In this tutorial, we are going to build a simple Python app, using Thoth s2i build process and use Thoth's provenance check in the process.
Why to use Thoth provenance check in s2i build process?
For those who are new to this s2i refers to the Source to image process which bundles your source code to a image that can be run on OpenShift. The provenance check is done against Pipfile and Pipfile.lock, which are expected as an input to Thoth. The output is a structured report (with metadata) that states issues found in the application stack. Currently reported issues are of the following categories:
ERROR/ARTIFACT-DIFFERENT-SOURCE- reported if a package/artifact is installed from a different package source index in comparision to the configured one
INFO/ARTIFACT-POSSIBLE-DIFFERENT-SOURCE- reported if a package/artifact can be installed from a different package source index in comparision to the configured one
WARNING/DIFFERENT-ARTIFACTS-ON-SOURCES- there are present different artifacts on the package source indexes and configuration does not state explicitly which package source index should be used for installing package - this warning recommends explictly stating package source index to guarantee the expected artifacts are used
ERROR/MISSING-PACKAGE- the given package was not found on package source index (the configured one or any of other package source indexes available)
ERROR/INVALID-ARTIFACT-HASH- the artifact hash that is used for the downloaded package was not found on the package source index - possibly the artifact has changed over time (dangerous) or was removed from the package source index
You can find more about provenance checks, and how the provenance check reports are structured here - Link
You can find a list of base images which you can use with Thoth in s2i-thoth repository with detailed instructions on how to use Thoth in the OpenShift’s s2i process. The container images are hosted at - quay.io with the prefix s2i.
We are going to discover more about it in the next step how you can customize the process.
In this demo, we are going to use an Openshift 4.2 playground.
We are operating our services on the MassOpen.cloud #operatefirst
Thank you for trying to build using Thoth s2i build process.
Visit us at - http://thoth-station.ninja/
Please fill this feedback form to help us improve the scenario - Link
Find us at Github.
Building s2i with Thoth Provenance
Before you get started we recommend reading the following steps. They explain a bit about how the playground environment is setup and what access you have.
Logging in to the Cluster via Dashboard
Click the Console tab to open the dashboard.
You will then able able to login with admin permissions with:
Logging in to the Cluster via CLI
When the OpenShift playground is created you will be logged in initially as
a cluster admin (
oc whoami) on the command line. This will allow you to perform
operations which would normally be performed by a cluster admin.
Before creating any applications, it is recommended you login as a distinct user. This will be required if you want to log in to the web console and use it.
To login to the OpenShift cluster from the Terminal run:
oc login -u admin -p admin
This will log you in using the credentials:
Use the same credentials to log into the web console. For simplicity we are logging in here as admin.
Creating your own Project
To create a new project called
myproject run the command:
oc new-project myproject
You could instead create the project from the web console. If you do this, to change to the project from the command line run the command:
oc project myproject
Now that you have created your own project, me move to the next step.