Uploaded image for project: 'OpenShift BuildConfig'
  1. OpenShift BuildConfig
  2. OCPBUILD-24

Build CSI Volume Mounts

XMLWordPrintable

    • Build CSI Volume Mounts
    • False
    • False
    • Done
    • OCPSTRAT-475 - Enable sharing ConfigMaps and Secrets across namespaces [Tech Preview]
    • OCPSTRAT-475Enable sharing ConfigMaps and Secrets across namespaces [Tech Preview]
    • 0% To Do, 0% In Progress, 100% Done
    • Hide
      * With this update, you can run entitled builds with `SharedSecret` objects as a Technology Preview feature. This feature relies on the newly-introduced a new Shared Resource driver and the Insights Operator to import {op-system-base} Simple Content Access (SCA) certificates. By using this feature, you can install entitled RPM packages during builds without the extra effort of copying your {op-system-base} subscription credentials and certificates into the builds' namespaces. (link:https://issues.redhat.com/browse/BUILD-274[BUILD-274])
      +
      [IMPORTANT]
      ====
      The `SharedSecret` objects and OpenShift Shared Resources feature are only available if you enable the `TechPreviewNoUpgrade` feature set. These Technology Preview features are not part of the default features. Enabling this feature set cannot be undone and prevents upgrades. This feature set is not recommended on production clusters. See xref:../post_installation_configuration/cluster-tasks.adoc#post-install-tp-tasks[Enabling Technology Preview features using FeatureGates].
      ====
      Show
      * With this update, you can run entitled builds with `SharedSecret` objects as a Technology Preview feature. This feature relies on the newly-introduced a new Shared Resource driver and the Insights Operator to import {op-system-base} Simple Content Access (SCA) certificates. By using this feature, you can install entitled RPM packages during builds without the extra effort of copying your {op-system-base} subscription credentials and certificates into the builds' namespaces. (link: https://issues.redhat.com/browse/BUILD-274 [ BUILD-274 ]) + [IMPORTANT] ==== The `SharedSecret` objects and OpenShift Shared Resources feature are only available if you enable the `TechPreviewNoUpgrade` feature set. These Technology Preview features are not part of the default features. Enabling this feature set cannot be undone and prevents upgrades. This feature set is not recommended on production clusters. See xref:../post_installation_configuration/cluster-tasks.adoc#post-install-tp-tasks[Enabling Technology Preview features using FeatureGates]. ====

      OCP/Telco Definition of Done
      Epic Template descriptions and documentation.

      <--- Cut-n-Paste the entire contents of this description into your new Epic --->

      Epic Goal

      • Allow CSI volumes to be mounted into a build

      Why is this important?

      • CSI volumes allow data to be mounted into containers via ephemeral CSI Volumes
      • Ephemeral CSI volumes are provided by CSI drivers that support this feature. Such drivers include:
      • When using sensitive credentials in a build, accessing secrets as a mounted volume ensure that these credentials are not present in the resulting container image.

      Scenarios

      1. Access private artifact repositories (Artifactory, jFrog, Mavein)
      2. Download RHEL packages in a build

      Acceptance Criteria

      • Builds can mount a CSI volume in a build
      • Content in the CSI volume is not present in the resulting container image.
      • If SCCs do not support fine controls over CSI volumes, provide this feature on a TechPreview basis with a feature gate.

      Dependencies (internal and external)

      1. Buildah - support mounting of volumes when building with a Dockerfile
      2. (optional) Auth - use SCCs to control which CSI drivers are allowed to be used with ephemeral CSI volumes.

      Previous Work (Optional):

      1. BUILD-257 - Build Resource Volume Mounts

      Open questions::

      Done Checklist

      • CI - CI is running, tests are automated and merged.
      • Release Enablement <link to Feature Enablement Presentation>
      • DEV - Upstream code and tests merged: <link to meaningful PR or GitHub Issue>
      • DEV - Upstream documentation merged: <link to meaningful PR or GitHub Issue>
      • DEV - Downstream build attached to advisory: <link to errata>
      • QE - Test plans in Polarion: <link or reference to Polarion>
      • QE - Automated tests merged: <link or reference to automated tests>
      • DOC - Downstream documentation merged: <link to meaningful PR>

            Unassigned Unassigned
            adkaplan@redhat.com Adam Kaplan
            Jitendar Singh Jitendar Singh
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: