<div dir="ltr"><div class="gmail_default" style="font-size:small">Hi Marc,</div><div class="gmail_default" style="font-size:small">I see that you haven't had an answer yet.</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">Basically you have the right workflow, although sometimes this is simplified. If you look into our EAP templates [1] we basically do that:</div><div class="gmail_default" style="font-size:small">- Build an image with S2I (although the build is done in OpenShift)</div><div class="gmail_default" style="font-size:small">- The image once built is pushed into the internal docker registry in an imagestream for the s2i builds</div><div class="gmail_default" style="font-size:small">- Then there is a deploymentConfig that will monitor that ImageSTream and deploy the image</div><div class="gmail_default" style="font-size:small">- Since the image needs the keystore provided as a secret, it's a pre-requisite that the secret exists in the project before hand</div><div class="gmail_default" style="font-size:small">- The deployment will mount the keystore in the appropriate place and the image will use it</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">In practice, with a template, everything a user needs to do is:</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">$ oc create secret generic MY_SECRET --from-file=MY_KEYSTORE</div><div class="gmail_default" style="font-size:small">$ oc new-app MY_TEMPLATE --name=MYAPP -p GIT_URI=XYZ -p ANOTHER_PARAM=value ...</div><div class="gmail_default" style="font-size:small"> </div><div class="gmail_default" style="font-size:small">This assumes you have created a template that will abstract all the internal constructs to the user. From the UI you could do the second step, but (still) not the first.</div><div class="gmail_default" style="font-size:small"> </div><div class="gmail_default" style="font-size:small">[1] <a href="https://github.com/jboss-openshift/application-templates/blob/master/eap/eap64-https-s2i.json">https://github.com/jboss-openshift/application-templates/blob/master/eap/eap64-https-s2i.json</a><br></div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">If you build Outside Openshift the image, the process would be the same, but your template will be different. It will not include a BuildConfiguration and the DeploymentConfig in the template will reference the external location of your externally created image.</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">I hope this helps, </div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">Jorge Morales<div>OpenShift by Red Hat</div><div>EMEA Field Product Manager</div><div>Product Marketing Manager</div></div></div></div> <br><div class="gmail_quote">On Wed, Aug 10, 2016 at 3:53 PM, Marc Boorshtein <span dir="ltr"><<a href="mailto:marc.boorshtein@tremolosecurity.com" target="_blank">marc.boorshtein@tremolosecurity.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Fellow Builders,<br> <br> I'm having some trouble connecting the dots on how to best deploy an<br> S2I image. We have built an image that takes either a war or git<br> repository and will create a resulting OpenUnison image. It works<br> great in generic docker. Now I'm trying to figure out how to run it<br> in OpenShift. The process for generic docker is:<br> <br> 1. build the image with s2i<br> 2. run the resulting image with some environment variables and a<br> volume mount for the keystore<br> <br> The most straightforward way I see to do this with OpenShift is to<br> build the image and push it into a docker repository that OpenShift<br> has access to, create a secret and a pod that mounts that secret and<br> runs the image but I feel like there's a much easier way to do this.<br> <br> What am I missing?<br> <br> Thanks<br> <br> <br> Marc Boorshtein<br> CTO Tremolo Security<br> <a href="mailto:marc.boorshtein@tremolosecurity.com">marc.boorshtein@<wbr>tremolosecurity.com</a><br> Twitter - @mlbiam / @tremolosecurity<br> <br> ______________________________<wbr>_________________<br> Openshift-commons-sig-image-<wbr>builders mailing list<br> <a href="mailto:Openshift-commons-sig-image-builders@redhat.com">Openshift-commons-sig-image-<wbr>builders@redhat.com</a><br> <a href="https://www.redhat.com/mailman/listinfo/openshift-commons-sig-image-builders" rel="noreferrer" target="_blank">https://www.redhat.com/<wbr>mailman/listinfo/openshift-<wbr>commons-sig-image-builders</a><br> </blockquote></div><br></div>