Building CA Container - dogtagpki/pki GitHub Wiki
Note
|
This page is still under construction. |
This page describes the procedure to build a CA container with PKI 11.5 or later.
There are two Dockerfiles for CA container:
-
Dockerfile: This is the preferred one since it is multi-stage so it can be faster to build and produce smaller images and also it is tested in CI.
-
base/ca/Dockerfile: This is less preferred since it is single-stage. It is provided to support image builders that do not support multi-stage Dockerfiles (e.g. Quay).
To build the container using the multi-stage Dockerfile:
$ podman build \ --target pki-ca \ -t pki-ca \ .
To build the container using the single-stage Dockerfile:
$ podman build \ -f base/ca/Dockerfile \ -t pki-ca \ .
To push the CA container to Quay:
$ podman tag pki-ca:latest quay.io/<username>/pki-ca:latest $ podman push quay.io/<username>/pki-ca:latest
-
Click a container repository (e.g. dogtagpki/pki-ca)
-
Click Builds
-
Click Create Build Trigger
-
Click GitHub Repository Push
-
Select a GitHub organization (e.g. dogtagpki)
-
Click Continue
-
Select a source repository (e.g. pki)
-
Click Continue
-
Select Trigger only on branches and tags matching a regular expression
-
Enter regular expression:
heads/master
-
Click Continue
-
Don’t change anything under Configure Tagging
-
Click Continue
-
Enter Dockerfile location:
/base/ca/Dockerfile
-
Enter Docker context:
/
-
Click Continue
-
Don’t select anything under Optional Robot Account
-
Click Continue
-
Under Ready to go! click Continue