Closed izgeri closed 3 years ago
If I understand this issue correctly, from the previous research on this, I think it's unnecessary to use a RH-based OS to make Conjur run on OpenShift bare. IIRC the only thing we need to ensure is that our code can run with a random UID so it may require some work on the Dockerfile but the base image should not need changing.
As for nginx, we have made this work as well on OpenShift: https://github.com/cyberark/conjur-oss-helm-chart/tree/oc-follower-poc/e2e/openshift/nginx
I think there is an ask to have a Conjur image posted on RH container registry, which is why @guygiat is looking to publish a Conjur image with a RH base - but Guy can correct me if I've misunderstood.
@izgeri this seems like a really un-necessary requirement if true. I would be surprised if their registry must be based on a RH-provided image so we should look into that.
Conjur and nginx images indeed can run on OCP, but we need to certify those images in order to certify our operator on RedHad openshift operator hub, therefore it has to be with rhel or UBI base images. @sgnn7 @izgeri
PR for Nginx UBI based can be found in here: https://github.com/cyberark/conjur-base-image/pull/26
Duplicate of #1871
At current, the Conjur image is published using the custom
cyberark/ubuntu-ruby-fips
base image: https://github.com/cyberark/conjur/blob/1ea8a50d16ff63c62a3a953fa5b634c7576ba857/Dockerfile#L1In order to run Conjur OSS in OpenShift, however, we need an alternate image built that is based on a Red Hat-friendly OS (e.g. ubi8).
In this card, we will update the Conjur pipeline to also build an image based on a RH OS. If needed to run Conjur on OC, we will also add a custom RH-friendly nginx.
AC: