Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow OpenShift user update CA bundle #755

Merged
merged 1 commit into from
Jul 12, 2019
Merged

Allow OpenShift user update CA bundle #755

merged 1 commit into from
Jul 12, 2019

Conversation

Allda
Copy link
Collaborator

@Allda Allda commented Apr 3, 2019

When users run Clair in OpenShift under arbitrary user and
they want to update CA bundle with their own certificate
they need to run ca-certificates which requires access
to /etc/ssl/certs.

This commit updates Dockerfile based on OpenShift guidelines to allow
update CA bundle in a system.

https://docs.openshift.com/container-platform/3.11/creating_images/guidelines.html#openshift-specific-guidelines

@jzelinskie jzelinskie added area/distribution related to means of distributing the project area/usability related to improving user experience kind/friction there are conflicting aspects labels Apr 3, 2019
@jzelinskie
Copy link
Contributor

I'm not sure I'm comfortable with adding OpenShift specific fixes in the upstream project. Considering Red Hat only supports software built on a RHEL base image, the upstream Alpine-based image is already a no-go.

Clair-JWT is a supported version of Clair for running on OpenShift for Quay deployments, and it is in the process of moving towards a RHEL base image.

@jzelinskie
Copy link
Contributor

I'm not a huge fan of this, but I think it's reasonable with a comment in the Dockerfile so that it's not lost in the noise.

@jzelinskie jzelinskie added the reviewed/needs rework will be closed if review not addressed label May 7, 2019
@stale
Copy link

stale bot commented Jul 6, 2019

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the lifecycle/stale label Jul 6, 2019
@Allda
Allow OpenShift user update CA bundle
a7610bb 
When users run Clair in OpenShift under arbitrary user and
they want to update CA bundle with their own certificate
they need to run `ca-certificates` which requires access
to /etc/ssl/certs.

This commit updates Dockerfile based on OpenShift guidelines to allow
update CA bundle in system.

https://docs.openshift.com/container-platform/3.11/creating_images/guidelines.html#openshift-specific-guidelines
@stale stale bot removed the lifecycle/stale label Jul 12, 2019
@jzelinskie jzelinskie merged commit 49a909a into quay:master Jul 12, 2019
@vsamidurai vsamidurai mentioned this pull request Jul 17, 2019
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jzelinskie jzelinskie jzelinskie approved these changes

@KeyboardNerd KeyboardNerd Awaiting requested review from KeyboardNerd

@ldelossa ldelossa Awaiting requested review from ldelossa

@Quentin-M Quentin-M Awaiting requested review from Quentin-M

Assignees
No one assigned
Labels
area/distribution related to means of distributing the project area/usability related to improving user experience kind/friction there are conflicting aspects reviewed/needs rework will be closed if review not addressed
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@Allda @jzelinskie