install.sh: Simplify handling for fedora rpm-ostree based distributions

[becarusys]

Proposed Changes

While figuring out #13711 I noticed that the handling of fedora rpm-ostree based distributions for k3s-selinux installation was convoluted and seemed inconsistent. After looking at git blame for a while I propose these changes:

• Since Capture all fedora atomic variants in install script #11170 all immutable fedora variants are captured, therefore checking for coreos/iot VARIANT_ID is redundant. Also ID_LIKE=coreos is no longer used by fedora coreos, so drop that as well.
• remove using package_installer=yum instead of rpm-ostree for the policy hint, as yum will not work on any rpm-ostree based distribution.
• remove setting policy_error=warn for immutable fedora. This seems to be a relic from before k3s shipped selinux-packages for fedora. If the selinux policy is not found it prints a warning to reboot the machine anyway just a few lines later.

Types of Changes

Bugfix: Users should not notice any difference if the installation works. Only if it fails the user gets the fixed policy hint (I do not know if this is worth listing in the release notes).

Verification

• install k3s using the updated script on rpm-ostree based fedora variants. The k3s-selinux package should be installed successfully.

Tested successfully on Fedora CoreOS 43.:

[INFO]  Finding available k3s-selinux versions
Checking out tree f2b9b6a... done
Enabled rpm-md repositories: fedora-cisco-openh264 updates fedora rancher-k3s-common-latest updates-archive
Importing rpm-md... done
rpm-md repo 'fedora-cisco-openh264' (cached); generated: 2025-03-05T10:45:56Z solvables: 6
rpm-md repo 'updates' (cached); generated: 2026-02-28T01:03:20Z solvables: 24135
rpm-md repo 'fedora' (cached); generated: 2025-10-23T03:37:20Z solvables: 77664
rpm-md repo 'rancher-k3s-common-latest' (cached); generated: 2024-09-16T17:14:31Z solvables: 4
rpm-md repo 'updates-archive' (cached); generated: 2026-02-28T01:36:49Z solvables: 36144
Resolving dependencies... done
Checking out packages... done
Running systemd-sysusers... done
Running pre scripts... done
Running post scripts... done
Running posttrans scripts... done
Writing rpmdb... done
Writing OSTree commit... done
Staging deployment... done
Pruned images: 0 (layers: 42)
Freed: 675.3 MB (pkgcache branches: 3)
Added:
  k3s-selinux-1.6-1.coreos.noarch
Changes queued for next boot. Run "systemctl reboot" to start a reboot
[WARN]  Please reboot your machine to activate the changes and avoid data loss.
[INFO]  Creating /usr/local/bin/kubectl symlink to k3s

Linked Issues

#11170

User-Facing Change

NONE

Further Comments

It might make sense to test it in conjunction with PR #13711 to save some time, I am happy to add the commit to it and close this PR if you agree.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 21.77%. Comparing base (abc7cc8) to head (4218101).
⚠️ Report is 31 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #13712      +/-   ##
==========================================
- Coverage   21.79%   21.77%   -0.02%     
==========================================
  Files         191      191              
  Lines       15539    15539              
==========================================
- Hits         3386     3384       -2     
- Misses      11702    11704       +2     
  Partials      451      451              

Flag	Coverage Δ
unittests	21.77% <ø> (-0.02%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[brandond]

No backports necessary as the install script is served live from main branch.