#rancher

/

      • proteusguy joined the channel
      • muddymud joined the channel
      • RancherBot
        <jburandt> Anyone ever install weave scope from the rancher catalog? I'm getting a UI crash using the default settings
      • <chris.price> Anyone know how to make your pods run with a specific PUID and PGID in linux? I'm working with a docker image from a repository, but want to pass some flags to run as a specific user
      • <chris.price> Are you saying build a new image with those variables set? I had everything working correctly when it was just in docker, but in Kubernetes I don't know how to specify those variables.
      • <longwuyuan> K8s vars are for the app/runtime/executable (launched by the image) to consume is'nt it. That above link is for the app/runtime/executable to start off as a specific user in the first place i would think. One way to do what you want I think. Likely there are other ways
      • <chris.price> I'm running my media server in rancher (Plex, NZBGet, Sonarr, Radarr) and having permissions issues since the files are getting passed back and forth for processing. This is how I ran the container is straight Docker, but trying to find the equivalent in Rancher/k8s so that they can all play nice.
      • <chris.price> docker create \ --name Sonarr \ -p 8989:8989 \ -e PUID=1000 -e PGID=1000 \ -e TZ=America/Chicago \ -v /mnt/Data/Downloads:/downloads \ -v $MOUNT_POINT/sonarr:/config \ -v "/mnt/Data/TVShows":/"TV Shows" \ linuxserver/sonarr
      • <longwuyuan> check what 1000 coresponds to by exec into the container. it could be different from what it was without rancher
      • <longwuyuan> and check what that user with uid 1000 needs like access to that mounted volume etc
      • <chris.price> When I restart a pod, it changes the permissions on the directories I have mounted to PUID/GUID "911" and then messes up all the permissions
      • <chris.price> 911 isn't visible as a user on my machine, so i'm not sure how to add it to a specific group
      • <longwuyuan> whatever i shappening is as per standards so "straight-docker" must have been from local disk and rancher must be some other way to begin with
      • <chris.price> Ok thanks for the help, I'll do some more digging
      • <longwuyuan> what are you mounting those volumes in rancher as .... NFS or local-disk
      • <chris.price> local disk
      • <longwuyuan> what does mount -a show in the container... what are they mounted as
      • <longwuyuan> docker inspect will also show clean
      • <chris.price> I'm working on setting up an NFS and using it as a PV, but i'm just getting into k8s so i'm learning my way through it.
      • <longwuyuan> check docker mount options ... maybe you can specify options that will be your uid for mount
      • <longwuyuan> aah ok
      • <longwuyuan> K8s will be a diferent ballgame ... i guess you need to get off the fixed UID in your config
      • <chris.price> I've been running everything in docker and it has been working great, but running into a few hiccups migrating to k8s
      • <chris.price> there isn't a UID specified in the docker hub image though I don't believe
      • <longwuyuan> yeah K8s IS the change
      • <longwuyuan> not image .. you said you are passing -e 1000
      • <longwuyuan> -e 1000 is not agnostic
      • <chris.price> no, that's just how I ran it in docker originally when I wasn't using k8s. Just trying to figure out how it translates when i'm creating the workload
      • <longwuyuan> aah ok
      • <longwuyuan> simple ... first don't run .. just mount ...
      • <longwuyuan> so you can exec inside and see what a simple mount produces in terms of UID/GID
      • <longwuyuan> then just run your executable basd on that uid/gid
      • <longwuyuan> oh all K8s so check the PV and the PVC provided permissions for that volume and the ownership
      • <longwuyuan> what class ... AWS or something else ?
      • <chris.price> I'm just plugging in the docker image path and setting my volumes, but not sure in the workload setup where I can pass parameters to the build. It's all running locally and the volumes are just bind-mounted to the workload in rancher
      • <longwuyuan> that is shared content to a media-server so can't be coming off of a local-disk i would think..... i would do the appropriate class as needed in production .. and then see what the PVC gives me as ownership & permissions
      • <chris.price> yeah, it's a tricky setup. Multiple pods have to be able to access the same path since the file is sent to the downloader for one pod to access, then renamed and moved by another pod, then accessed by plex to import into the library...
      • <longwuyuan> yup. so configuring the storage-class as needed in production would tell you what permissions and ownership you will end up with
      • <chris.price> Ok I will try to get the SC and PV setup instead of trying to bind-mount the volumes to local disk
      • <longwuyuan> and verify what pods running on multiple hosts concurrently... have to deal with ... in terms of permission+ownership
      • <chris.price> It's just one host so far for testing, but the plan is to scale it out on multiple hosts in the future
      • <longwuyuan> yeah ... getting info from a PVC hanging off of a single host will help scale
      • <chris.price> yeah the volume part of k8s is pretty daunting, but I just need to do some more research
      • <chris.price> k8s is definitely the future though...i'm pushing for it at work now too for our DC
      • <longwuyuan> true. Rancher makes it a little easier thought but still requires K8s depth
      • <chris.price> yeah, i'm debating on whether or not I should just use straight k8s and bypass rancher. You get a nice gui and some things are easier to see, but it might be easier just to cli it all so I know what's underneath
      • <longwuyuan> same here and man y other folks. the flex doe'nt help and comes down to earning our keep
      • <longwuyuan> flex=flux
      • <chris.price> definitely. I use my home media server as a playground to learn the concepts, but I want a good grasp on it before we start using it at work in production
      • <kevin.mullin> @mail325 i'm having an issue with acme-domain as well. it appears to be with subdomains. if i point my tld to rancher it sets up the ssl just fine.
      • michas_ joined the channel
      • Elsmorian has quit
      • <froottools> Hi