This repository store the container definition that is used for provisioning Freeipa in Openshift.
freeipa-container work quite well in containers, but there are some caveats to be solved for Openshift; this repository update some hacks using a modified init-data script which implements the necessary for making the container works into Openshift.
Synced to init-data at 73940d4 git state.
- Fill up the file
private.mk
with some minimal variables which will avoid to pass information through the command line. The content could be something like the below:
IPA_ADMIN_PASSWORD = Secret123
IPA_DM_PASSWORD = DMSecret123
IMG_BASE = quay.io/scope-name
The variable
PASSWORD
still set both password when the above ones are not specified; but it is recommended to useIPA_ADMIN_PASSWORD
andIPA_DM_PASSWORD
.
- IPA_ADMIN_PASSWORD is the administrator password.
- IPA_DM_PASSWORD is the directory manager password.
- IMG_BASE is the base name used to compose the container image name.
-
log into container registry with your account (e.g.
podman login quay.io
) -
optionally
export KUBECONFIG="/path/to/kubeconfig"
if you wish to use a custom configuration (e.g. cluster-bot). -
log into OpenShift cluster:
oc login -u kubeadmin
-
make container repositories be accessible to OpenShift. Depending on your configuration, new Quay repositories may be private.
-
Create container and push it to container registry
make container-build container-push
Where scope is the name of the account or organization where you will publish the image. It is required to be defined to avoid that by mistake it could be overwritten any image into the freeipa organization.
- Create project and deploy app
oc new-project freeipa
make app-create
To remove the created objects just:
make app-delete
This repository uses GitHub Actions to build, test and push the resulting container image to an image registry. If you fork this repository and want to push the image, set the following secrets in your repository settings on GitHub:
REGISTRY_SCOPE
: e.g.quay.io/user-or-project-name
REGISTRY_USERNAME
: registry account name (robot account recommended)REGISTRY_PASSWORD
: registry password
You can extract both the account name and registry password by
base64-decoding an access token. The account name and password are
separated by a colon character (:
).