Hi,
Is there a way to select at build time the channel of a base?
core22
has a fips-updates/stable
track and I am trying to build our k8s snap with a fips base.
Thank you
Hi,
Is there a way to select at build time the channel of a base?
core22
has a fips-updates/stable
track and I am trying to build our k8s snap with a fips base.
Thank you
Add it in a part as a build snap?
build-snaps:
- core22/fips-update/stable
Can you explain what is the outcome you are looking for?
Thank you for your reply. The end goal is when I do snap install k8s --channel=fips
I get the core22
from the fips track and not from the stable
one. Is this possible?
No, this does not work this way. The snap will get a version of the base snap which is already installed in the system, or one from the default (latest/stable) channel will be installed.
If you are building a FIPS compatible appliance, then you can specify the default channel for the base in the model assertion. However, if the goal is simply to be able to install microk8s on eg. Ubuntu Server where FIPS is already enabled, then the operator would need to select the right base.
Alternatively, if you provide a FIPS specific channel of the snap, you can pull in FIPS builds of relevant libraries from their PPAs. IOW, the microk8s snap could ship a FIPS variant of openssl & friends.