◐ Shell
clean mode source ↗

Feature UI Server image won't start in an OpenShift cluster

tchughesiv

Expected Behavior

The python Feature UI Server image should run in an OpenShift cluster without issue.

Current Behavior

Traceback (most recent call last):
  File "/usr/local/bin/feast", line 8, in <module>
    sys.exit(cli())
  File "/usr/local/lib/python3.9/site-packages/click/core.py", line 1157, in __call__
    return self.main(*args, **kwargs)
  File "/usr/local/lib/python3.9/site-packages/click/core.py", line 1078, in main
    rv = self.invoke(ctx)
  File "/usr/local/lib/python3.9/site-packages/click/core.py", line 1688, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/local/lib/python3.9/site-packages/click/core.py", line 1434, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/local/lib/python3.9/site-packages/click/core.py", line 783, in invoke
    return __callback(*args, **kwargs)
  File "/usr/local/lib/python3.9/site-packages/click/decorators.py", line 33, in new_func
    return f(get_current_context(), *args, **kwargs)
  File "/usr/local/lib/python3.9/site-packages/feast/cli.py", line 173, in ui
    store.serve_ui(
  File "/usr/local/lib/python3.9/site-packages/feast/feature_store.py", line 2304, in serve_ui
    ui_server.start_server(
  File "/usr/local/lib/python3.9/site-packages/feast/ui_server.py", line 105, in start_server
    app = get_app(
  File "/usr/local/lib/python3.9/site-packages/feast/ui_server.py", line 57, in get_app
    with ui_dir.joinpath("projects-list.json").open(mode="w") as f:
  File "/usr/local/lib/python3.9/pathlib.py", line 1252, in open
    return io.open(self, mode, buffering, encoding, errors, newline,
  File "/usr/local/lib/python3.9/pathlib.py", line 1120, in _opener
    return self._accessor.open(self, flags, mode)
PermissionError: [Errno 13] Permission denied: '/usr/local/lib/python3.9/site-packages/feast/ui/build/projects-list.json'

Steps to reproduce

This can be recreated w/ podman or docker -

$ podman run --rm -u 12345:0 -e FEATURE_STORE_YAML_BASE64=$(cat sdk/python/feast/templates/local/feature_repo/feature_store.yaml | base64 | tr -d '\n\r') docker.io/feastdev/feature-server:0.37.1 feast ui
/usr/local/lib/python3.9/site-packages/feast/ui_server.py:45: DeprecationWarning: 
        on_event is deprecated, use lifespan event handlers instead.

        Read more about it in the
        [FastAPI docs for Lifespan Events](https://fastapi.tiangolo.com/advanced/events/).
        
  @app.on_event("shutdown")
/usr/local/lib/python3.9/site-packages/fastapi/applications.py:4495: DeprecationWarning: 
        on_event is deprecated, use lifespan event handlers instead.

        Read more about it in the
        [FastAPI docs for Lifespan Events](https://fastapi.tiangolo.com/advanced/events/).
        
  return self.router.on_event(event_type)
Received base64 encoded feature_store.yaml
Traceback (most recent call last):
  File "/usr/local/bin/feast", line 8, in <module>
    sys.exit(cli())
  File "/usr/local/lib/python3.9/site-packages/click/core.py", line 1157, in __call__
    return self.main(*args, **kwargs)
  File "/usr/local/lib/python3.9/site-packages/click/core.py", line 1078, in main
    rv = self.invoke(ctx)
  File "/usr/local/lib/python3.9/site-packages/click/core.py", line 1688, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/local/lib/python3.9/site-packages/click/core.py", line 1434, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/local/lib/python3.9/site-packages/click/core.py", line 783, in invoke
    return __callback(*args, **kwargs)
  File "/usr/local/lib/python3.9/site-packages/click/decorators.py", line 33, in new_func
    return f(get_current_context(), *args, **kwargs)
  File "/usr/local/lib/python3.9/site-packages/feast/cli.py", line 173, in ui
    store.serve_ui(
  File "/usr/local/lib/python3.9/site-packages/feast/feature_store.py", line 2304, in serve_ui
    ui_server.start_server(
  File "/usr/local/lib/python3.9/site-packages/feast/ui_server.py", line 105, in start_server
    app = get_app(
  File "/usr/local/lib/python3.9/site-packages/feast/ui_server.py", line 57, in get_app
    with ui_dir.joinpath("projects-list.json").open(mode="w") as f:
  File "/usr/local/lib/python3.9/pathlib.py", line 1252, in open
    return io.open(self, mode, buffering, encoding, errors, newline,
  File "/usr/local/lib/python3.9/pathlib.py", line 1120, in _opener
    return self._accessor.open(self, flags, mode)
PermissionError: [Errno 13] Permission denied: '/usr/local/lib/python3.9/site-packages/feast/ui/build/projects-list.json'

Specifications

  • Version: 0.37.1
  • Platform: OpenShift

Possible Solution

The issue is that the OpenShift restricted SCC, which is configured against namespaces by default, forces containers to run with a random uid, and a root gid. The solution will be to modify group/root perms on either the /usr/local/lib/python3.9/site-packages/feast/ui/build/ directory or the projects-list.json file.