[
https://issues.apache.org/jira/browse/FINERACT-830?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17107622#comment-17107622
]
Petri Tuomola commented on FINERACT-830:
----------------------------------------
[~xurror] - yes, I did test with Kubernetes as well, and it works fine at least
on mine.
I did have to do some hacking with the Kubernetes set-up though to work around
the following problems:
* The script line in kubectl-startup to create a password does not work on
MacOS (tr does not like the data it gets from urandom)
* Kubernetes configuration was pulling in the latest apache/fineract image
rather than using the one built by our docker-compose build
* The MySQL password passed in during the initial run of Kubernetes seems to
be getting stored on the PersistentVolume /mnt/data. Since we generate a new
password every time we run kubectl-startup whereas the data on the volume is
retained, at least for me this meant only the first startup worked. After that
all the startups failed, as Fineract is not able to login to MySQL
But after hacking around these issues unrelated to the Docker image itself -
yes, this image worked without issues on Kubernetes
> Use distroless base image instead of bitnami/tomcat in container
> ----------------------------------------------------------------
>
> Key: FINERACT-830
> URL: https://issues.apache.org/jira/browse/FINERACT-830
> Project: Apache Fineract
> Issue Type: Improvement
> Reporter: Michael Vorburger
> Priority: Major
> Labels: kubernetes, technical
>
> Rohit Verma on the mailing list raised using a "more hardened base image like
> distroless".
> I'll admit that I'm personally not a huge fan of "FROM bitnami/tomcat:7.0.94"
> myself! Any contributions you'd like to make on this front would be very very
> welcome, from my side.
> https://github.com/GoogleContainerTools/distroless is a great alternative.
> (BTW
> https://access.redhat.com/containers/?tab=images#/registry.access.redhat.com/redhat-openjdk-18/openjdk18-openshift
> is a another great choice, if you're into something supported.)
> Your mission, should you choose to accept it and work on this issue, would be
> to raise a PR modifying our Dockerfile, but then still have the related test
> at the end of .travis.yml pass - everything (container, Docker Compose,
> Kubernetes) should, obviously, still "work as is", even if you go for
> changing the base image. Makes sense and sounds fair?
>
> PS: What we really should do at some point is move away from 1990s style
> WAR-in-Tomcat, and make java -jar fineract.war work instead (and then use
> that in the container)... people working on this could also contribute,
> before or after, to FINERACT-730. (On a related front, there's also
> FINERACT-764, but both are probably independent enough from each other to be
> tackled separately.)
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
