Skip to content

Misc updates to podvm's README.md #597

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 3 commits into
base: devel
Choose a base branch
from
Open

Misc updates to podvm's README.md #597

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
a9e7951
peerpods/podvm/README: add "PodVM image re-create" section
wainersm Apr 4, 2025
be7d38f
peerpods/podvm/README: linking to files
wainersm Apr 4, 2025
d47848c
peerpods/podvm/README: linking to bootc podvm README.md
wainersm Apr 4, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
77 changes: 73 additions & 4 deletions config/peerpods/podvm/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,9 @@ the operator to generate a pod VM image.

The configuration used for the podvm image generation is available in the following configmaps:

- Azure: `azure-podvm-image-cm`
- AWS: `aws-podvm-image-cm`
- GCP: `gcp-podvm-image-cm`
- Azure: [`azure-podvm-image-cm`](./azure-podvm-image-cm.yaml)
- AWS: [`aws-podvm-image-cm`](./aws-podvm-image-cm.yaml)
- GCP: [`gcp-podvm-image-cm`](./gcp-podvm-image-cm.yaml)

If you want to change the default configuration, then depending on the cloud
provider (eg. aws, azure or gcp) you'll need to pre-create the respective
Expand Down Expand Up @@ -40,7 +40,7 @@ provided config.

The PodVM image can be embedded into a container image. This container image can then be unwrapped and uploaded to the libvirt volume specified in the `peer-pods-cm`. Please note that this feature is currently supported only for the libvirt provider.

To create an OCI image with the PodVM image, you can use the `Dockerfile.podvm-oci` as follows:
To create an OCI image with the PodVM image, you can use the [`Dockerfile.podvm-oci`](Dockerfile.podvm-oci) as follows:

```bash
docker build -t podvm-libvirt \
Expand All @@ -67,3 +67,72 @@ PODVM_IMAGE_URI: "oci::quay.io/openshift_sandboxed_containers/libvirt-podvm-imag
In this example, `<image_tag>` and `<image_path>` are optional. If not provided, the default values will be `<image_tag>`: `latest` and `<image_path>`: `/image/podvm.qcow2`.

**Note:** When pulling container images from authenticated registries, make sure that the OpenShift `pull-secrets` are updated with the necessary registry credentials.

## bootc-based PodVM image

Refer to the following [page](./bootc/README.md) to learn about bootc-based podVM images.

## PodVM image re-create

As explained in [PodVM image generation configuration](#podvm-image-generation-configuration) section, the image generation is configured via configmap. You may want to re-create the image with a different configuration, for example, set `CUSTOM_CLOUD_INIT_MODULES=no` to start the SSH Server in the podVM. In this section you will learn how to delete the podVM image to then create it again.

In order to delete the current image you will need to get the image ID as is set on `peer-pods-cm` configmap, which depends on the cloud you have peer pods deployed:

* Azure
```bash
IMAGE_ID=$(oc get cm/peer-pods-cm -n openshift-sandboxed-containers-operator -o jsonpath='{.data.AZURE_IMAGE_ID}')
```
* AWS
```bash
IMAGE_ID=$(oc get cm/peer-pods-cm -n openshift-sandboxed-containers-operator -o jsonpath='{.data.AWS_AMI_ID}')
```
* GCP
```bash
IMAGE_ID=$(oc get cm/peer-pods-cm -n openshift-sandboxed-containers-operator -o jsonpath='{.data.IMAGE_NAME}')
```

Ensure that any previous delete job isn't still around, otherwise the deployment of a new job will fail:

```bash
oc delete --ignore-not-found=true job/osc-podvm-image-deletion -n openshift-sandboxed-containers-operator
```

Create the new delete job:

```bash
cat osc-podvm-delete-job.yaml | \
yq e '.spec.template.spec.containers[0].env = [{"name": "IMAGE_ID", "value": "'$IMAGE_ID'"}]' | \
oc apply -f -
```

On the command above the current image ID is set on the `IMAGE_ID` environment variable, so the job knows which image should be deleted. If you don't want to use `yq` to update the `IMAGE_ID` then simply edit [osc-podvm-delete-job.yaml](./osc-podvm-delete-job.yaml) with your preferred tool.

Wait the new *osc-podvm-image-deletion* pod to complete:

```bash
watch -n 20 "oc get pods -n openshift-sandboxed-containers-operator | grep osc-podvm-image-deletion"
```

If everything went well then the image ID field on `peer-pods-cm` configmap is now empty. You can check it like that:

* Azure
```bash
oc get cm/peer-pods-cm -o jsonpath='{.data.AZURE_IMAGE_ID}' -n openshift-sandboxed-containers-operator
```
* AWS
```bash
oc get cm/peer-pods-cm -o jsonpath='{.data.AWS_AMI_ID}' -n openshift-sandboxed-containers-operator
```
* GCP
```bash
oc get cm/peer-pods-cm -o jsonpath='{.data.IMAGE_NAME}' -n openshift-sandboxed-containers-operator
```

Now you can start the create image job and wait it to be completed:

```bash
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Once the image is deleted and the configMap key is empty, annotating the KataConfig CRD will ensure operator itself creating the new image.
Wouldn't that be preferred since there are few parameters for the image that is set by the operator ?

oc apply -f osc-podvm-create-job.yaml
watch -n 20 "oc get pods -n openshift-sandboxed-containers-operator | grep osc-podvm-image-creation"
```

Check again the image ID field in `peer-pods-cm` configmap, it should be fulfilled now if the image was built.