Skip to content

avisiedo/freeipa-openshift-container

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

65 Commits

.github/workflows

.github/workflows

 
 

ci/config

ci/config

 
 

deploy

deploy

 
 

init

init

 
 

test

test

 
 

.dockerignore

.dockerignore

 
 

.gitignore

.gitignore

 
 

.gitmodules

.gitmodules

 
 

Dockerfile

Dockerfile

 
 

HELP

HELP

 
 

Makefile

Makefile

 
 

README.md

README.md

 
 

gssproxy.conf

gssproxy.conf

 
 

init-data

init-data

 
 

private.mk.example

private.mk.example

 
 

tmpfiles.conf

tmpfiles.conf

 
 

Repository files navigation

freeipa Openshift workload

Dockerfile

This repository store the container definition that is used for provisioning Freeipa in Openshift.

freeipa-container work quite well in containers, but there are some caveats to be solved for Openshift; this repository update some hacks using a modified init-data script which implements the necessary for making the container works into Openshift.

Synced to init-data at 73940d4 git state.

Getting started

  1. Fill up the file private.mk with some minimal variables which will avoid to pass information through the command line. The content could be something like the below:
IPA_ADMIN_PASSWORD = Secret123
IPA_DM_PASSWORD = DMSecret123
IMG_BASE = quay.io/scope-name

The variable PASSWORD still set both password when the above ones are not specified; but it is recommended to use IPA_ADMIN_PASSWORD and IPA_DM_PASSWORD.

  • IPA_ADMIN_PASSWORD is the administrator password.
  • IPA_DM_PASSWORD is the directory manager password.
  • IMG_BASE is the base name used to compose the container image name.

  1. log into container registry with your account (e.g. podman login quay.io)

  2. optionally export KUBECONFIG="/path/to/kubeconfig" if you wish to use a custom configuration (e.g. cluster-bot).

  3. log into OpenShift cluster: oc login -u kubeadmin

  4. make container repositories be accessible to OpenShift. Depending on your configuration, new Quay repositories may be private.

  5. Create container and push it to container registry

make container-build container-push

Where scope is the name of the account or organization where you will publish the image. It is required to be defined to avoid that by mistake it could be overwritten any image into the freeipa organization.

  1. Create project and deploy app
oc new-project freeipa
make app-create

To remove the created objects just:

make app-delete

CI/CD

This repository uses GitHub Actions to build, test and push the resulting container image to an image registry. If you fork this repository and want to push the image, set the following secrets in your repository settings on GitHub:

  • REGISTRY_SCOPE: e.g. quay.io/user-or-project-name
  • REGISTRY_USERNAME: registry account name (robot account recommended)
  • REGISTRY_PASSWORD: registry password

You can extract both the account name and registry password by base64-decoding an access token. The account name and password are separated by a colon character (:).

About

FreeIPA container for OpenShift 4

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Shell 78.4%
  • Python 15.0%
  • Makefile 5.7%
  • Dockerfile 0.9%