[Feature Request] Support for OpenShift #241
Description
Is your feature request related to a problem? Please describe.
I attempted to deploy temporal via helm (https://github.com/temporalio/helm-charts/tree/main) onto an openshift cluster.
Ran into issues running the temporal server and temporal ui containers on openshift due to security constraints (running on openshift - https://cloud.redhat.com/blog/a-guide-to-openshift-and-uids)
Identified the root cause to be the following sections:
- server issue Create dockerfile #1 - added to issue - [Feature Request] Support for OpenShift helm-charts#558
- server issue Create pipeline to publish docker image #2 - https://github.com/temporalio/docker-builds/blob/main/server.Dockerfile#L14-L18
- ui - added to issue: [Feature Request] Support for OpenShift ui#2327
Essentially what we are observing is openshift enforces specific UID and GID for the running containers that do not match the predefined values in the image definition and therefore fail with the following error:
TEMPORAL_ADDRESS is not set, setting it to 100.72.8.241:7233
2024/09/13 06:13:46 unable to create open /etc/temporal/config/docker.yaml: permission denied
Describe the solution you'd like
Dockerfile definition should not pin specific UIDs for non root user enforcement, but instead ensure that all directories that are required for functionality have sufficient privileges.
To get around this issue the following Dockerfile was used and confirmed to work
FROM temporalio/server:1.25.0
RUN chmod o+w /etc/temporal/config/