Openshift: use nginx official image instead of one from OC registry

7/15/2019

I have a Dockerfile that uses the official nginx image to serve a static website (from an Angular app)

FROM nginx:1.17
COPY ./dist/thepath/ /usr/share/nginx/html
COPY ./nginx-custom.conf /etc/nginx/conf.d/default.conf

CMD ["nginx", "-g", "daemon off;"]

It works perfect when running local, via docker. But I'm trying to use it with Red Hat's Openshift (owned by the company I work for). When I start a build

oc start-build somelabel --from-dir . --follow -n someprojectname

Openshift uses an image from RedHat registry instead of the official

Step 1/7 : FROM registry.access.redhat.com/rhscl/nginx-112-rhel7@sha256:ba3352b9f577e80cc5bd6805f86d0cee5965b3b6caf26c10e84f54b6b33178e5

Is it possible to "force" usage from the Docker Hub (https://hub.docker.com/_/nginx)?

-- Christian Benseler
angular
docker
kubernetes
nginx
openshift

3 Answers

7/17/2019

You can use the official rhscl Dockerfile as base for your Dockerfile. https://github.com/sclorg/nginx-container/blob/master/1.14/Dockerfile

Another way is to use the Dockerfile from nginx and change the EXPOSE 80 line with EXPOSE 8080 and build your own nginx on openshift

-- Aleksandar
Source: StackOverflow

7/16/2019

The .dockercfg file (or $HOME/.docker/config.json for newer Docker clients) is a Docker credentials file that stores your information if you have previously logged into a secured or insecure registry.

To pull a secured container image that is not from OKD’s internal registry, you must create a pull secret from your Docker credentials and add it to your service account.

If you already have a .dockercfg file for the secured registry, you can create a secret from that file by running:

$ oc create secret generic <pull_secret_name> \
    --from-file=.dockercfg=<path/to/.dockercfg> \
    --type=kubernetes.io/dockercfg

Or if you have a $HOME/.docker/config.json file:

$ oc create secret generic <pull_secret_name> \
    --from-file=.dockerconfigjson=<path/to/.docker/config.json> \
    --type=kubernetes.io/dockerconfigjson

If you do not already have a Docker credentials file for the secured registry, you can create a secret by running:

$ oc create secret docker-registry <pull_secret_name> \
    --docker-server=<registry_server> \
    --docker-username=<user_name> \
    --docker-password=<password> \
    --docker-email=<email>

To use a secret for pulling images for pods, you must add the secret to your service account. The name of the service account in this example should match the name of the service account the pod uses; default is the default service account:

$ oc secrets link default <pull_secret_name> --for=pull

To use a secret for pushing and pulling build images, the secret must be mountable inside of a pod. You can do this by running:

$ oc secrets link builder <pull_secret_name>

More information you can find here: managing-images.

After that attach anyuid SCC to the your SA. Then you can normally build you Dockerfile.

-- MaggieO
Source: StackOverflow

7/15/2019

OpenShift doesn't support running containers as root user. Make sure the container that you are trying to run runs as non root user.

-- P Ekambaram
Source: StackOverflow