Skip to content

Building the Intel SecL-DC Container Images

The Intel SecL-DC container images must be built from source and uploaded to a container registry. Currently these images are not made available on any public container registry.

Build Server Prerequisites

The Intel SecL container images must be built on either a Red Hat Enterprise Linux 8.4 or Ubuntu 20.04 system.

Development Tools and Utilities

RedHat Enterprise Linux 8.4

dnf install -y git wget tar python3 gcc gcc-c++ zip make yum-utils openssl-devel
dnf install -y https://dl.fedoraproject.org/pub/fedora/linux/releases/32/Everything/x86_64/os/Packages/m/makeself-2.4.0-5.fc32.noarch.rpm
ln -s /usr/bin/python3 /usr/bin/python
ln -s /usr/bin/pip3 /usr/bin/pip

Ubuntu-20.04

apt update
apt remove -y gcc gcc-7
apt install -y python3-problem-report git wget tar python3 gcc-8 make makeself openssl libssl-dev libgpg-error-dev
cp /usr/bin/gcc-8 /usr/bin/gcc
ln -s /usr/bin/python3 /usr/bin/python
ln -s /usr/bin/pip3 /usr/bin/pip

Repo Tool

tmpdir=$(mktemp -d)
git clone https://gerrit.googlesource.com/git-repo $tmpdir
install -m 755 $tmpdir/repo /usr/local/bin
rm -rf $tmpdir

Golang

wget https://dl.google.com/go/go1.16.7.linux-amd64.tar.gz
tar -xzf go1.16.7.linux-amd64.tar.gz
sudo mv go /usr/local
export GOROOT=/usr/local/go
export PATH=$GOROOT/bin:$PATH
rm -rf go1.16.7.linux-amd64.tar.gz

Docker

RHEL

dnf module enable -y container-tools
dnf install -y yum-utils
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
dnf install -y docker-ce-20.10.8 docker-ce-cli-20.10.8

systemctl enable docker
systemctl start docker

Ubuntu

apt-get -y install docker-ce=5:20.10.8~3-0~ubuntu-focal docker-ce-cli=5:20.10.8~3-0~ubuntu-focal containerd.io

systemctl enable docker
systemctl start docker

NOTE

Apply the following step only if you require a proxy:

mkdir -p /etc/systemd/system/docker.service.d
touch /etc/systemd/system/docker.service.d/proxy.conf

Add the below lines in /etc/systemd/system/docker.service.d/proxy.conf:

[Service]
Environment="HTTP_PROXY=<http_proxy>"
Environment="HTTPS_PROXY=<https_proxy>"
Environment="NO_PROXY=<no_proxy>"

Restart Docker:

systemctl daemon-reload
systemctl restart docker

Sync the Repos and Run the Additional Prerequisite Script

There are separate manifests for different use cases. The following will build all Intel SecL-DC Foundational Security components. Depending on the use case to be deployed, not all of the resulting container images may be needed.

Sync the Repo:

mkdir -p /root/intel-secl/build/data-sovereignty && cd /root/intel-secl/build/data-sovereignty
repo init -u https://github.com/intel-secl/build-manifest.git -m manifest/data-sovereignty.xml -b refs/tags/v4.2.0-Beta
repo sync

Run the additional prerequisite script:

cd utils/build/foundational-security/
chmod +x fs-prereq.sh
./fs-prereq.sh -s

Building the Container Images

cd /root/intel-secl/build/data-sovereignty/
make k8s

The resulting container images will be placed in the following folder:

/root/intel-secl/build/data-sovereignty/k8s/

Uploading the Container Images to a Registry

Once built, the images must be uploaded to a container registry using the appropriate version tags.

Itel SecL-DC Release Version Required Container Version Tag
4.2 Beta v4.2.0-Beta

The specific command to upload the images to the registry may differ based on the registry used. The sample below assumes a Docker registry.

skopeo copy oci-archive:<oci-image-tar-name> docker://registry.server.com:<registry-port>/<image-name>:<image-tag>

NOTE The container names used when uploading the images must match the container names specified in values.yaml when deploying with Helm.

Back to top