OpenTAKServer
OpenTAKServer copied to clipboard
brian7704
Added initial docker/kubernetes/helm support
Initial docker support with helm chart. I also refactored rabbitmq to use authentication. Please let me know your feedback.
Hi
Instead of changing so many OTS files. You can fix most of the problems with a init script. You are welcome to see how I got ENV support for my docker image here https://github.com/milsimdk/ots-docker-image/blob/main/entrypoint.d/init.py
I'm not fully in the k8s world yet, but you will likely run into file permissions when running as non-root or not setting UID/GIU on the container user, I tried with my setup initially.
When the "local" folder and app user don't have the same UID/GIU many reported problems with permissions. https://github.com/milsimdk/ots-docker/issues/1
https://github.com/milsimdk/ots-docker/blob/main/compose.override.yaml-example
Looks like I picked a hell of a day to quit sniffing glue. Great work everyone
On Mon, Feb 24, 2025, 9:25 AM nerdalertdk @.***> wrote:
Hi
Instead of changing so many of the OTS files. You can fix most of the problems with a init script. You are welcome to see how I got ENV support for my docker image here
https://github.com/milsimdk/ots-docker-image/blob/main/entrypoint.d/init.py
— Reply to this email directly, view it on GitHub https://github.com/brian7704/OpenTAKServer/pull/121#issuecomment-2679164808, or unsubscribe https://github.com/notifications/unsubscribe-auth/AD3F7PTWYLDO23R2YCWKLBD2RNIXDAVCNFSM6AAAAABXYQGE6OVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDMNZZGE3DIOBQHA . You are receiving this because you are subscribed to this thread.Message ID: @.***> [image: nerdalertdk]nerdalertdk left a comment (brian7704/OpenTAKServer#121) https://github.com/brian7704/OpenTAKServer/pull/121#issuecomment-2679164808
Hi
Instead of changing so many of the OTS files. You can fix most of the problems with a init script. You are welcome to see how I got ENV support for my docker image here
https://github.com/milsimdk/ots-docker-image/blob/main/entrypoint.d/init.py
— Reply to this email directly, view it on GitHub https://github.com/brian7704/OpenTAKServer/pull/121#issuecomment-2679164808, or unsubscribe https://github.com/notifications/unsubscribe-auth/AD3F7PTWYLDO23R2YCWKLBD2RNIXDAVCNFSM6AAAAABXYQGE6OVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDMNZZGE3DIOBQHA . You are receiving this because you are subscribed to this thread.Message ID: @.***>
Hi
Instead of changing so many OTS files. You can fix most of the problems with a init script. You are welcome to see how I got ENV support for my docker image here https://github.com/milsimdk/ots-docker-image/blob/main/entrypoint.d/init.py
I'm not fully in the k8s world yet, but you will likely run into file permissions when running as non-root or not setting UID/GIU on the container user, I tried with my setup initially.
When the "local" folder and app user don't have the same UID/GIU many reported problems with permissions. milsimdk/ots-docker#1
https://github.com/milsimdk/ots-docker/blob/main/compose.override.yaml-example
Thanks for the very good input. I like the solution with the init file, I'll adopt it. In regards to the file permissions, as default pvc in kubernetes, the volume has the correct permission. But in some aks environments or host-mounts this can surly lead to problems. Normally the user is in charge to add a side car to handle the environment restrictions. But I'll add a sample side car which takes care of setting the proper file permissions.
Hi Instead of changing so many OTS files. You can fix most of the problems with a init script. You are welcome to see how I got ENV support for my docker image here https://github.com/milsimdk/ots-docker-image/blob/main/entrypoint.d/init.py I'm not fully in the k8s world yet, but you will likely run into file permissions when running as non-root or not setting UID/GIU on the container user, I tried with my setup initially. When the "local" folder and app user don't have the same UID/GIU many reported problems with permissions. milsimdk/ots-docker#1 https://github.com/milsimdk/ots-docker/blob/main/compose.override.yaml-example
Thanks for the very good input. I like the solution with the init file, I'll adopt it. In regards to the file permissions, as default pvc in kubernetes, the volume has the correct permission. But in some aks environments or host-mounts this can surly lead to problems. Normally the user is in charge to add a side car to handle the environment restrictions. But I'll add a sample side car which takes care of setting the proper file permissions.
Did suspect kubernetes did something smart with permissions, so that's great. I'm also assuming most people running k8s got permissions under control :)
You are more then welcome to just use my image, have one for both OTS and OTS-UI
Sorry for the delay but I finally got some time to take a look at this. I'm unfamiliar with how k8s/helm work so I'm going to read up on them. I also want to confirm that these changes won't impact users who use the installer script. I'll add comments in the code review if I have any specific questions for you.
@CPlusPlus17 How did you configure RabbitMQ authentication? I installed OTS from the installer script and then installed this PR and it gets an error about plain auth not being enabled in RabbitMQ. Did you just add auth_backends.3 = plain to the config?
@CPlusPlus17 How did you configure RabbitMQ authentication? I installed OTS from the installer script and then installed this PR and it gets an error about plain auth not being enabled in RabbitMQ. Did you just add
auth_backends.3 = plainto the config?
I did some testing and realized that no config changes are needed for RabbitMQ. However if OTS_RABBITMQ_USERNAME and OTS_RABBITMQ_PASSWORD aren't set, the connection gets rejected due to a blank username and password. I think all you need to do is set their default values to guest rather than an empty string. That will allow OTS on the same machine as RabbitMQ to connect with no other changes.
I'm not sure if I'm doing something wrong or if there's an issue with the helm chart but when I try to install the helm chart I get this error.
$ helm install opentakserver opentakserver-0.1.0.tgz
Error: INSTALLATION FAILED: 1 error occurred:
* Deployment in version "v1" cannot be handled as a Deployment: json: cannot unmarshal number into Go struct field EnvVar.spec.template.spec.containers.env.name of type string
@CPlusPlus17 How did you configure RabbitMQ authentication? I installed OTS from the installer script and then installed this PR and it gets an error about plain auth not being enabled in RabbitMQ. Did you just add
auth_backends.3 = plainto the config?I did some testing and realized that no config changes are needed for RabbitMQ. However if
OTS_RABBITMQ_USERNAMEandOTS_RABBITMQ_PASSWORDaren't set, the connection gets rejected due to a blank username and password. I think all you need to do is set their default values toguestrather than an empty string. That will allow OTS on the same machine as RabbitMQ to connect with no other changes.
You are right, I adjusted it to only support authenticated connection. Will adjust it.
I'm not sure if I'm doing something wrong or if there's an issue with the helm chart but when I try to install the helm chart I get this error.
$ helm install opentakserver opentakserver-0.1.0.tgz Error: INSTALLATION FAILED: 1 error occurred: * Deployment in version "v1" cannot be handled as a Deployment: json: cannot unmarshal number into Go struct field EnvVar.spec.template.spec.containers.env.name of type string
Do you provide a values file when installing?