AWS SSM agent - System Manager on OpenShift ROSA Nodes

Resolution

• RHCOS is specifically designed to be managed in a more restrictive manner compared to a default installation of Red Hat Enterprise Linux (RHEL). This management is carried out remotely from the OpenShift Container Platform cluster, with only a limited number of system settings being adjustable during the setup of RHCOS machines. This restricted immutability ensures that the OpenShift Container Platform cluster can maintain the most recent state of RHCOS systems in the cluster, allowing for the creation of additional machines and updates based on the latest RHCOS configurations.

• Nodes within an OpenShift Container Platform cluster running on Red Hat Enterprise Linux CoreOS (RHCOS) are immutable and rely on Operators to apply cluster changes. Accessing these nodes using SSH is not recommended, and doing so will result in them being flagged as tainted. However, in cases where the OpenShift Container Platform API is unavailable or kubelet is not functioning properly on a target node, oc operations will be negatively impacted.

• Although the SSM agent is only available as an rpm, RHCOS is an immutable operating system that utilizes rpm-ostree. This means that it is not feasible to install the SSM agent on OpenShift nodes.