Red Hat SummitCe contenu n'est pas disponible dans la langue sélectionnée.
Chapter 6. Best practices for running containers by using local sources
You can access content hosted in an internal registry that requires a custom Transport Layer Security (TLS) root certificate, when running RHEL bootc images.
To install content to a container by using only local resources, you can use one of the following options:
- Bind mounts: Override the container’s store with the host’s.
-
Derived image: Create a new container image with your custom certificates by building it using a
Containerfile.
You can use these techniques to run a bootc-image-builder container or a bootc container when appropriate.
6.1. Importing custom certificate to a container by using bind mounts
Use bound mounts to override the container’s store with the host’s.
Procedure
Run RHEL bootc image and use bind mount, for example
-v /etc/pki:/etc/pki, to override the container’s store with the host’s:Copy to Clipboard Copied! Toggle word wrap Toggle overflow
Verification
- The disk image build process should now be able to access internal certificates.
6.2. Importing custom certificates to a container by a using Containerfile
Create a new container image with your custom certificates by building it using a Containerfile.
Procedure
Create a
Containerfile:FROM <internal_repository>/<image> RUN mkdir -p /etc/pki/ca-trust/extracted/pem/ COPY tls-ca-bundle.pem /etc/pki/ca-trust/extracted/pem/ RUN rm -rf /etc/yum.repos.d/* COPY echo-rhel9_4.repo /etc/yum.repos.d/
FROM <internal_repository>/<image> RUN mkdir -p /etc/pki/ca-trust/extracted/pem/ COPY tls-ca-bundle.pem /etc/pki/ca-trust/extracted/pem/ RUN rm -rf /etc/yum.repos.d/* COPY echo-rhel9_4.repo /etc/yum.repos.d/Copy to Clipboard Copied! Toggle word wrap Toggle overflow Build the custom image:
podman build -t <your_image> .
# podman build -t <your_image> .Copy to Clipboard Copied! Toggle word wrap Toggle overflow Run the
<your_image>:podman run -it --rm <your_image>
# podman run -it --rm <your_image>Copy to Clipboard Copied! Toggle word wrap Toggle overflow
Verification
List the certificates inside the container:
ls -l /etc/pki/ca-trust/extracted/pem/ tls-ca-bundle.pem
# ls -l /etc/pki/ca-trust/extracted/pem/ tls-ca-bundle.pemCopy to Clipboard Copied! Toggle word wrap Toggle overflow
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}