Skip to content

Update node image #48

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
alicefr merged 2 commits into from
Jun 4, 2026
Merged

Update node image #48

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
ed908e2
Add vim-minimal to node image
alicefr Jun 4, 2026
83c9eb8
Add bootc image tag and digest labels to disk image
alicefr Jun 4, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions node-images/fedora/Containerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ RUN /usr/libexec/bootc-base-imagectl build-rootfs \
--install dnsmasq \
--install bubblewrap \
--install sudo \
--install vim-minimal \
/target-rootfs

FROM scratch AS root
Expand Down
4 changes: 4 additions & 0 deletions node-images/fedora/Containerfile.disk
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,10 @@ RUN podman run --rm ${BOOTC_IMAGE} kubeadm config images list > /output/images.t

FROM scratch
ARG KUBE_MINOR=1.35
ARG BOOTC_IMAGE
ARG BOOTC_DIGEST
LABEL bink.kubeadm-version=${KUBE_MINOR}
LABEL bink.bootc-image=${BOOTC_IMAGE}
LABEL bink.bootc-image-digest=${BOOTC_DIGEST}
COPY --from=builder /output/disk.qcow2 /disk.qcow2
COPY --from=builder /output/images.txt /images.txt
2 changes: 2 additions & 0 deletions node-images/fedora/Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ build-bootc-image:
build-disk-image: build-bootc-image
@echo "=== Building node image with qcow2 disk ==="
STORAGE_PATH=$$(podman info --format '{{.Store.GraphRoot}}') && \
BOOTC_DIGEST=$$(podman inspect --format '{{.Digest}}' $(BOOTC_IMAGE)) && \

@jlebon jlebon Jun 4, 2026

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm, the problem with this is that we haven't pushed the bootc image yet so we don't have the actual pushed digest. At push time, layers are compressed which will yield a different manifest digest than what we get here.

So I think this would require building the bootc image, pushing it (use podman push --digestfile foo ...) and then build the disk image (and the BOOTC_DIGEST would be $(cat foo)).

Alternatively... don't worry about digests, and just use tags. Derive the tag name from the date.

@alicefr alicefr Jun 8, 2026

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

mmh maybe I'm missing something but the label is correct and matches what bootc reports. Example:

podman inspect --format '{{index .Config.Labels "bink.bootc-image-digest"}}' ghcr.io/alicefr/bink/node:v1.35-fedora-44-disk
sha256:903caa303fbf9db5250c7943b63a44f774b9c52b825d0e7865672e9cf11ce09d

On a booted node started with --node-image corresponding to the one we just inspected:

[root@controller ~]# bootc status
● Booted image: registry.cluster.local:5000/node:latest
        Digest: sha256:903caa303fbf9db5250c7943b63a44f774b9c52b825d0e7865672e9cf11ce09d (amd64)
     Timestamp: 2026-06-04T12:33:32Z

podman build \
Comment on lines 29 to 31

@sourcery-ai sourcery-ai Bot Jun 4, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

suggestion: Consider using a more robust inspect format for the image digest or handling the case where .Digest is empty.

{{.Digest}} may be empty for some locally-built images, which would pass an empty BOOTC_DIGEST into the build and hide the failure. Consider using something like {{index .RepoDigests 0}} or at least checking that BOOTC_DIGEST is non-empty before continuing, so failures are explicit instead of silently losing the digest.

Suggested change
STORAGE_PATH=$$(podman info --format '{{.Store.GraphRoot}}') && \
BOOTC_DIGEST=$$(podman inspect --format '{{.Digest}}' $(BOOTC_IMAGE)) && \
podman build \
STORAGE_PATH=$$(podman info --format '{{.Store.GraphRoot}}') && \
BOOTC_DIGEST=$$(podman inspect --format '{{index .RepoDigests 0}}' $(BOOTC_IMAGE)) && \
test -n "$$BOOTC_DIGEST" || { echo "ERROR: Failed to determine BOOTC_DIGEST for $(BOOTC_IMAGE)"; exit 1; } && \
podman build \

--cap-add=SYS_ADMIN \
--cap-add=DAC_READ_SEARCH \
Expand All @@ -40,6 +41,7 @@ build-disk-image: build-bootc-image
--build-arg DISK_SIZE="$(DISK_SIZE)" \
--build-arg MEMORY="$(BUILD_MEMORY)" \
--build-arg KUBE_MINOR="$(KUBE_MINOR)" \
--build-arg BOOTC_DIGEST="$$BOOTC_DIGEST" \
-t $(NODE_IMAGE) \
-f Containerfile.disk \
.
Expand Down
Loading