Openshift build image

OpenShift Build a mirror image

Use image and warehouse as source and output

1、 Prepare one git Warehouse , Contains a Dockerfile, The following only contains one line for the simplest demonstration .

FROM docker.io/bitnami/nginx:1.21.6

With gitlab Warehouse, for example , You can use github Other warehouses

2、 establish BuildConfig file

Click on the building , Select build configuration , Create build configuration .

The construction configuration is as follows , Be careful source by git Warehouse address .

apiVersion: build.openshift.io/v1
kind: BuildConfig
metadata:
  name: mywebsite
  labels:
    app: mywebsite
spec:
  source:
    type: Git
    git:
      ref: main
      uri: http://192.168.72.20:8929/root/nginx-demo
    contextDir: ./
  strategy:
    type: Docker
    dockerStrategy:
      dockerfilePath: Dockerfile
  output:
    to:
      kind: DockerImage
      name: registry.example.com:8443/library/nginx-helloworld:v1.0

among output Specify to push the image to the local after it is built harbor Mirror warehouse , Push image needs to be openshift Configure permissions and ca certificate ：

Reference resources ：https://docs.openshift.com/container-platform/4.10/cicd/builds/setting-up-trusted-ca.html

oc create configmap registry-cas -n openshift-config \
   --from-file=registry.example.com..8443=/etc/docker/certs.d/registry.example.com:8443/ca.crt
   
oc patch image.config.openshift.io/cluster --patch '{"spec":{"additionalTrustedCA":{"name":"registry-cas"}}}' --type=merge

Click to start building , Automatically generate a new build task

Click on the building , View the build log , Successfully complete the build and push the image to harbor Warehouse ：

Use mirror stream as source and output

If you want to output to the image stream after the construction , You need to enable openshift built-in registry Warehouse ,openshif Default not enabled registry, Do the following to enable , A quick solution using temporary storage （ There is no storage class for persistence ）：

Reference resources ：https://docs.openshift.com/container-platform/4.10/registry/configuring-registry-operator.html

1、 Switch to openshift-image-registry project

oc project openshift-image-registry

2、 edit configs.imageregistry.operator.openshift.io

oc edit configs.imageregistry.operator.openshift.io

Modify the following

...
  managementState: Managed
...
...
  replica: 1
...
...
  storage:
    emptyDir: {
    }

Confirm the new deployment image-registry pod

[email protected]:~# oc -n openshift-image-registry get pods
NAME                                              READY   STATUS      RESTARTS   AGE
cluster-image-registry-operator-ddd96d697-p4fdx   1/1     Running     0          2d2h
image-pruner-27486720-ddzxx                       0/1     Completed   0          31h
image-pruner-27488160-vxmmb                       0/1     Completed   0          7h6m
image-registry-746b8888d4-6pdbb                   1/1     Running     0          61s
node-ca-7zt48                                     1/1     Running     0          2d2h
node-ca-8fb9j                                     1/1     Running     0          2d2h
node-ca-dtsrl                                     1/1     Running     0          2d2h
node-ca-kn4pl                                     1/1     Running     0          2d2h
node-ca-vt6fm                                     1/1     Running     0          2d2h

Then publish the registry access address outside the cluster ：

oc patch configs.imageregistry.operator.openshift.io/cluster --patch '{"spec":{"defaultRoute":true}}' --type=merge

Check access address

[email protected]:~# oc get routes
NAME            HOST/PORT                                                      PATH   SERVICES         PORT    TERMINATION   WILDCARD
default-route   default-route-openshift-image-registry.apps.okd4.example.com          image-registry   <all>   reencrypt     None

Local pull image

Reference resources ：https://access.redhat.com/solutions/4308191

mkdir -p /etc/docker/certs.d/default-route-openshift-image-registry.apps.okd4.example.com/
oc extract secret/router-ca --keys=tls.crt -n openshift-ingress-operator
cp tls.crt /etc/docker/certs.d/default-route-openshift-image-registry.apps.okd4.example.com/

# token It can be downloaded from console User management interface access 
export USERNAME=admin
export TOKEN=sha256~uC0tBK7zzeOM9dsoQ0kWIZO5W_ILPzhLvqc5qnTpZG0

docker login -u $USERNAME -p $TOKEN default-route-openshift-image-registry.apps.okd4.example.com

docker pull default-route-openshift-image-registry.apps.okd4.example.com/demo/local-image

Deploy applications using an internal warehouse

oc create configmap registry-local -n openshift-config \
   --from-file=registry.example.com..8443=/etc/docker/certs.d/registry.example.com:8443/ca.crt \
   --from-file=default-route-openshift-image-registry.apps.okd4.example.com=/etc/docker/certs.d/default-route-openshift-image-registry.apps.okd4.example.com/tls.crt

oc patch image.config.openshift.io/cluster --patch '{"spec":{"additionalTrustedCA":{"name":"registry-local"}}}' --type=merge

2、 Use imagestreamTag

establish imagestream

oc import-image bitnami-nginx:1.20.2 --from="docker.io/bitnami/nginx:1.20.2" --confirm
oc import-image mywebsite2:latest --from="docker.io/bitnami/nginx:1.20.2" --confirm

establish BuildConfig,source and output Configure to ImageStreamTag

apiVersion: build.openshift.io/v1
kind: BuildConfig
metadata:
  name: mywebsite2
  labels:
    app: mywebsite2
spec:
  source:
    type: Git
    git:
      ref: master
      uri: http://192.168.72.20:8929/root/nginx-demo
    contextDir: ./
  strategy:
    type: Docker                      
    dockerStrategy:
      dockerfilePath: Dockerfile
      from:
        kind: ImageStreamTag
        namespace: demo
        name: bitnami-nginx:1.20.2
  output:
    to:
      kind: ImageStreamTag
      name: mywebsite2:latest
  triggers:
  - type: ImageChange

Now? , When the build runs ,OpenShift Will Dockerfile Medium FROM Replace the row with the image from the image stream .
In the log , You can see OpenShift To replace the FROM Instructions ：

Cloning "http://192.168.72.20:10880/gogs/nginx-demo.git" ...
Commit: 031ff4e5124c8cb057c0576bed21fce88dc60e52 ( to update  'Dockerfile')
Author: gogs <[email protected]>
Date: Thu Apr 7 02:27:13 2022 +0000
Replaced Dockerfile FROM image docker.io/bitnami/nginx:1.21.6