Red Hat Summit Red Hat Summit지원콘솔개발자평가판 시작연락처

이 콘텐츠는 선택한 언어로 제공되지 않습니다.

Chapter 10. Using Red Hat subscriptions in builds

Use the following sections to run entitled builds on OpenShift Container Platform.

10.1. Creating an image stream tag for the Red Hat Universal Base Image
링크 복사

To use Red Hat subscriptions within a build, you create an image stream tag to reference the Universal Base Image (UBI).

To make the UBI available in every project in the cluster, you add the image stream tag to the openshift namespace. Otherwise, to make it available in a specific project, you add the image stream tag to that project.

The benefit of using image stream tags this way is that doing so grants access to the UBI based on the registry.redhat.io credentials in the install pull secret without exposing the pull secret to other users. This is more convenient than requiring each developer to install pull secrets with registry.redhat.io credentials in each project.

Procedure

  • To create an ImageStreamTag in the openshift namespace, so it is available to developers in all projects, enter: 

    $ oc tag --source=docker registry.redhat.io/ubi7/ubi:latest ubi:latest -n openshift
    Copy to Clipboard Toggle word wrap

  • To create an ImageStreamTag in a single project, enter: 

    $ oc tag --source=docker registry.redhat.io/ubi7/ubi:latest ubi:latest
    Copy to Clipboard Toggle word wrap

10.2. Adding subscription entitlements as a build secret
링크 복사

Builds that use Red Hat subscriptions to install content must include the entitlement keys as a build secret.

Prerequisites

You must have access to Red Hat entitlements through your subscription, and the entitlements must have separate public and private key files.

Procedure

  1. Create a secret containing your entitlements, ensuring that there are separate files containing the public and private keys: 

    $  oc create secret generic etc-pki-entitlement --from-file /path/to/entitlement/{ID}.pem \
> --from-file /path/to/entitlement/{ID}-key.pem ...
    Copy to Clipboard Toggle word wrap

  2. Add the secret as a build input in the build configuration: 

    source:
  secrets:
  - secret:
      name: etc-pki-entitlement
    destinationDir: etc-pki-entitlement
    Copy to Clipboard Toggle word wrap

10.3. Running builds with Subscription Manager
링크 복사

10.3.1. Docker builds using Subscription Manager
링크 복사

Docker strategy builds can use the Subscription Manager to install subscription content.

Prerequisites

The entitlement keys, subscription manager configuration, and subscription manager certificate authority must be added as build inputs.

Procedure

Use the following as an example Dockerfile to install content with the Subscription Manager: 

FROM registry.redhat.io/rhel7:latest
USER root
# Copy entitlements
COPY ./etc-pki-entitlement /etc/pki/entitlement
# Copy subscription manager configurations
COPY ./rhsm-conf /etc/rhsm
COPY ./rhsm-ca /etc/rhsm/ca
# Delete /etc/rhsm-host to use entitlements from the build container
RUN rm /etc/rhsm-host && \
    # Initialize /etc/yum.repos.d/redhat.repo
    # See https://access.redhat.com/solutions/1443553
    yum repolist --disablerepo=* && \
    subscription-manager repos --enable <enabled-repo> && \
    yum -y update && \
    yum -y install <rpms> && \
    # Remove entitlements and Subscription Manager configs
    rm -rf /etc/pki/entitlement && \
    rm -rf /etc/rhsm
# OpenShift requires images to run as non-root by default
USER 1001
ENTRYPOINT ["/bin/bash"]
Copy to Clipboard Toggle word wrap

10.4. Running builds with Red Hat Satellite subscriptions
링크 복사

10.4.1. Adding Red Hat Satellite configurations to builds
링크 복사

Builds that use Red Hat Satellite to install content must provide appropriate configurations to obtain content from Satellite repositories.

Prerequisites

  • You must provide or create a yum-compatible repository configuration file that downloads content from your Satellite instance.

    Sample repository configuration

    [test-<name>]
 name=test-<number>
 baseurl = https://satellite.../content/dist/rhel/server/7/7Server/x86_64/os
 enabled=1
 gpgcheck=0
 sslverify=0
 sslclientkey = /etc/pki/entitlement/...-key.pem
 sslclientcert = /etc/pki/entitlement/....pem
    Copy to Clipboard Toggle word wrap

Procedure

  1. Create a ConfigMap containing the Satellite repository configuration file: 

    $ oc create configmap yum-repos-d --from-file /path/to/satellite.repo
    Copy to Clipboard Toggle word wrap

  2. Add the Satellite repository configuration to the BuildConfig: 

    source:
    configMaps:
    - configMap:
        name: yum-repos-d
      destinationDir: yum.repos.d
    Copy to Clipboard Toggle word wrap

10.4.2. Docker builds using Red Hat Satellite subscriptions
링크 복사

Docker strategy builds can use Red Hat Satellite repositories to install subscription content.

Prerequisites

  • The entitlement keys and Satellite repository configurations must be added as build inputs.

Procedure

Use the following as an example Dockerfile to install content with Satellite: 

FROM registry.redhat.io/rhel7:latest
USER root
# Copy entitlements
COPY ./etc-pki-entitlement /etc/pki/entitlement
# Copy repository configuration
COPY ./yum.repos.d /etc/yum.repos.d
# Delete /etc/rhsm-host to use entitlements from the build container
RUN sed -i".org" -e "s#^enabled=1#enabled=0#g" /etc/yum/pluginconf.d/subscription-manager.conf
1 

#RUN cat /etc/yum/pluginconf.d/subscription-manager.conf
RUN yum clean all
#RUN yum-config-manager
RUN rm /etc/rhsm-host && \
    # yum repository info provided by Satellite
    yum -y update && \
    yum -y install <rpms> && \
    # Remove entitlements
    rm -rf /etc/pki/entitlement
# OpenShift requires images to run as non-root by default
USER 1001
ENTRYPOINT ["/bin/bash"]
Copy to Clipboard Toggle word wrap
1
If adding Satellite configurations to builds using enabled=1 fails, add RUN sed -i".org" -e "s#^enabled=1#enabled=0#g" /etc/yum/pluginconf.d/subscription-manager.conf to the Dockerfile.

10.5. Squash layers with docker builds
링크 복사

Docker builds normally create a layer representing each instruction in a Dockerfile. Setting the imageOptimizationPolicy to SkipLayers merges all instructions into a single layer on top of the base image.

Procedure

  • Set the imageOptimizationPolicy to SkipLayers: 

    strategy:
  dockerStrategy:
    imageOptimizationPolicy: SkipLayers
    Copy to Clipboard Toggle word wrap

10.6. Additional resources
링크 복사

맨 위로 이동
Red Hat logoGithubredditYoutubeTwitter

자세한 정보

평가판, 구매 및 판매

커뮤니티

Red Hat 문서 정보

Red Hat을 사용하는 고객은 신뢰할 수 있는 콘텐츠가 포함된 제품과 서비스를 통해 혁신하고 목표를 달성할 수 있습니다. 최신 업데이트를 확인하세요.

보다 포괄적 수용을 위한 오픈 소스 용어 교체

Red Hat은 코드, 문서, 웹 속성에서 문제가 있는 언어를 교체하기 위해 최선을 다하고 있습니다. 자세한 내용은 다음을 참조하세요.Red Hat 블로그.

Red Hat 소개

Red Hat은 기업이 핵심 데이터 센터에서 네트워크 에지에 이르기까지 플랫폼과 환경 전반에서 더 쉽게 작업할 수 있도록 강화된 솔루션을 제공합니다.

Theme

© 2025 Red Hat