Closed izgeri closed 3 years ago
sgnn7
commented
3 years ago If I understand this issue correctly, from the previous research on this, I think it's unnecessary to use a RH-based OS to make Conjur run on OpenShift bare. IIRC the only thing we need to ensure is that our code can run with a random UID so it may require some work on the Dockerfile but the base image should not need changing.
sgnn7
commented
3 years ago As for nginx, we have made this work as well on OpenShift: https://github.com/cyberark/conjur-oss-helm-chart/tree/oc-follower-poc/e2e/openshift/nginx
izgeri
commented
3 years ago I think there is an ask to have a Conjur image posted on RH container registry, which is why @guygiat is looking to publish a Conjur image with a RH base - but Guy can correct me if I've misunderstood.
sgnn7
commented
3 years ago @izgeri this seems like a really un-necessary requirement if true. I would be surprised if their registry must be based on a RH-provided image so we should look into that.
guygiat
commented
3 years ago Conjur and nginx images indeed can run on OCP, but we need to certify those images in order to certify our operator on RedHad openshift operator hub, therefore it has to be with rhel or UBI base images. @sgnn7 @izgeri
guygiat
commented
3 years ago PR for Nginx UBI based can be found in here: https://github.com/cyberark/conjur-base-image/pull/26
izgeri
commented
3 years ago Duplicate of #1871
At current, the Conjur image is published using the custom
cyberark/ubuntu-ruby-fipsbase image: https://github.com/cyberark/conjur/blob/1ea8a50d16ff63c62a3a953fa5b634c7576ba857/Dockerfile#L1In order to run Conjur OSS in OpenShift, however, we need an alternate image built that is based on a Red Hat-friendly OS (e.g. ubi8).
In this card, we will update the Conjur pipeline to also build an image based on a RH OS. If needed to run Conjur on OC, we will also add a custom RH-friendly nginx.
AC: