How can I specify Dockerfile build in buildConfig for OpenShift Online? - openshift

Openshfit details:
Paid Professional version.
Version Information:
Been trying to create a build from a Dockerfile in Openshift.
Its tough going.
So I tried to use the existing templates in the Cluster Console.
One of which is the Docker one. When i press "Try it" it generates a sample BuildConfig, when I try to then Create it, it gives me the error:
(i have now raised the above in the Origin upstream issue tracker)
Anyhoo...anyone know how to specify a buildConfig an image from a Dockerfile in a git repo? I would be grateful to know.

You can see the build strategies allowed for OpenShift Online on the product website: https://www.openshift.com/products/online. Dockerfile build isn't deprecated, it's just explicitly disallowed in OpenShift Online. You can build your Dockerfile locally and push it directly to the OpenShift internal registry (commands for docker login and docker push are on your cluster's About page).
However, in other environments (not OpenShift Online), you can specify a Dockerfile build as follows and providing a Git Repo with a Dockerfile contained within (located at BuildConfig.spec.source.contextDir)
strategy:
type: Docker
There are additional options that can be configured for a Dockerfile build as well, outlined in https://docs.okd.io/latest/dev_guide/builds/build_strategies.html#docker-strategy-options.

Related

How to scan docker image using JFrog XRay from Openshift pipeline

I have docker image pushed to artifactory docker registry, JFrog XRay is up and running.
I understand that to use XRay, it requires some build info passed to it (like buildName, buildNumber), which artifactory docker registry doesn't contain.
According to https://www.jfrog.com/confluence/display/JFROG/Scripted+Pipeline+Syntax#ScriptedPipelineSyntax-DockerBuildswithArtifactory I must have access to docker daemon (on jenkins agent itself or some other container). As far as I know running docker requires privileged access which is unsafe as it could compromise cluster security.
Is there any way to push docker build to XRay without docker daemon?
To scan a Docker with Xray you don't have to add the build-info.
It is enough to define a Watch on the relevant Docker repository with the needed policies.
If you want to scan a Docker build as part of the build process, I suggest that you will contact JFrog Support and they will assist you with any relevant question.
Thanks,
Ofir - trying to help with Xray :-)

Unable to create nginx application on OpenShift

I'm trying to add an nginx application to my Openshift 4.1 project. The ImageStream is available in the openshift namespace as:
image-registry.openshift-image-registry.svc:5000/openshift/nginx
When I create the app with:
oc new-app nginx
The created Pod is in CrashLoopBackOff. From the logs I can read:
This is a S2I rhel base image: To use it, install S2I: https://github.com/openshift/source-to-image Sample invocation: s2i build https://github.com/sclorg/nginx-container.git --context-dir=1.12/test/test-app/ rhscl/nginx-112-rhel7 nginx-sample-app You can then run the resulting image via: docker run -p 8080:8080 nginx-sample-app
It's not clear to me. Can't I use "oc-new app" to create the application? or do I miss any Environment variable?
Thanks

Configuration files BROKER_DATABASE_HOST Docker

I'm trying to access the ContextBroker configuration file in the path /etc/sysconfig/contextBroker and it's empty. What is the problem?
https://fiware-orion.readthedocs.io/en/master/admin/running/index.html
I'm using Docker.
Also I am testing the installation by yum centos and tells me that the repository is wrong.
  Is it copied from the web?
https://github.com/telefonicaid/fiware-orion/blob/master/doc/manuals/admin/yum.md
The /etc/sysconfig/contextBroker is used in RPM-base deployment. Docker is based in compiling Context Broker directly from sources, as you can see in the docker file.
So, in this case, you have to use CLI based configuration. Note the docker is built with some of them:
ENTRYPOINT ["/usr/bin/contextBroker","-fg", "-multiservice", "-ngsiv1Autocast" ]
But you can add aditional ones. For example, in the reference docker-compose.yml we set -dbhost, and more ones could be added in the same way.
command: -dbhost mongo
I guess that using docker run you could also add commands in the same way command works in docker-compose.yml, although I don't know the details. Maybe some docker expert could add more info :)

Redeploy Openshift Application when Docker Hub Image Changes?

Is there a way to trigger a re-deploy when I push an image to docker hub? I used S2I to build an image, put it up on docker hub, and did a deployment from there. How can I trigger a new deployment when I push a new image to docker hub?
Perhaps there is a better way? I created a wildfly image with the changes to the standalone.xml I needed. Then I used S2I to build my local source into a runnable wildfly application image, which is what I pushed and deployed. I'm trying to get around having to go through a github repository.
I'm thinking I could create an application with the customer wildfly image that I created and use the direct from IDE option to the application, but what if I want to use the command line?
You can set a scheduled flag on the image stream to have a remote registry periodically polled. This will only work though if the OpenShift cluster has been configured globally to allow that. If using OpenShift Online I don't believe that feature is enabled.
https://docs.openshift.com/container-platform/latest/dev_guide/managing_images.html#importing-tag-and-image-metadata
If you want to avoid using a Git repository, you can use a binary input build instead. This allows you to push files direct from your local computer. This means you can compile binary artifacts locally and push them into the S2I build done by OpenShift.
https://docs.openshift.com/container-platform/latest/dev_guide/builds/build_inputs.html#binary-source

How to make Docker to avoid V1 registry

Docker versions 1.6 and above use the Docker Registry V2 API however it is still liable to make requests looking for an old V1 registry. I think I saw there is a configuration option to make Docker avoid making any /v1/ requests.
I saw this option very recently but now I can't find it. I suspect it was in a page linked to by the Docker email that told us the Registry will stop supporting Docker versions prior to 1.6
I know Docker only looks for a V1 registry when it has no luck looking for /v2 but I want to stop it altogether. How can I stop Docker making requests to /v1/ registry URLs under any circumstances ?
--disable-legacy-registry
"prevents the docker daemon from pull, push, and login operations against v1 registries." -
Source