mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-07 09:46:53 +01:00
33 lines
1.7 KiB
Plaintext
33 lines
1.7 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * builds/creating-build-inputs.adoc
|
|
|
|
[id="builds-docker-strategy_{context}"]
|
|
= Docker strategy
|
|
|
|
When using a `Docker` strategy, you can add all defined input secrets into your container image using the link:https://docs.docker.com/engine/reference/builder/#add[`ADD`] and link:https://docs.docker.com/engine/reference/builder/#copy[`COPY` instructions] in your `Dockerfile`.
|
|
|
|
If you do not specify the `destinationDir` for a secret, then the files will be copied into the same directory in which the `Dockerfile` is located. If you specify a relative path as `destinationDir`, then the secrets will be copied into that directory, relative to your `Dockerfile` location. This makes the secret files available to the Docker build operation as part of the context directory used during the build.
|
|
|
|
.Example of a Dockerfile referencing secret and ConfigMap data
|
|
----
|
|
FROM centos/ruby-22-centos7
|
|
|
|
USER root
|
|
COPY ./secret-dir /secrets
|
|
COPY ./config /
|
|
|
|
# Create a shell script that will output secrets and ConfigMaps when the image is run
|
|
RUN echo '#!/bin/sh' > /input_report.sh
|
|
RUN echo '(test -f /secrets/secret1 && echo -n "secret1=" && cat /secrets/secret1)' >> /input_report.sh
|
|
RUN echo '(test -f /config && echo -n "relative-configMap=" && cat /config)' >> /input_report.sh
|
|
RUN chmod 755 /input_report.sh
|
|
|
|
CMD ["/bin/sh", "-c", "/input_report.sh"]
|
|
----
|
|
|
|
[NOTE]
|
|
====
|
|
Users should normally remove their input secrets from the final application image so that the secrets are not present in the container running from that image. However, the secrets will still exist in the image itself in the layer where they were added. This removal should be part of the `Dockerfile` itself.
|
|
====
|