Install OpenShift tooling using RPMs to support fapolicyd

dmc5179 / quay-image-builder-archived

Create an EC2 AMI to deploy Quay single node

GNU General Public License v3.0

0 stars 0 forks source link

Install OpenShift tooling using RPMs to support fapolicyd #1

Open dmc5179 opened 2 years ago

dmc5179 commented 2 years ago

fapolicyd is currently disabled on the quay AMI because the openshift CLI tools are not installed using the RPMs from the rhocp repos. Switch the AMI builder to install using the RPMs and enable fapolicyd

dmc5179 commented 2 years ago

subscription-manager register --username X --password Y

POOL_ID=$(subscription-manager list --pool-only --available --matches 'Red Hat OpenShift Container Platform' | head -1)

subscription-manager attach --pool=${POOL_ID}

subscription-manager repos --enable="rhocp-4.11-for-rhel-8-x86_64-rpms"

yum install openshift-clients

subscription-manager remove --all

subscription-manager unregister

bparry02 commented 2 years ago

If the tools are installed via rpm, they may be more likely to show up on scans. We don't have a way to get updates for them via RPM--and really we don't want to anyway.