kubernetes-sigs/image-builder

Host bootstrap Ignition files in image-builder repo

johananl opened this issue · 2 comments

Flatcar Container Linux uses Ignition (instead of e.g. Kickstart) as a bootstrap config format. On some platforms (e.g. QEMU, OVA) it's necessary to provide Ignition config during the image build process.

Right now we're consuming these files from https://github.com/flatcar-linux/flatcar-packer-qemu. Example:

"boot_command_prefix": "curl -sLo /tmp/ignition.json https://raw.githubusercontent.com/flatcar-linux/flatcar-packer-qemu/917f209e1afd262e71f41c65c1295f29c08cb8c6/ignition-builder.json<enter>sudo flatcar-install -d /dev/sda -C {{user `channel_name`}} -V {{user `release_version`}} -i /tmp/ignition.json<enter>sudo reboot<enter><wait{{user `install_wait`}}>",

This is far from ideal for multiple reasons, the main one being that the stability of the image-builder Flatcar builds is now dependent on an external repository which currently doesn't use proper versioning, releases etc.

In #873 (comment) we're discussing the matter. There are multiple ways to address the issue:

  1. Get rid of the need to pass Ignition config at build time altogether. This would be best as it gets rid of the problem but is likely not feasible because we might need Ignition in some cases (for example to ensure we disable automatic updates at build time).
  2. Find a provider-native way (e.g. AWS user data) to pass Ignition data for all providers.
  3. Use curl with an internet URL as part of the build process and host the Ignition files inside the image-builder repo.

I suggest we start by hosting the Ignition files in the image-builder repo, just like we're already doing with Kickstart used by other distros. In future iterations we may be able to switch to a provider-native way to inject Ignition data to builder VMs or even get rid of the need for bootstrap Ignition config altogether, however at least for now we'll have something stable that works.

/assign

Hosting the files in the repo seems to make most sense for now. I don't have a ton of context on the how/why you would remove ignition or provide a native way to pass ignition. I would follow your lead on that, but for now we can iterate with the files in the repository.

@jsturtevant thanks! I've opened #895 to address this.