Table of contents

Official Content

OpenShift is an orchestrator standing on Kubernetes. It has some additional security restrictions. In particular (in addition to some other differences), this platform runs any container using a ramdon UUID. So if the docker image is not ready to run as non-root, errors will occur.

In order to deploy to Openshift, the "Container" property = {Default, Openshift} is available in the Deploy Target Docker Image properties (only for Java and .Net). This corresponds to the DOCKER_CONTAINER_RUNTIME MSBuild property. For more information see Deploy to Docker MSBuild task.

When the container is Openshift, the "Registry Image" property becomes visible. Through it, the registry of the base image {Docker hub, Redhat registry} can be selected. The corresponding MSBuild property is DOCKER_IMAGE_REGISTRY.

The MSBuild in this case is as follows:

MSbuild.exe /nologo /verbosity:normal /ToolsVersion:14.0 "c:\fullgx\gxsalto\DeploymentTargets\Docker\deploy.msbuild"
/p:DOCKER_MAINTAINER="fullgxops <>"
/t:Deploy /l:FileLogger,Microsoft.Build.Engine;logfile=c:\fullgx\temp\DeployDocker.log 

Note that :

1. If Redhat registry is chosen, in "Base Image" property (DOCKER_BASE_IMAGE MSBuild property) an image from the Redhat image catalog must be entered.

To authenticate and download the base image using the docker command, it is enough to log in to the machine once; then the credentials will be saved in a credentials store ($HOME/.docker/config.json on Linux or %USERPROFILE%/.Docker/config.json on Windows). See this reference. For more information about authentication when downloading images from Redhat, see here.

2. When images are non-root, they cannot listen on ports less than 1024.
In the case of .Net generator, when running the image, the user must use the -expose option to indicate a port that is allowed taking into account this restriction.

See also

Deploy to Docker MSBuild task

Last update: November 2023 | © GeneXus. All rights reserved. GeneXus Powered by Globant