brenton
commented
3 years ago This is my first attempt at anything in nodejs. Feel free to modify this however necessary. With this patch I am able to run on shiny-server on OpenShift 4.
Open brenton opened 3 years ago
brenton
commented
3 years ago This is my first attempt at anything in nodejs. Feel free to modify this however necessary. With this patch I am able to run on shiny-server on OpenShift 4.
cameronkerrnz
commented
3 years ago Exactly what I need. Either this or something that doesn't require run_as (so long as there's no user-based functionality)
cameronkerrnz
commented
3 years ago Here's a useful page explaining how this works in OpenShift (some of which will also be true for Kubernetes too)
https://www.openshift.com/blog/a-guide-to-openshift-and-uids
cameronkerrnz
commented
3 years ago I'm not a committer, but I would suggest 'run_as :CURRENT_USER:' might read more accurately compared to 'run_as :ANY:'
There is a related issue (that is addressed in OpenShift 4, but earlier versions of OpenShift and other Kubernetes distributions may experience this) is that Shiny (or R?) objects to not having an entry for its user in /etc/passwd
In OpenShift 4 (this is presumably set up by CRI-O) synthesizes a username which is the same as the UID.
cameronkerrnz
commented
3 years ago Also, its useful to point out that the Umask will need do be adjusted because it will need files to be be group read/write. Permissions 2770 or 2775 tend to be useful when assigning permissions. But that's not an issue for this pull-request.
brenton
commented
3 years ago Thanks for the feedback, @cameronkerrnz. I would be just as happy for it to be called CURRENT_USER too. This has been sitting here for a while. If you have any ideas how we could raise awareness with the dev team I would appreciate it.
This is useful in Kubernetes environments where the uid is provided by the platform. In environments with user namespacing even if the container thinks it is running as root it can be mapped to a non-root user in the host OS.