Skip to content

Build kubevirt container disk #45

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Jakob-Naucke merged 2 commits into from
Jan 19, 2026
Merged

Build kubevirt container disk #45

Jakob-Naucke merged 2 commits into from
Jan 19, 2026

Conversation

@alicefr
Copy link
Contributor

@alicefr alicefr commented Oct 8, 2025
edited
Loading

Build the container disk out of the fedora coreos with the clevis pin for Trustee support.

This PR replace the custom-coreos-container-disk with the containerized coreos-assembler. Using cosa avoids the disablement of selinux. Additionally, osbuild is present and properly works for the conversion of the kubevirt container disks.

@alicefr
Copy link
Contributor Author

alicefr commented Oct 8, 2025

/cc @travier @Jakob-Naucke

Jakob-Naucke
Jakob-Naucke approved these changes Oct 10, 2025
View reviewed changes
@alicefr alicefr requested a review from Jakob-Naucke November 4, 2025 15:14
Jakob-Naucke
Jakob-Naucke approved these changes Nov 4, 2025
View reviewed changes
Copy link
Contributor

@Jakob-Naucke Jakob-Naucke left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Haven't tested with kubevirt (only did a local build) but LGTM otherwise. You probably want to rebase to eliminate the CI failure.

@alicefr alicefr force-pushed the create-kv-cd branch 2 times, most recently from 6ea9e51 to c6d5068 Compare November 21, 2025 08:07
@alicefr
Copy link
Contributor Author

alicefr commented Nov 24, 2025

We need to solve the lack of osbuild in ubuntu. I have tried to run the build in a container but there is some issue with overlayfs inside the container

@alicefr alicefr marked this pull request as draft November 24, 2025 08:19
@alicefr alicefr force-pushed the create-kv-cd branch 11 times, most recently from c455565 to 2f835f2 Compare November 25, 2025 14:43
@alicefr
Copy link
Contributor Author

alicefr commented Nov 26, 2025

Running cosa takes too many resources for the github actions

@alicefr alicefr force-pushed the create-kv-cd branch 3 times, most recently from 7b8db62 to 689da3c Compare December 12, 2025 08:28
@alicefr alicefr marked this pull request as ready for review December 12, 2025 08:28
@alicefr alicefr requested a review from Jakob-Naucke December 12, 2025 08:28
@alicefr
Copy link
Contributor Author

alicefr commented Dec 12, 2025

@Jakob-Naucke the CI isn't able to run cosa for kubevirt since it doesn't have enough resource. I think we can integrate the build of kubevirt container disks once we have the beaker machine integrated. However, it is still useful to be able to build container disks.
Additionally, cosa osbuild is cleaner then using the coreos custom disk script. It can also easly built other target disk format like for azure, with cosa osbuild azure

@Jakob-Naucke Jakob-Naucke mentioned this pull request Jan 7, 2026
Merged
@alicefr alicefr force-pushed the create-kv-cd branch 2 times, most recently from 1c44be1 to d203c45 Compare January 13, 2026 11:55
@alicefr
Build kubevirt container disk
41edce2 
Build the container disk out of the fedora coreos with the clevis pin
for Trustee support.

Signed-off-by: Alice Frosi <[email protected]>
Jakob-Naucke
Jakob-Naucke reviewed Jan 13, 2026
View reviewed changes
Copy link
Contributor

@Jakob-Naucke Jakob-Naucke left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One comment. Maybe squash some of the commits. you squashed, that was from yesterday. Still would like to test though.

containerfiles/trustee.container

RUN cd /usr/src/ && \
git clone https://github.com/trusted-execution-clusters/trustee.git && \
git clone https://github.com/confidential-containers/trustee.git && \
Copy link
Contributor

@Jakob-Naucke Jakob-Naucke Jan 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cf. #60

Copy link
Contributor Author

@alicefr alicefr Jan 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why? Don't we want to use our fork?

Copy link
Contributor

@Jakob-Naucke Jakob-Naucke Jan 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We do, and this diff moves from using our fork to not using our fork

Copy link
Contributor Author

@alicefr alicefr Jan 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we do it in a separate PR? Trustee doesn't have anything to do with building kubevirt disks

Jakob-Naucke
Jakob-Naucke approved these changes Jan 13, 2026
View reviewed changes
Copy link
Contributor

@Jakob-Naucke Jakob-Naucke left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Have tested, so sending approval already, but please still address the above comment

@Jakob-Naucke Jakob-Naucke merged commit 378882c into trusted-execution-clusters:main Jan 19, 2026
1 of 2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Jakob-Naucke Jakob-Naucke Jakob-Naucke approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@alicefr @Jakob-Naucke