-
Epic
-
Resolution: Done
-
Blocker
-
None
-
Validate getting RHEL entitlements in buildah taskrun pod
-
False
-
None
-
False
-
To Do
-
SECFLOWOTL-70 - Pipelines and OpenShift platform integration requests by customers
-
100
-
100%
-
-
-
8
-
Pipelines Sprint 241, Pipelines Sprint 252, Pipelines Sprint 253, Pipelines Sprint 254, Pipelines Sprint 255, Pipelines Sprint 256, Pipelines Sprint 257
Customer has a request to make RH entitlements to be available in buildah’s containers in the buildah taskrun’s pod.Their use case is “One of my customer who is working on plants and edge use cases wants install packages entitled under “Red Hat subscriptions” and not covered by UBI9, using OpenShift-Pipelines and Buildah.” See this case here. (https://access.redhat.com/support/cases/#/case/03540477)
While it’s possible to mount the entitlement keys as secret in the Tekton pod and use it with buildah, Customer is not comfortable with the approach as according to them “it does not provide any means to safely distribute and rotate the entitlement keys, note that I thousands of developers. I would rather maintain these secrets in one namespace and provide read-only access to everyone.”
That’s where the shared secrets CSI driver will help a lot.
Acceptance Criteria:
1. Mount entitlement keys as secrets in Shared secret CSI driver.
2. Use the secret with buildah to make RH entitlements available in buildah taskrun pod.
- is blocked by
-
OCPBUGS-23115 Doc for Builds with Red Hat Subscriptions Missing Steps
-
- Closed
-
- is documented by
-
RHDEVDOCS-5499 [Docs] Using Red Hat subscriptions in pipeline
-
- Closed
-
- is related to
-
-
- Closed
-
-
-
- Closed
-
