Skip to content

Added initial docker/kubernetes/helm support #121

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Added initial docker/kubernetes/helm support #121

wants to merge 1 commit into from

Conversation

CPlusPlus17
Copy link

Initial docker support with helm chart. I also refactored rabbitmq to use authentication.
Please let me know your feedback.

@nerdalertdk
Copy link
Contributor

nerdalertdk commented Feb 24, 2025
edited
Loading

Hi

Instead of changing so many OTS files. You can fix most of the problems with a init script.
You are welcome to see how I got ENV support for my docker image here
https://github.com/milsimdk/ots-docker-image/blob/main/entrypoint.d/__init__.py

I'm not fully in the k8s world yet, but you will likely run into file permissions when running as non-root or not setting UID/GIU on the container user, I tried with my setup initially.

When the "local" folder and app user don't have the same UID/GIU many reported problems with permissions.
milsimdk/ots-docker#1

https://github.com/milsimdk/ots-docker/blob/main/compose.override.yaml-example

@ghost
Copy link

ghost commented Feb 24, 2025 via email

@CPlusPlus17
Copy link
Author

Hi

Instead of changing so many OTS files. You can fix most of the problems with a init script. You are welcome to see how I got ENV support for my docker image here https://github.com/milsimdk/ots-docker-image/blob/main/entrypoint.d/__init__.py

I'm not fully in the k8s world yet, but you will likely run into file permissions when running as non-root or not setting UID/GIU on the container user, I tried with my setup initially.

When the "local" folder and app user don't have the same UID/GIU many reported problems with permissions. milsimdk/ots-docker#1

https://github.com/milsimdk/ots-docker/blob/main/compose.override.yaml-example

Thanks for the very good input. I like the solution with the init file, I'll adopt it.
In regards to the file permissions, as default pvc in kubernetes, the volume has the correct permission. But in some aks environments or host-mounts this can surly lead to problems. Normally the user is in charge to add a side car to handle the environment restrictions. But I'll add a sample side car which takes care of setting the proper file permissions.

@nerdalertdk
Copy link
Contributor

Hi
Instead of changing so many OTS files. You can fix most of the problems with a init script. You are welcome to see how I got ENV support for my docker image here https://github.com/milsimdk/ots-docker-image/blob/main/entrypoint.d/__init__.py
I'm not fully in the k8s world yet, but you will likely run into file permissions when running as non-root or not setting UID/GIU on the container user, I tried with my setup initially.
When the "local" folder and app user don't have the same UID/GIU many reported problems with permissions. milsimdk/ots-docker#1
https://github.com/milsimdk/ots-docker/blob/main/compose.override.yaml-example

Thanks for the very good input. I like the solution with the init file, I'll adopt it. In regards to the file permissions, as default pvc in kubernetes, the volume has the correct permission. But in some aks environments or host-mounts this can surly lead to problems. Normally the user is in charge to add a side car to handle the environment restrictions. But I'll add a sample side car which takes care of setting the proper file permissions.

Did suspect kubernetes did something smart with permissions, so that's great.
I'm also assuming most people running k8s got permissions under control :)

You are more then welcome to just use my image, have one for both OTS and OTS-UI

@brian7704 brian7704 self-requested a review April 5, 2025 16:44
@brian7704
Copy link
Owner

Sorry for the delay but I finally got some time to take a look at this. I'm unfamiliar with how k8s/helm work so I'm going to read up on them. I also want to confirm that these changes won't impact users who use the installer script. I'll add comments in the code review if I have any specific questions for you.

@brian7704
Copy link
Owner

@CPlusPlus17 How did you configure RabbitMQ authentication? I installed OTS from the installer script and then installed this PR and it gets an error about plain auth not being enabled in RabbitMQ. Did you just add auth_backends.3 = plain to the config?

@brian7704
Copy link
Owner

@CPlusPlus17 How did you configure RabbitMQ authentication? I installed OTS from the installer script and then installed this PR and it gets an error about plain auth not being enabled in RabbitMQ. Did you just add auth_backends.3 = plain to the config?

I did some testing and realized that no config changes are needed for RabbitMQ. However if OTS_RABBITMQ_USERNAME and OTS_RABBITMQ_PASSWORD aren't set, the connection gets rejected due to a blank username and password. I think all you need to do is set their default values to guest rather than an empty string. That will allow OTS on the same machine as RabbitMQ to connect with no other changes.

@brian7704
Copy link
Owner

I'm not sure if I'm doing something wrong or if there's an issue with the helm chart but when I try to install the helm chart I get this error.

$ helm install opentakserver opentakserver-0.1.0.tgz
Error: INSTALLATION FAILED: 1 error occurred:
        * Deployment in version "v1" cannot be handled as a Deployment: json: cannot unmarshal number into Go struct field EnvVar.spec.template.spec.containers.env.name of type string

@CPlusPlus17
Copy link
Author

@CPlusPlus17 How did you configure RabbitMQ authentication? I installed OTS from the installer script and then installed this PR and it gets an error about plain auth not being enabled in RabbitMQ. Did you just add auth_backends.3 = plain to the config?

I did some testing and realized that no config changes are needed for RabbitMQ. However if OTS_RABBITMQ_USERNAME and OTS_RABBITMQ_PASSWORD aren't set, the connection gets rejected due to a blank username and password. I think all you need to do is set their default values to guest rather than an empty string. That will allow OTS on the same machine as RabbitMQ to connect with no other changes.

You are right, I adjusted it to only support authenticated connection. Will adjust it.

@CPlusPlus17
Copy link
Author

I'm not sure if I'm doing something wrong or if there's an issue with the helm chart but when I try to install the helm chart I get this error.

$ helm install opentakserver opentakserver-0.1.0.tgz
Error: INSTALLATION FAILED: 1 error occurred:
        * Deployment in version "v1" cannot be handled as a Deployment: json: cannot unmarshal number into Go struct field EnvVar.spec.template.spec.containers.env.name of type string

Do you provide a values file when installing?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@brian7704 brian7704 Awaiting requested review from brian7704

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@CPlusPlus17 @nerdalertdk @brian7704