mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
78f960c432
fixed asciidoc error fixed formatting fixed formatting fixed formatting fixed formatting fixed formatting fixed formatting fixed formatting Update modules/builds-using-build-volumes.adoc Co-authored-by: Jiri Herrmann <jherrman@redhat.com> fixed formatting fixed formatting
146 lines
5.2 KiB
Plaintext
146 lines
5.2 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * cicd/builds/build-strategies.adoc
|
|
|
|
ifeval::["{context}" == "build-strategies-docker"]
|
|
:dockerstrategy:
|
|
endif::[]
|
|
ifeval::["{context}" == "build-strategies-s2i"]
|
|
:sourcestrategy:
|
|
endif::[]
|
|
|
|
:_mod-docs-content-type: PROCEDURE
|
|
[id="builds-using-build-volumes_{context}"]
|
|
= Using build volumes
|
|
|
|
You can mount build volumes to give running builds access to information that you do not want to persist in the output container image.
|
|
|
|
Build volumes provide sensitive information, such as repository credentials, that the build environment or configuration only needs at build time. Build volumes are different from build inputs, whose data can persist in the output container image.
|
|
|
|
The mount points of build volumes, from which the running build reads data, are functionally similar to link:https://kubernetes.io/docs/concepts/storage/volumes/[pod volume mounts].
|
|
|
|
.Prerequisites
|
|
* You have added an input secret, config map, or both to a BuildConfig object.
|
|
|
|
.Procedure
|
|
|
|
ifdef::dockerstrategy[]
|
|
|
|
* In the `dockerStrategy` definition of the `BuildConfig` object, add any build volumes to the `volumes` array. For example:
|
|
+
|
|
--
|
|
// The CSI Shared Resource driver is Tech Preview, so it is not applicable
|
|
// to OSD and ROSA. When it is fully GA, it can be included in the example below.
|
|
|
|
[source,yaml]
|
|
----
|
|
spec:
|
|
dockerStrategy:
|
|
volumes:
|
|
- name: secret-mvn
|
|
mounts:
|
|
- destinationPath: /opt/app-root/src/.ssh
|
|
source:
|
|
type: Secret
|
|
secret:
|
|
secretName: my-secret
|
|
- name: settings-mvn
|
|
mounts:
|
|
- destinationPath: /opt/app-root/src/.m2
|
|
source:
|
|
type: ConfigMap
|
|
configMap:
|
|
name: my-config
|
|
ifndef::openshift-dedicated,openshift-rosa,openshift-rosa-hcp[]
|
|
- name: my-csi-volume
|
|
mounts:
|
|
- destinationPath: /opt/app-root/src/some_path
|
|
source:
|
|
type: CSI
|
|
csi:
|
|
driver: csi.sharedresource.openshift.io
|
|
readOnly: true
|
|
volumeAttributes:
|
|
attribute: value
|
|
endif::openshift-dedicated,openshift-rosa,openshift-rosa-hcp[]
|
|
----
|
|
|
|
where:
|
|
|
|
`name`:: Specifies a unique name.
|
|
`destinationPath`:: Specifies the absolute path of the mount point. It must not contain `..` or `:` and does not collide with the destination path generated by the builder. The `/opt/app-root/src` is the default home directory for many Red Hat S2I-enabled images.
|
|
`type`:: Specifies the type of source, `ConfigMap`, `Secret`, or `CSI`.
|
|
`secretName`:: Specifies the name of the source.
|
|
ifndef::openshift-dedicated,openshift-rosa,openshift-rosa-hcp[]
|
|
`driver`:: Specifies the driver that provides the ephemeral CSI volume.
|
|
`readOnly`:: Specifies that a read-only volume is provided. This value must be set to `true`.
|
|
`volumeAttributes`:: (Optional) Specifies the volume attributes of the ephemeral CSI volume.
|
|
Consult the CSI driver's documentation for supported attribute keys and values.
|
|
|
|
endif::openshift-dedicated,openshift-rosa,openshift-rosa-hcp[]
|
|
|
|
--
|
|
|
|
endif::dockerstrategy[]
|
|
|
|
ifdef::sourcestrategy[]
|
|
|
|
* In the `sourceStrategy` definition of the `BuildConfig` object, add any build volumes to the `volumes` array. For example:
|
|
+
|
|
// The CSI Shared Resource driver is Tech Preview, so it is not applicable
|
|
// to OSD and ROSA. When it is fully GA, it can be included in the example below.
|
|
+
|
|
[source,yaml]
|
|
----
|
|
spec:
|
|
sourceStrategy:
|
|
volumes:
|
|
- name: secret-mvn
|
|
mounts:
|
|
- destinationPath: /opt/app-root/src/.ssh
|
|
source:
|
|
type: Secret
|
|
secret:
|
|
secretName: my-secret
|
|
- name: settings-mvn
|
|
mounts:
|
|
- destinationPath: /opt/app-root/src/.m2
|
|
source:
|
|
type: ConfigMap
|
|
configMap:
|
|
name: my-config
|
|
ifndef::openshift-dedicated,openshift-rosa,openshift-rosa-hcp[]
|
|
- name: my-csi-volume
|
|
mounts:
|
|
- destinationPath: /opt/app-root/src/some_path
|
|
source:
|
|
type: CSI
|
|
csi:
|
|
driver: csi.sharedresource.openshift.io
|
|
readOnly: true
|
|
volumeAttributes:
|
|
attribute: value
|
|
endif::openshift-dedicated,openshift-rosa,openshift-rosa-hcp[]
|
|
----
|
|
where:
|
|
|
|
`name`:: Specifies a unique name.
|
|
`destinationPath`:: Specifies the absolute path of the mount point. It must not contain `..` or `:` and does not collide with the destination path generated by the builder. The `/opt/app-root/src` is the default home directory for many Red Hat S2I-enabled images.
|
|
`type`:: Specifies the type of source: `ConfigMap`, `Secret`, or `CSI`.
|
|
`secretName`:: Specifies the name of the source.
|
|
ifndef::openshift-dedicated,openshift-rosa,openshift-rosa-hcp[]
|
|
`driver`:: Specifies the driver that provides the ephemeral CSI volume.
|
|
`readOnly`:: Specifies that a read-only volume is provided. This value must be set to `true`.
|
|
`volumeAttributes`:: (Optional) Specifies the volume attributes of the ephemeral CSI volume.
|
|
Consult the CSI driver's documentation for supported attribute keys and values.
|
|
endif::openshift-dedicated,openshift-rosa,openshift-rosa-hcp[]
|
|
|
|
endif::sourcestrategy[]
|
|
|
|
ifeval::["{context}" == "build-strategies-docker"]
|
|
:!dockerstrategy:
|
|
endif::[]
|
|
ifeval::["{context}" == "build-strategies-s2i"]
|
|
:!sourcestrategy:
|
|
endif::[]
|