Roadmap to Fedora Bootable Containers #1726
Description
Notes
- This is a proposed roadmap that is subject to change and refinement
- While not complete nor matching the current Fedora bootable container images, you can already use Fedora CoreOS with container images, but we currently don't recommend that as it comes with important caveats.
Roadmap
Building and publishing Bootable Container images
- We are currently building bootable container images in our pipeline
- Those images are published to Quay.io: https://quay.io/repository/fedora/fedora-coreos?tab=tags
Switching to Bootable Container images by default
- Create container repo tags for each FCOS release:
- Migrate Fedora CoreOS users to update via a container image by default:
- Move from Cincinnati to OCI for update graph:
- (Optional but desired) Use zstd:chunked container images
DNF5 integration
- Adding dnf5 to the images:
- Better error handling / messages in dnf (on running systems) would make this less confusing to our users
- A lot of testing needed, especially regarding alternative kernels, custom kernel modules, /var and /opt handling, etc.
bootc integration
- Integration of bootc will require integration in Zincati
- Bootc is currently root only: no unprivileged interface, no DBus interface
- remote config via configmap and secrets
- Related discussions:
Configuration management
- Using configmaps/overlays: dynamic overlays bootc-dev/bootc#22
- Using Ansible. Make sure we have good docs for this.
- Configuration management #53
composefs
UKI integration
Bootimages
- Using
bootc install to-filesystemwhen building container images: Usebootc install to-filesystemto build our bootimages #1827 - Use bootc-image-builder: Build disk images using bootc-image-builder #1906
Local package layering
- Figure out a solution for users that want to locally layer packages
- Similar to what's needed for Fedora Atomic Desktops
- Tracked in https://gitlab.com/fedora/bootc/tracker/-/issues/4
- Using sysext instead: frontend for systemd-sysext bootc-dev/bootc#7
Butane/Ignition integration
Rebasing on Fedora Bootc manifests
- https://gitlab.com/fedora/bootc/base-images/-/merge_requests/48
- Inherit from fedora-bootc's tier-x on Fedora 42+ fedora-coreos-config#3177
Rebasing on Fedora Bootc container images
- Needs better support for container builds in the Fedora Infrastructure (via gitlab.com/fedora?)
- Support for container deltas / zstd:chunked:
- Investigate if rebasing to a container based workflow for those image would bring benefits
- Needs a fleshed out CI story for the base images and layered variants
- Investigate the new Experimental Base Images Builder: https://gitlab.com/fedora/bootc/base-images-experimental
Anaconda
Investigate Konflux CI/CD
See if we can build FCOS using Konflux: https://gist.github.com/ralphbean/a3644111a549e8cedb0b207f90d42dc9
Documentation updates
- We will likely have to update the documentation to link to the Fedora Bootable Containers docs.
- Make sure the use cases in Develop Fedora CoreOS layering user stories #1219 are covered in documentation.
- Cover FCOS-specific aspects of bootable containers initiative in FCOS docs. Consider also if there's things to pull out of Add a doc for container provisioning and updates fedora-coreos-docs#540 which isn't already represented in fedora-bootc/is FCOS-specific.
Issues that needs to be triaged / refocused
See also all the issues tagged with bootable-containers: https://github.com/coreos/fedora-coreos-tracker/issues?q=is%3Aopen+label%3Aarea%2Fbootable-containers+sort%3Aupdated-desc
References
See:
- https://fedoramagazine.org/get-involved-with-fedora-bootable-containers/
- https://fedoraproject.org/wiki/Initiatives/Fedora_bootc
See for Fedora Atomic Desktops: https://gitlab.com/fedora/ostree/sig/-/issues/26