Local BookStack on OpenShift / CRC
CI
Reference

Configuration

Everything you need to customise the dev-bookstack environment — from database credentials to resource limits and persistent storage.

Database & Application Credentials

All secrets live in openshift/secrets.yaml. The file uses stringData, so values are stored as plain text in the manifest — do not commit real credentials to version control.

⚠ī¸ Development defaults only The credentials shipped in openshift/secrets.yaml are for local development only. Always rotate them before connecting to any shared or internet-facing environment.

MariaDB secret (mariadb-secret)

KeyDefault valueDescription
root-passworddevrootMariaDB root password
databasebookstackDatabase name
usernamebookstackApplication DB user
passworddevpasswordApplication DB password

BookStack secret (bookstack-secret)

KeyDescription
app-keyLaravel application encryption key — format: base64:<44-char-base64>
mail-passwordSMTP password (empty by default — mail is logged, not sent)

To change any credential, edit openshift/secrets.yaml before running deploy.sh. If the environment is already running, delete and re-create the secret:

shell
oc delete secret mariadb-secret -n bookstack-dev
oc apply -f openshift/secrets.yaml

Generating a New APP_KEY

BookStack (Laravel) requires a unique 256-bit base64-encoded encryption key. The one shipped in secrets.yaml is for bootstrapping only. Generate a fresh one with:

shell
# Generate a new key (requires openssl)
echo "base64:$(openssl rand -base64 32)"

Paste the result as the value of app-key in openshift/secrets.yaml.

⚠ī¸ Changing APP_KEY invalidates existing sessions All users will be logged out and any encrypted data (API tokens, etc.) will be invalidated. Only rotate the key on a fresh deployment or when you intend to reset the instance.

Changing APP_URL

By default, BookStack is exposed at: 

http://bookstack-bookstack-dev.apps-crc.testing

If your CRC cluster uses a different wildcard domain, update two places in openshift/bookstack.yaml:

LocationFieldExample value
Deployment env var APP_URL http://bookstack-bookstack-dev.apps-crc.testing
Route spec spec.host bookstack-bookstack-dev.apps-crc.testing
💡 Tip Run crc console --credentials to print your cluster domain if you're unsure what it is.

After editing, re-apply the manifest:

shell
oc apply -f openshift/bookstack.yaml

Persistent Storage

Both services use PersistentVolumeClaims backed by CRC's default storage class (ReadWriteOnce):

PVC nameMount pathDefault sizeContents
mariadb-pvc /var/lib/mysql 2 Gi All BookStack database data
bookstack-uploads-pvc /config 5 Gi Uploaded files, images, and BookStack config

Data survives pod restarts and redeployments. It is permanently removed when you run ./teardown.sh, which deletes the entire namespace.

Resizing a PVC

Edit the storage field in the relevant YAML file, then re-apply. CRC's storage class supports online expansion for ReadWriteOnce volumes:

openshift/mariadb.yaml (excerpt)
spec:
  resources:
    requests:
      storage: 5Gi   # ← increase as needed

Resource Limits

BookStack

CPUMemory
Request200m256 Mi
Limit1000m (1 core)512 Mi

MariaDB

CPUMemory
Request100m256 Mi
Limit500m512 Mi

Health probes

Both deployments include readiness and liveness probes. BookStack's readiness probe checks GET /login with a 60-second initial delay (PHP startup) and retries every 15 seconds.

BookStack Environment Variables

These are injected into the BookStack container via the Deployment manifest in openshift/bookstack.yaml:

VariableValue / SourceNotes
PUID / PGID1000Linux user/group for the linuxserver image
TZUTCTimezone
APP_URLHard-coded in YAMLMust match the Route host
APP_KEYbookstack-secretLaravel encryption key
DB_HOSTmariadb.bookstack-dev.svc.cluster.localIn-cluster DNS for MariaDB Service
DB_PORT3306
DB_DATABASEmariadb-secretFrom Secret key database
DB_USERNAMEmariadb-secretFrom Secret key username
DB_PASSWORDmariadb-secretFrom Secret key password
MAIL_DRIVERlogEmails are written to the log — not sent
REGISTRATION_ENABLEDtrueAllows self-registration in dev
ℹī¸ SCC requirement The linuxserver/bookstack image runs as root internally. deploy.sh grants the anyuid SCC to the default service account in the bookstack-dev namespace to allow this. MariaDB uses bitnami/mariadb, which is already arbitrary-UID compatible.