search

containers / podman-desktop-extension-bootc

Support for bootable OS containers (bootc) and generating disk images
Apache License 2.0
394 stars 13 forks source link

Request subscription activation and registry configuration when building RHEL based bootable images #519

Closed dgolovin closed 1 month ago

dgolovin commented 1 month ago

Is your enhancement related to a problem? Please describe

Current implementation for SSO Sign In always configures access to registry.redhat.io and activates developer's subscription for running podman VM which in most use cases is not required when working with Developer Sandbox or OpenShift Local.

This extension looks like perfect place to detect that targeted image is based on RHEL and to perform necessary prerequisite checks/steps to ensure successful build like:

  1. Check subscription is activated on current VM
  2. Request Sign In with Red Hat SSO to get access token
  3. Use that token to activate subscription before build
  4. Configure access to reqistry.redhat.io

Describe the solution you'd like

Extension should trigger subscription check/activation/deacitvation and registry access configuration/removal whenever it is required for specific use-cases.

Describe alternatives you've considered

No response

Additional context

Decoupling signin from subscription related commands - https://github.com/redhat-developer/podman-desktop-redhat-account-ext/issues/152 Use Red Hat SSO account to pull Pull-secret when configuring OpenShift Local instance https://github.com/crc-org/crc-extension/issues/207

cdrage commented 1 month ago

Is your enhancement related to a problem? Please describe

Current implementation for SSO Sign In always configures access to registry.redhat.io and activates developer's subscription for running podman VM which in most use cases is not required when working with Developer Sandbox or OpenShift Local.

This extension looks like perfect place to detect that targeted image is based on RHEL and to perform necessary prerequisite checks/steps to ensure successful build like:

  1. Check subscription is activated on current VM

  2. Request Sign In with Red Hat SSO to get access token

  3. Use that token to activate subscription before build

  4. Configure access to reqistry.redhat.io

Describe the solution you'd like

Extension should trigger subscription check/activation/deacitvation and registry access configuration/removal whenever it is required for specific use-cases.

Describe alternatives you've considered

No response

Additional context

Decoupling signin from subscription related commands - https://github.com/redhat-developer/podman-desktop-redhat-account-ext/issues/152

Use Red Hat SSO account to pull Pull-secret when configuring OpenShift Local instance https://github.com/crc-org/crc-extension/issues/207

Hi! When building, it copies the image over from the local storage to bootc and the builds it.

At no point do we ever pull from anything rhel / sso / authentication related.

It does not pull anything else internet-wise and it's similar to basic a conversion tool since the image is provided to the extension via a volume.

We have been building RHEL product images no problem with no need for SSO within the bootc extension.

All the image building side that relates to pulling from RHEL happens outside the bootc extension on the build image page within PD and uses your extension which has been working wonderfully!

I hope that answers your question!

cc @deboer-tim

deboer-tim commented 1 month ago

I agree with @cdrage - it seems artificial to put SSO into an extension that is generic/not just Red Hat, doesn't pull images directly, and where everything works whether or not you're logged in. I'm happy to discuss if there's something we're missing, but for now I'm going to close.