Please see our Book for more in-depth documentation.
The Image Builder is a collection of cross-provider Kubernetes virtual machine image building utilities.
There are currently 3 distinct tools in this repo:
Each project is independent from each other, with the goal of eventually merging into a single tool.
The konfigadm
directory contains manifests for use with the konfigadm CLI
.
Learn how to engage with the Kubernetes community on the community page.
You can reach the maintainers of this project at:
- Image Builder office hours: Mondays (biweekly) at 08:30 PT (Pacific Time) (biweekly). Convert to your timezone.
- Slack channel
- Mailing list
Participation in the Kubernetes community is governed by the Kubernetes Code of Conduct.
- To build images for Kubernetes-conformant clusters in a consistent way across infrastructures, providers, and business needs.
- To install all software, containers, and configuration needed by downstream tools such as Cluster API providers, to enable them to pass conformance tests
- Support end users requirements to customize images for their business needs.
- To provide assurances in the binaries and configuration in images for purposes of security auditing and operational stability.
- Allow introspection of artifacts, software versions, and configurations in a given image.
- Support repeatable build processes where the same inputs of requested install versions result in the same installed binaries.
- To ensure that the creation of images is performed via well defined phases. Where users could choose specific phases that they needed.
- To provide upgrade or downgrade semantics.
- To provide guarantees that the software installed provides a fully functional system.
- To prescribe the hardware architecture of the build system.
- Centralize the various image builders into this repository
- Create a binary that simplifies the consumption of image-builder
- Create a versioning policy
- Automate the building of images
- Publish images off master to facilitate E2E testing and the removal of
k/k/cluster
- Create a bill of materials for each image and allow it to be used to recreate an image
- Automate the testing of images for kubernetes node conformance
- Automate the security scanning of images for CVE's
- Publish Demo / POC images to coincide with each new patch version of kubernetes to facilitate Cluster API adoption
- Automate the periodic scanning of images for new CVE's
- (Stretch Goal) Publish Production ready images with a clear support contract for handling CVE's.
Due to the high-level of commitment and effort required to support production images, this will only be done once all the pre-conditions are met including:
- Create an on-call rotation with sufficient volunteers to provide 365/24/7 coverage
- Ensure all licensing requirements are met