On Thu, Jan 13, 2022, at 1:48 PM, Kevin Fenzi wrote: > > > Perhaps the Fedora CoreOS folks would have some thoughts?
I can't speak for the whole team, but a few points. First, the FCOS build tooling in https://github.com/coreos/coreos-assembler is designed to run as a standard container. In some cases we do run it via podman over ssh as part of multi-arch, but the main approach is to run it inside Kubernetes (OpenShift). We designed it this way because OpenShift is of great interest to at least my employer (in case anyone didn't know). That's how we run production container workloads. Until now however, we have really had a very interesting tension because the primary output of FCOS builds is not a container image, it's bootable disk images (as produced by many tools, including ImageFactory, Image Builder, the kiwi thing in this thread, and many others). However, https://fedoraproject.org/wiki/Changes/OstreeNativeContainer is going to shift our "center of gravity" much closer to a container build. I'd actually like to "decouple" the disk image builds from container builds in our pipeline more, basically so that we generate disk images using a container image as *input* - for FCOS as well as other ostree systems today, a bootable disk image is really just a platform-specific wrapper shell around that. Related to this, I am quite strongly of the opinion that the *build* system should be closely related to the *testing* system. And that relates to the "running in production" bits mentioned above. If we're building containers, then we should at least be testing them running inside a Kubernetes/OpenShift instance. And if you have that, then it just makes sense to use the same approach to run the build tooling - as a container. The build process is just another workload along with testing processes and other tools inside a production Kubernetes/OpenShift cluster. This is how it works today for the FCOS pipeline as well as downstream ones, and as mentioned above I think the ostree native container change will be a powerful incentive to "lift" the ostree side of things outside of Koji and into a container-native flow. _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
