Top Menu

Jump to content
Home
    Modules
      • Projects
      • Activity
      • Work packages
      • Gantt charts
      • Calendars
      • Team planners
      • Boards
      • News
    • Getting started
    • Introduction video
      Welcome to OpenProject Community
      Get a quick overview of project management and team collaboration with OpenProject. You can restart this video from the help menu.
    • Help and support
    • Upgrade to Enterprise edition
    • User guides
    • Videos
    • Shortcuts
    • Community forum
    • Enterprise support
    • Additional resources
    • Data privacy and security policy
    • Digital accessibility (DE)
    • OpenProject website
    • Security alerts / Newsletter
    • OpenProject blog
    • Release notes
    • Report a bug
    • Development roadmap
    • Add and edit translations
    • API documentation
  • Sign in
      Forgot your password?

      or sign in with your existing account

      Google

Side Menu

  • Overview
  • Activity
    Activity
  • Roadmap
  • Work packages
    Work packages
  • Gantt charts
    Gantt charts
  • Calendars
    Calendars
  • Team planners
    Team planners
  • Boards
    Boards
  • News
  • Forums

Content

Support Installation & Updates
  1. OpenProject
  2. Forums
  3. Support Installation & Updates
  4. Kubernetes + MinIO Attachments issue

Kubernetes + MinIO Attachments issue

Added by Pau PaiPai 10 months ago

Hello OP community!

I just installed a fresh 14-slim version of OP in my OnPremises cluster and everything seems to run smoothly but ONE important thing, the attachments.

Here is my values.yaml file

openproject:
  https: true

service:
  enabled: true

ingress:
  enabled: true
  host: ****
  ingressClassName: ingress-nginx
  annotations:
    nginx.ingress.kubernetes.io/proxy-body-size: 200m
  tls:
    enabled: true
    secretName: "openproject-tls"

persistence:
  enabled: false

# S3-compatible object storage
s3:
  enabled: true
  auth:
    accessKeyId: ****
    secretAccessKey: ****
  region: eu-west-1
  bucketName: openproject
  endpoint: ***
  host: ***
  pathStyle: false
  signatureVersion: 4
  enableSignatureV4Streaming: false
  directUploads: true

environment: 
  OPENPROJECT_HTTPS: true
  OPENPROJECT_EMAIL__DELIVERY__METHOD: "smtp"
  OPENPROJECT_SMTP__ADDRESS: "***"
  OPENPROJECT_SMTP__PORT: "25"
  OPENPROJECT_SMTP__DOMAIN: "***"
  OPENPROJECT_SMTP__AUTHENTICATION: "none"
  OPENPROJECT_FOG_CREDENTIALS_PORT: 9000

openproject:
  admin_user:
    password: "admin"
    password_reset: "true"
    name: "****"
    mail: "****"
  useTmpVolumes: true
  

postgresql:
  bundled: true
  global:
    containerSecurityContext:
      enabled: true
      allowPrivilegeEscalation: false
      capabilities:
        drop:
          - "ALL"
      seccompProfile:
        type: "RuntimeDefault"
      readOnlyRootFilesystem: true
      runAsNonRoot: true
  auth:
    username: "openproject"
    database: "openproject"
    password: "***"
    postgresPassword: "****"

You see, I have a running MinIO instance visible from the OP instance but I think my problem is unrelated to the s3 storage itself but a permission issue with ruby and the temp folder. When i attach a file to a User Story for example, I can see the following logs in the web pod:

openproject /usr/local/lib/ruby/3.3.0/tmpdir.rb:39:in `block in tmpdir': system temporary path is world-writable: /tmp (StructuredWarnings::StandardWarning)                                                                            │
│ openproject /usr/local/lib/ruby/3.3.0/tmpdir.rb:39:in `block in tmpdir': /tmp is world-writable: /tmp (StructuredWarnings::StandardWarning)                                                                                             │
│ openproject 2024-07-17 12:50:57 +0000 Read: #<Errno::EROFS: Read-only file system @ rb_sysopen - /app/puma20240717-42-mx299e>                                                                                                           │
│ openproject I, [2024-07-17T12:51:08.401393 #42]  INFO -- : [c90469f8-ee4a-45dc-9763-e9f73d4fcd6d] method=GET path=/health_checks/d

In the browser console, the POST to api/v3/work_packages/14/attachments shows up as a 502 Bad Gateway error:

Any suggestions, thanks so much in advance and have a great day!


Loading...