Konflux, Fedora & bootc

Hello Konflux+Fedora contributors! I’m interested in understanding more about Fedora and Konflux in the context of the bootc initiative. We’d like to understand the issues around using Konflux to build official Fedora deliverables, such as the fedora-bootc base image.

Is the existing Fedora Konflux instance considered appropriate for that sort of thing, building an official Fedora deliverable, or is that further down the road? If this current instance goes away, do we feel confident it’ll be swapped for an “official” instance?

I see that there’s a fedora-bootc tenant in the Fedora infra gitlab org, I wonder what steps we’d need to take to start testing out builds of the fedora-bootc base image in this instance.

My two cents:

If this current instance goes away, do we feel confident it’ll be swapped for an “official” instance?

Yes - in fact, I don’t see a reason that the current one will go away. If Fedora release engineering, or FESCO, or the Council (or whatever decision making body is appropriate) would deem it official, I think it could evolve into that role as is. If for whatever reason that’s not possible, yes it will be replaced.

We stood it up just in time for Flock, but then pivoted to focus on other things right after. If you’re tracking the fedora + konflux sig meetings, I hope you see that we’re working now towards smoothing operations for it; supporting it better, for more than just Flock PoCs.

I see that there’s a fedora-bootc tenant in the Fedora infra gitlab org, I wonder what steps we’d need to take to start testing out builds of the fedora-bootc base image in this instance.

Let us get it updated to the latest version of Konflux as in MintMaker (Renovate) update infra-deployments for Konflux and then give it a try.

Send a merge request to the bootc tenant in the tenants-config repo to add yourself and others with rights to the fedora-bootc tenant so that you can login and work there. From there, I think you should onboard a fedora-bootc git repo and copy over the .tekton/ content from the centos-bootc image’s .tekton/ dir as a starting point.

Is the existing Fedora Konflux instance considered appropriate for that sort of thing, building an official Fedora deliverable, or is that further down the road?

From strictly my own point of view, I think it will be appropriate soon (like, in the next few weeks) for that (once we’re happier with the way we’re operating it). But, to really call it appropriate for an official Fedora deliverable is not my call to make. +1 from me, but - do you need to sync with releng or another body?

Where will end-users consume fedora-bootc from? From quay.io/fedora/ ? (Yes, that looks right).

I mostly agree with what Ralph said there.

The one thing I would expand on, is the ‘official fedora deliverable’ thing. I don’t know that we are ready to do that, and I do think it needs fesco at least to bless. I would definitely want release engineering more involved so they can make sure the policy/pipeline is what they expect for a ‘official’ deliverable.

All that said, exploring how to build things there is great!

There’s another topic on this I swear somewhere but basically…I don’t think Kiwi makes sense to build container images. On the bootc side I really want the default entrypoint to be podman build - that doesn’t mean there can’t be other entrypoints, but…

The Kiwi XML is dated, building containers via Kiwi is just unusual and weird, doesn’t make sense for layered images, etc.

In the absence of a container build infrastructure at the heart of Fedora, we’re currently discussing moving the fedora-bootc builds into the Fedora CoreOS jenkins as a “side-step” from pungi which gives us a much better story for having the build entrypoint be podman build and integrating with CI (it also runs in an OpenShift cluster, instead of being koji tasks, etc.)

EDIT: Also xref transition builds to konflux and shared pipeline (#33) · Issues · fedora / bootc / Issue Tracker · GitLab and Supportable customizable base images (#32) · Issues · fedora / bootc / Issue Tracker · GitLab

So FWIW: I would say we ought to start building something in Konflux in Fedora, clearly. Why not this? It seems like an ideal choice: it’s a fairly new thing that is not release blocking and doesn’t have a lot of historical baggage, and the bootc folks are already building images with Konflux elsewhere.

Why don’t we just go ahead and try and build a Konflux pipeline that produces a Fedora base bootc image? Just doing that does not (IMO) need a Change proposal or FESCo’s permission or any of that stuff. I think we could even then push it out to container registries, so long as it’s suitably marked as being a test or experimental or whatever.

Then we could worry about a Change proposal to make it the ‘official’ bootc base image that gets published on the registries.