-
Notifications
You must be signed in to change notification settings - Fork 524
MCO-1928: Enhacement of the MCO OS streams feature #1874
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Draft
pablintino
wants to merge
2
commits into
openshift:master
Choose a base branch
from
pablintino:mco-1928
base: master
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
+868
−0
Draft
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit
Hold shift + click to select a range
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Some comments aren't visible on the classic Files Changed page.
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,188 @@ | ||
| --- | ||
| title: machine-config-os-images-streams | ||
| authors: | ||
| - "@pablintino" | ||
| reviewers: | ||
| - "@yuqi-zhang" | ||
| approvers: | ||
| - "@yuqi-zhang" | ||
| api-approvers: | ||
| - "@JoelSpeed" | ||
| creation-date: 2025-10-24 | ||
| tracking-link: | ||
| - https://issues.redhat.com/browse/MCO-1914 | ||
| see-also: | ||
| replaces: | ||
| superseded-by: | ||
| --- | ||
|
|
||
| # MachineConfig OS Images Streams | ||
|
|
||
| ## Summary | ||
|
|
||
| This enhancement allows administrators to easily assign different OS images | ||
| to specific groups of nodes using a simple "stream" identifier. | ||
|
|
||
| It introduces a new, optional stream field in theMCP. When this field is set, | ||
| the MCO will provision nodes in that pool using the specific OS image | ||
| associated with that stream name. | ||
|
|
||
| This provides a simple, declarative way to run different OS variants within | ||
| the same cluster. This can be used to test new major OS versions | ||
| (like RHEL 10) on a subset of nodes or to deploy specialized images, | ||
| without affecting the rest of the cluster. | ||
|
|
||
| ## Motivation | ||
|
|
||
| **TBD** | ||
|
|
||
|
|
||
| ### User Stories | ||
|
|
||
| **TBD** | ||
|
|
||
| ### Goals | ||
|
|
||
| **TBD** | ||
|
|
||
| ### Non-Goals | ||
|
|
||
| **TBD** | ||
|
|
||
| ## Proposal | ||
|
|
||
| To implement the functionality this enhancement provides, some changes are | ||
| required in the MCO, the released images payload, and the CoreOS images. | ||
| The following sections describe all the required changes. | ||
|
|
||
| ### Machine Config Pools | ||
|
|
||
| To provide the user with the ability to set which stream an MCP's nodes | ||
| should use, the MCP CRD must be modified to introduce a few fields: | ||
|
|
||
| - `spec.osImageStream`: To set the target stream the pool should use. We | ||
| preserve the current behavior of deploying the cluster-wide OS images if | ||
| no stream is set. | ||
| - `status.osImageStream`: To inform the user of the stream currently used | ||
| by the pool. This field will reflect the target stream once the pool has | ||
| finished updating to it. | ||
|
|
||
| The [API Extensions](#api-extensions) section describes these API changes | ||
| in greater detail. | ||
|
|
||
| From the perspective of the MCP reconciliation logic, the addition of | ||
| streams is not different from an override of both OS images in the | ||
| MachineConfig of the associated pool. If a user sets a stream in the | ||
| pool, the MCO takes care of picking the proper URLs to use from the | ||
| new, internally populated, OSImageStream resource and injecting them | ||
| as part of the MCP's MachineConfig. This internal change of the URLs | ||
| will force the MCP to update and deploy the image on each node one by | ||
| one. | ||
|
|
||
| ### CoreOS and Payload Images | ||
|
|
||
| The scope of this enhancement is to allow the user to consume streams shipped | ||
| as part of the payload. Therefore, all information about which streams are | ||
| available should be contained in the payload image and the tagged OS images. | ||
|
|
||
| To accommodate more than one OS version and the associated stream name, the | ||
| release build process has been updated with the following changes: | ||
|
|
||
| The Payload ImageStream now contains extra coreos tags for both OS and | ||
| Extension Images to accommodate more OS versions. | ||
|
|
||
| Each OS image is now built with an extra label that allows the MCO to identify | ||
| the stream to which it belongs. | ||
|
|
||
| - Regular OS Images: `io.coreos.oscontainerimage.osstream` pointing to the | ||
| stream name, for example, `rhel-coreos-10`. | ||
| - Extension Images: `io.coreos.osextensionscontainerimage.osstream` pointing | ||
| to the stream name, for example, `rhel-coreos-10`. | ||
|
|
||
| With those changes to the images in place, the MCO has enough information to | ||
| build the list of available streams and determine which images should be used | ||
| for each stream. | ||
|
|
||
| ### Machine Config OSImageStream | ||
|
|
||
| This new resource holds the URLs associated with each stream and is populated | ||
| by the MCO using the information from the OS image labels. The logic that | ||
| extracts the URLs and stream names from the OS images differs depending on | ||
| whether the cluster is bootstrapping or undergoing an update. During regular | ||
| operation (i.e., when not bootstrapping or updating), the MCO does not make | ||
| any changes to this resource, and its information can be safely considered | ||
| static. | ||
|
|
||
| #### TBD: Add details of both OSImageStream generation scenarios | ||
|
|
||
| #### Streams | ||
|
|
||
| ### API Extensions | ||
|
|
||
| **TBD** | ||
|
|
||
| ### Topology Considerations | ||
|
|
||
| **TBD** | ||
|
|
||
| ### Implementation Details/Notes/Constraints | ||
|
|
||
| **TBD** | ||
|
|
||
| ### Risks and Mitigations | ||
|
|
||
| **TBD** | ||
|
|
||
| ### Drawbacks | ||
|
|
||
| **TBD** | ||
|
|
||
| ## Design Details | ||
|
|
||
| ### Open Questions [optional] | ||
|
|
||
| None. | ||
|
|
||
| ## Test Plan | ||
|
|
||
| **TBD** | ||
|
|
||
| ## Graduation Criteria | ||
|
|
||
| **TBD** | ||
|
|
||
| ### Dev Preview -> Tech Preview | ||
|
|
||
| **TBD** | ||
|
|
||
| ### Tech Preview -> GA | ||
|
|
||
| **TBD** | ||
|
|
||
| ### Removing a deprecated feature | ||
|
|
||
| ## Upgrade / Downgrade Strategy | ||
|
|
||
| **TBD** | ||
|
|
||
| ## Version Skew Strategy | ||
|
|
||
| **TBD** | ||
|
|
||
| ## Operational Aspects of API Extensions | ||
|
|
||
| #### Failure Modes | ||
|
|
||
| **TBD** | ||
|
|
||
| ## Support Procedures | ||
|
|
||
| None. | ||
|
|
||
| ## Implementation History | ||
|
|
||
| Not applicable. | ||
|
|
||
| ## Alternatives (Not Implemented) | ||
|
|
||
| **TBD** | ||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To answer a question from the API review office hours, the alternatives we considered are:
1 was deemed less optimal since it's an arbitrary map without guardrails, and also with a new API we can use VAP to wire up cross-object validation
2 was deemed less optimal since it's managed by the CVO intead of the MCO, and thus the bootstrap-time MCO doesn't understand or process it (I suppose we could set that up, though). We would like to have a bootstrap (install) time workflow that matches the in-cluster workflow that we can process in the same way, possibly eventually as a install-config field, so the new API object that the MCO manages would be easier to work in both cases.
Also, the MachineConfiguration has introduced quite a lot of new fields in the past few versions, mostly for cluster-knobs (so configurables, instead of status-only discovery objects), so we thought a new CR would be clearer.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some more context around 1: It's almost impossible to implement stream discovery using the CM. The config map context can just be templated using the simple placeholder replace logic the installer has, but any new stream will require a manual touch to it.