Awesome
Preflight
Preflight is a command line (CLI) tool to verify that partner-submitted containers meet minimum requirements for Red Hat Software Certification. These include:
- OpenShift Operator Bundles
- OpenShift containers
- OpenStack containers
- Red Hat Enterprise Linux application containers
This project is in active and rapid development! Many facets of this project are subject to change, and some features are not fully implemented.
Certification Workflow Guide
For the complete container and operator bundle certification workflow instructions, please reference our official certification documentation.
Requirements
For running the Preflight binary, the host or VM must have at least RHEL 8.5, CentOS 8.5 or Fedora 35 installed.
The Preflight binary currently requires that you have the following tools installed, functional, and in your path.
Name | Tool cli | Minimum version |
---|---|---|
OperatorSDK | operator-sdk | v1.37.0 |
See our Vagrantfile for more information on setting up a development environment. Some checks may also require access to an OpenShift cluster. which is not provided by the Vagrantfile
Usage
The preflight
utility allows one to confirm that container and Operator projects
comply with container and Operator certification policies.
A brief summary of the available sub-commands is as follows:
A utility that allows you to pre-test your bundles, operators, and container before submitting for Red Hat Certification.
Usage:
preflight [command]
Available Commands:
check Run checks for an operator or container
completion Generate the autocompletion script for the specified shell
help Help about any command
runtime-assets Returns information about assets used at runtime.
support Submits a support request
Flags:
-h, --help help for preflight
-v, --version version for preflight
Use "preflight [command] --help" for more information about a command.
To check a container, utilize the check container
sub-command:
preflight check container quay.io/example-namespace/example-container:0.0.1 \
--pyxis-api-token=abcdefghijklmnopqrstuvwxyz123456 \
--certification-project-id=1234567890a987654321bcde
To check an Operator bundle, utilize the check Operator
sub-command:
preflight check operator quay.io/example-namespace/example-operator:0.0.1
For more detailed usage examples, see Recipes.
For more information on how to configure the execution of preflight
, see
CONFIG
Authenticating to Registries
If a registry requires authentication, one must set the environment variable
PFTL_DOCKERCONFIG
or pass the --docker-config
parameter on the command line.
This should be the full path to a properly formatted Docker config.json.
Remote Checks
In some cases (e.g. DeployableByOLM), preflight
will also pass credentials
to the cluster used for testing (i.e. the cluster that is accessible through the
current-context of the provided KUBECONFIG
).
We anticipate that the credentials in ${DOCKER_CONFIG}/config.json
or
${XDG_RUNTIME_DIR}/containers/auth.json
may contain more access than what is
needed for preflight
execution. It is recommended to generate a dockerconfigjson
with only the credentials necessary to retrieve the image under test to avoid
passing more credentials than needed into a cluster for those checks. preflight
accepts a full path to a dockerconfigjson that would be passed through to a remote
cluster via the PFLT_DOCKERCONFIG
environment variable or the --docker-config
command line parameter.
If this variable is unset, preflight
will assume that the images in scope
(e.g. PFLT_INDEXIMAGE value, and the test target itself) are located in a public
registry and already accessible from the cluster used for testing.
Installation
Before installing preflight
, ensure that the required dependencies have been installed on the local machine.
Install Prebuilt Release
One of the prebuilt release binaries for the supported architectures can be downloaded and installed to the local machine.
Install From Source
Once the repository has been cloned locally, the preflight
binary can be built
from source by using the provided target from within the root of the project directory.
make build
The preflight
binary will be created in the root of the project directory. The
binary can then be copied manually to a location in the local $PATH
.
sudo mv preflight /usr/local/bin/
Verify that the preflight
binary can run successfully.
preflight --version
The version information should be displayed.
preflight version 0.0.0 <commit: 2d3bb671bff8a95d385621382f31215234877d44>
Unit Tests
Execute the below command if you want to run all the unit tests in this repository.
Run all the unit tests:
make test
End-to-end Tests
Execute the below command if you want to run all the end-to-end tests in this repository. Note: Running these test requires a running OpenShift cluster.
Run all the unit tests:
make test-e2e
How to Contribute
Check out the contributor documentation.
Signed Images
This repository uses the Cosign project to
sign release images stored in quay.io/opdev/preflight
using Keyless
Signatures. The verification
workflow is documented in the verify-image
Make target for those that want to
confirm the images locally
RELEASE_TAG=1.5.4 make verify-image
License
Operator SDK is under Apache 2.0 license. See the LICENSE file for details.