Open
Conversation
Added references to upstream contribution and resources.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add Helm Chart and OpenShift Compatibility
This PR contributes a Helm chart for deploying ResourceSpace on OpenShift, along with the image modifications required to run under OpenShift's
restricted-v2Security Context Constraint (SCC). The following work was done as part of a trial run of deploying applications to the OpenShift platform, and we felt it appropriate to contribute this work upstream to provide a resource for others who may desire something similar in the future. If these changes are accepted feel free to reorganize/restructure them in whichever way best fits the project. Any original files (Dockerfile,entrypoint.sh, etc) that were modified have been placed in theopenshiftdirectoryWhat's included
OpenShift image modifications
The upstream image runs Apache on port 80 as root, which is not permitted under OpenShift's default
restricted-v2SCC. The following changes make the image compatible:ports.conf— configures Apache to listen on port 8080 instead of 80000-default.conf— updates the default vhost to port 8080entrypoint.sh— redirects Apache runtime files (PID,lock,log) to/tmp, which is writable by any UID; also handlesconfig.phppersistence across pod restarts via the filestore volumeDockerfile— copies the above configs, makes runtime directories world-writable, and exposes port 8080Helm chart (
helm/)A complete Helm chart for deploying ResourceSpace on OpenShift 4.x with:
Deploymentwith liveness/readiness probesStatefulSetwith persistent storagePersistentVolumeClaimsfor filestore and MariaDB data (dynamic provisioning via StorageClass)OpenShift Routewith edge TLS terminationSecretfor database credentialsTesting
Tested on OpenShift 4.12 with:
Licensing
Portions of this contribution were authored by the Government of Canada. See
NOTICEfor full attribution. Contributions are provided under the existing BSD-3-Clause licence of this repository in accordance with its contribution model. Crown copyright is retained for the portions authored by public servants in the form submitted, as noted inNOTICE. This does not modify or replace the applicable licence or affect any permissions granted to users.Notes for maintainers
config.phppersistence is handled by the entrypoint via a symlink to the filestore PVC on first run, and a copy-and-patch on subsequent restartshttp://resourcespace) for the Base URL field due to OpenShift's ingress routing — the entrypoint corrects this automatically on restart