note:
- Yes this is a tat outdated but the basics should work with new versions too.
- Yes this version may copy over the
entrypoint.shas part of copying the/appfolder, but am not using it. This is due to OpenShift not permitting running as root/privileged user unless explicitly permitted and the script relying on that to change permissions on the persistent files.
Deployment
I hacked together a very basic Helm (3.x+) Chart to deploy a StatefullSet to our OpenShift cluster with a service and a Route. You can find that here: https://github.com/k3rnelpan1c-dev/uptime-kuma-helm
I will try and answer any questions and feedback to my best abilities and as time allows. If this issue violates the contribution guidelines in any way that I overlooked then please feel free to close this and my apologies in that case.
🐻 Uptime-Kuma Version
1.11.4
💻 Operating System and Arch
OpenShift 4.x
🌐 Browser
Firefox 99
🐋 Docker Version
cri-o
🟩 NodeJS Version
14.19.1
Issue Analytics
- State:
- Created a year ago
- Reactions:3
- Comments:11 (1 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
@k3rnelpan1c-dev’s Container Image works perfectly for me on OKD/OCP 4.11 with the new restricted-v2 SCC.
Outbound Ping doesn’t work, but I don’t use it anyways.
overall you right, but one thing that I observed (not with uptime IIRC, but other NodeJS and Python Apps) is that they sometimes rely on a writable home directory, which is an easy fix if you set the envVar
HOMEto a volume or emptyDir. However, I generally added the extra user for other container runtimes that don’t act like OpenShift (running as arbitrary UID) so they have a user to their UID uptime runs as. (is it overkill, maybe 🤷♂️, but it works)