Skip to content

Building CA Container

Endi S. Dewata edited this page Feb 21, 2024 · 10 revisions

Overview

Note
This page is still under construction.

This page describes the procedure to build a CA container with PKI 11.5 or later.

Dockerfiles

There are two Dockerfiles for CA container:

  • Dockerfile: This is the preferred one since it is multi-stage so it can be faster to build and produce smaller images and also it is tested in CI.

  • base/ca/Dockerfile: This is less preferred since it is single-stage. It is provided to support image builders that do not support multi-stage Dockerfiles (e.g. Quay).

Building CA Container Locally

To build the CA container using the multi-stage Dockerfile:

$ podman build \
    --build-arg COPR_REPO="" \
    --build-arg BUILD_OPTS="" \
    --target pki-ca \
    -t pki-ca \
    .

To build the CA container using the single-stage Dockerfile:

$ podman build \
    -f base/ca/Dockerfile \
    -t pki-ca \
    .

To push the CA container to Quay:

$ podman tag pki-ca:latest quay.io/<username>/pki-ca:latest
$ podman push quay.io/<username>/pki-ca:latest

Building CA Container on Quay

The repository on Quay can be configured to build the CA container automatically:

  • Open https://quay.io/repository

  • Click a container repository (e.g. dogtagpki/pki-ca)

  • Click Builds

  • Click Create Build Trigger

  • Click GitHub Repository Push

  • Select a GitHub organization (e.g. dogtagpki)

  • Click Continue

  • Select a source repository (e.g. pki)

  • Click Continue

  • Select Trigger only on branches and tags matching a regular expression

  • Enter regular expression: heads/master

  • Click Continue

  • Don’t change anything under Configure Tagging

  • Click Continue

  • Enter Dockerfile location: /base/ca/Dockerfile

  • Enter Docker context: /

  • Click Continue

  • Don’t select anything under Optional Robot Account

  • Click Continue

  • Under Ready to go! click Continue

Clone this wiki locally