Layered Image Build System a.k.a. OSBS Tom Tomeek - - PowerPoint PPT Presentation

▶

Aug 30, 2022 365 likes •523 views

Layered Image Build System a.k.a. OSBS Tom Tomeek <ttomecek@redhat.com> OSBS, whats that? OpenShift Build System We are using OpenShift to schedule builds osbs (client) talks to OpenShifts API dock (soon

SLIDE 1

Layered Image Build System

a.k.a. OSBS

Tomáš Tomeček <ttomecek@redhat.com>

SLIDE 2

OSBS, what’s that?

OpenShift Build System
We are using OpenShift to schedule builds
osbs (client)

○ talks to OpenShift’s API

dock (soon to be Atomic Reactor)

○ builds the image

SLIDE 3

Architecture

sbs-client

OSBS

build container dock

SLIDE 4

Architecture

sbs-client

OSBS

build container dock fedpkg

SLIDE 5

Architecture

sbs-client

OSBS

build container dock fedpkg httpd auth

SLIDE 6

builder koji

Architecture

sbs-client

OSBS

build container dock httpd auth fedpkg auth

SLIDE 7

builder koji

Architecture

sbs-client

OSBS

build container dock httpd auth fedpkg auth pulp registry docker image tar via http

image- export

tar via nfs

SLIDE 8

Layered vs. Base

layered image

○ FROM fedora ○ RUN yum install -y ...

base image

○ FROM scratch ○ ADD fs.tar.gz

koji OSBS

SLIDE 9

Workflow

1. Ask for dist-git repo
2. Put your Dockerfile to the repo
3. git commit && git push
4. fedpkg container-build
5. docker pull

SLIDE 10

fedpkg container-build --help

-build-with {koji,osbs}

Build container with specified builder type. [default: osbs]

-target TARGET

Override the default target

-repo-url [REPO_URL [REPO_URL ...]]

URL of yum repo file

SLIDE 11

Signed vs. Unsigned Content

1. koji targets provide unsigned packages
2. signed packages (composes, distill)

○ Getting signed packages is hard ○ We can ship images with signed content ONLY

SLIDE 12

Features of Build System

Downloads base image for you from

preconfigured registry

Puts base image ID to dockerfile
Fetches dist-git artifacts
Injects LABELs inside dockerfile
Final image is squashed

SLIDE 13

Features of Build System (2)

Pushes final image to registry
Stores dockerfile inside image
Magic with yum repositories
Inspects final image (signed content)
Provides thorough build logs
Imports image to koji

SLIDE 14

Resources

https://github.com/DBuildService/dock https://github.com/DBuildService/osbs https://github.com/openshift/origin https://pagure.

rg/rpkg/908028b17f84c3d0c853837f56f62d55f

Layered Image Build System

a.k.a. OSBS

Tomáš Tomeček <ttomecek@redhat.com>

OSBS, what’s that?

○ talks to OpenShift’s API

○ builds the image

Architecture

Architecture

Architecture

Architecture

Architecture

Layered vs. Base

Workflow

fedpkg container-build --help

Build container with specified builder type. [default: osbs]

Override the default target

URL of yum repo file

Signed vs. Unsigned Content

○ Getting signed packages is hard ○ We can ship images with signed content ONLY

Features of Build System

preconfigured registry

Features of Build System (2)

Resources

https://github.com/DBuildService/dock https://github.com/DBuildService/osbs https://github.com/openshift/origin https://pagure.

fcc8f99