Red Hat SummitDieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.
Chapter 10. Using Red Hat subscriptions in builds
Use the following sections to install Red Hat subscription content within OpenShift Container Platform builds.
10.1. Creating an image stream tag for the Red Hat Universal Base Image
To install Red Hat Enterprise Linux (RHEL) packages within a build, you can create an image stream tag to reference the Red Hat Universal Base Image (UBI).
To make the UBI available in every project in the cluster, add the image stream tag to the
openshiftImage stream tags grant access to the UBI by using the
registry.redhat.ioregistry.redhat.ioProcedure
To create an
in theImageStreamTagnamespace, so it is available to developers in all projects, enter:openshift$ oc tag --source=docker registry.redhat.io/ubi9/ubi:latest ubi9:latest -n openshiftTipYou can alternatively apply the following YAML to create an
in theImageStreamTagnamespace:openshiftapiVersion: image.openshift.io/v1 kind: ImageStream metadata: name: ubi9 namespace: openshift spec: tags: - from: kind: DockerImage name: registry.redhat.io/ubi9/ubi:latest name: latest referencePolicy: type: SourceTo create an
in a single project, enter:ImageStreamTag$ oc tag --source=docker registry.redhat.io/ubi9/ubi:latest ubi:latestTipYou can alternatively apply the following YAML to create an
in a single project:ImageStreamTagapiVersion: image.openshift.io/v1 kind: ImageStream metadata: name: ubi9 spec: tags: - from: kind: DockerImage name: registry.redhat.io/ubi9/ubi:latest name: latest referencePolicy: type: Source
10.2. Adding subscription entitlements as a build secret
Builds that use Red Hat subscriptions to install content must include the entitlement keys as a build secret.
Prerequisites
You must have access to Red Hat Enterprise Linux (RHEL) package repositories through your subscription.
The entitlement secret to access these repositories is automatically created by the Insights Operator when your cluster is subscribed.
You must be a cluster administrator or have permission to access secrets in the
openshift-config-managedProcedure
Copy the entitlement secret from the
namespace to the build’s namespace:openshift-config-managed$ cat << EOF > secret-template.txt kind: Secret apiVersion: v1 metadata: name: etc-pki-entitlement type: Opaque data: {{ range \$key, \$value := .data }} {{ \$key }}: {{ \$value }} {{ end }} EOF $ oc get secret etc-pki-entitlement -n openshift-config-managed -o=go-template-file --template=secret-template.txt | oc apply -f -Add the etc-pki-entitlement secret as a build volume in the build configuration’s Docker strategy:
strategy: dockerStrategy: from: kind: ImageStreamTag name: ubi9:latest volumes: - name: etc-pki-entitlement mounts: - destinationPath: /etc/pki/entitlement source: type: Secret secret: secretName: etc-pki-entitlement
10.3. Running builds with Subscription Manager
10.3.1. Docker builds using Subscription Manager
Docker strategy builds can use
yumdnfPrerequisites
The entitlement keys must be added as build strategy volumes.
Procedure
Use the following as an example Dockerfile to install content with the Subscription Manager:
FROM registry.redhat.io/ubi9/ubi:latest
RUN rm -rf /etc/rhsm-host
RUN yum --enablerepo=codeready-builder-for-rhel-9-x86_64-rpms install \
nss_wrapper \
uid_wrapper -y && \
yum clean all -y
RUN ln -s /run/secrets/rhsm /etc/rhsm-host - 1
- You must include the command to remove the
/etc/rhsm-hostdirectory and all its contents in your Dockerfile before executing anyyumordnfcommands. - 2
- Use the Red Hat Package Browser to find the correct repositories for your installed packages.
- 3
- You must restore the
/etc/rhsm-hostsymbolic link to keep your image compatible with other Red Hat container images.
10.4. Running builds with Red Hat Satellite subscriptions
10.4.1. Adding Red Hat Satellite configurations to builds
Builds that use Red Hat Satellite to install content must provide appropriate configurations to obtain content from Satellite repositories.
Prerequisites
You must provide or create a
-compatible repository configuration file that downloads content from your Satellite instance.yumSample repository configuration
[test-<name>] name=test-<number> baseurl = https://satellite.../content/dist/rhel/server/7/7Server/x86_64/os enabled=1 gpgcheck=0 sslverify=0 sslclientkey = /etc/pki/entitlement/...-key.pem sslclientcert = /etc/pki/entitlement/....pem
Procedure
Create a
containing the Satellite repository configuration file:ConfigMap$ oc create configmap yum-repos-d --from-file /path/to/satellite.repoAdd the Satellite repository configuration and entitlement key as a build volumes:
strategy: dockerStrategy: from: kind: ImageStreamTag name: ubi9:latest volumes: - name: yum-repos-d mounts: - destinationPath: /etc/yum.repos.d source: type: ConfigMap configMap: name: yum-repos-d - name: etc-pki-entitlement mounts: - destinationPath: /etc/pki/entitlement source: type: Secret secret: secretName: etc-pki-entitlement
10.4.2. Docker builds using Red Hat Satellite subscriptions
Docker strategy builds can use Red Hat Satellite repositories to install subscription content.
Prerequisites
- You have added the entitlement keys and Satellite repository configurations as build volumes.
Procedure
Use the following as an example Dockerfile to install content with Satellite:
FROM registry.redhat.io/ubi9/ubi:latest
RUN rm -rf /etc/rhsm-host
RUN yum --enablerepo=codeready-builder-for-rhel-9-x86_64-rpms install \
nss_wrapper \
uid_wrapper -y && \
yum clean all -y
RUN ln -s /run/secrets/rhsm /etc/rhsm-host - 1
- You must include the command to remove the
/etc/rhsm-hostdirectory and all its contents in your Dockerfile before executing anyyumordnfcommands. - 2
- Contact your Satellite system administrator to find the correct repositories for the build’s installed packages.
- 3
- You must restore the
/etc/rhsm-hostsymbolic link to keep your image compatible with other Red Hat container images.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}