Initcontainer issues with RedHat certification #1506
Comments
mregmi
changed the title
There are options. If OCP has new enough NFD available (0.13+) we don't need the initcontainer for SGX anymore. I believe you also don't need GPU initcontainer since you have not enabled the fractional resources. GPU is also moving away from the initcontainer completely. For SGX the caveat is that without the initcontainer, we depend on NFD. We can of course change the build flow to make toybox installation optional. |
|
Thanks. making the toybox optional for UBI sounds like a good solution for those that need initcontainer. |
but note that it won't be available for your 1.0.1 release so you will have to accept that preflight failure now. |
|
Yes for this release. we created a custom initcontainer without toybox and it passed the certification test. |
|
@mregmi we currently default to |
On RHEL 8.X based systems (ocp 4.12) we are supposed to use ubi8 and ubi9 or ocp 4.13 (RHEL 9.X) and higher. i think we should make it as ubi9 for 0.27 and newer releases. |
0.28 will default to ubi9 |
RedHat Image certifications for Openshift have added new checks that causes the initcontainers to fail preflight tests.
They have a new rule that modifying core contents from base image is flagged and preflight tests fail.
The initcontainers use toybox and replace all the commands in the image. This is no longer allowed by RedHat in UBI images.
We might have to create a seperate Dockerfile for UBI images ( Openshift ).
Any suggestions on solutions?
The text was updated successfully, but these errors were encountered: