Details
-
Task
-
Resolution: Done
-
Critical
-
None
-
devex docs #207 Sep 9-Sep 30, devex docs #208 Sep 30-Oct 21
-
3
-
Undefined
Description
OCP/Telco Definition of Done
Epic Template descriptions and documentation.
<--- Cut-n-Paste the entire contents of this description into your new Epic --->
Epic Goal
- Allow ConfigMaps and Secrets (resources) to be mounted as volumes in a build
Why is this important?
- Secrets and ConfigMaps can be added to builds as "source" code that can leak into the resulting container image
- When using sensitive credentials in a build, accessing secrets as a mounted volume ensure that these credentials are not present in the resulting container image.
Scenarios
- Access private artifact repositories (Artifactory, jFrog, Mavein)
- Download RHEL packages in a build
Acceptance Criteria
- Builds can mount a Secret or ConfigMap in a build
- Content in the secret or ConfigMap are not present in the resulting container image.
Dependencies (internal and external)
- Buildah - support mounting of volumes when building with a Dockerfile
Previous Work (Optional):
Open questions::
- …
Done Checklist
- CI - CI is running, tests are automated and merged.
- Release Enablement <link to Feature Enablement Presentation>
- DEV - Upstream code and tests merged: <link to meaningful PR or GitHub Issue>
- DEV - Upstream documentation merged: <link to meaningful PR or GitHub Issue>
- DEV - Downstream build attached to advisory: <link to errata>
- QE - Test plans in Polarion: <link or reference to Polarion>
- QE - Automated tests merged: <link or reference to automated tests>
- DOC - Downstream documentation merged: <link to meaningful PR>
Attachments
Issue Links
- documents
-
OCPBUILD-27 Build Resource Volume Mounts
-
- Closed
-
- links to
