# How to build OKD in 2024 ## Prow This approach would continue to leverage Prow as the OKD build system. Images would be built pre-submit (as CI on PRs) and post-submit (on merge, promoted to OKD ImageStream) ### Pros - Direct feedback to devs (on status) through GitHub UI - Source of truth build metadata from Prow - Prow has ability to replace FROM directives in Dockerfiles - Continuous builds (ie. components are rebuilt immediately after they've been changed) ### Cons - Need to touch/create configs for each repo (~200) - [vrutkovs] we wouldn't need to if we keep UBI base - Build configs obscured in `release` repo, making build reproduction hard - [vrutkovs] CentOS9 Stream may introduce new bugs, so OKD bugs are no longer OCP bugs ### Questions? ### What's still needed ## Doozer + Prow ## Doozer + Konflux This approach would use Doozer to generate OKD sources from ocp-build-data metadata. The generation step would manipulate Dockerfiles to replace FROM directives referencing builder and base images. As a second step, these generated sources would have to be fed into a separate system for building the images. ### Pros - Maintenance shared with ART team - Source of truth build metadata from ocp-build-data ### Cons - ocp-build-data does not reference OKD-specific Dockerfiles (e.g. Dockerfile.okd or Dockerfile.scos) that exist for a couple of images. When generating the sources with Doozer, these images would have to be accounted for. - No direct feedback to devs when a build breaks - Discreet nightly builds ### Questions? - How to get from generated sources to built images? - Where would the builds happen? How would they be scheduled? - Could images be built only-if-changed? - How can feedback be provided to devs? - Does each repo require a `.tekton` dir with PipelineRun definitions for this approach? ### What's still needed ## okd-payload-pipeline This approach would leverage [https://github.com/okd-project/okd-payload-pipeline](https://github.com/okd-project/okd-payload-pipeline/blob/main/docs/argo-workflows-okd.md) for OKD builds end-to-end. ### Pros - Based on upstream operators like Argo Workflows and Shipwright - Responds to the community request for "reproducible builds" - Ability to replace FROM directives in Dockerfiles - Enable partners and contributors to produce their own builds (replacing one or more components or rebuilding the payload entirely) - Except for the infrastructure resources availability, multiarch is already possible ### Cons - No direct feedback to devs when a build breaks - Discreet nightly builds - Static metadata updated manually: there is still some manual work to be done in-between branch-cut dates to sync Dockerfiles images replacements and other changes in the Prow configs - How would we build multi-arch for all arches? we do not have a single cluster setup that supports all arches. - Other architectures can be achieved through remote workers joining the cluster - [vrutkovs] Not practical to keep up the pace of building nightlies ### Questions - Can we provide feedback to devs? ### What's still needed - Can we automatically derive the build configs from the ocp-buildmetadata or from some other source (metadata in the CVO?) and prow? - Run the pipeline periodically and add a step to provide feedback about overall build failures - Push the release back to app.ci or quay.io and create a releasestream in the okd release controller (this can also allow running origin through Prow) - Produce different builders for each required Golang version ## Konflux only This approach would build component images with Konflux via Tekton with config contained in `.tekton` dir in each repo. ### Pros - same system for OKD and future (4.17?) OCP production builds - could run builds as CI or as scheduled Nightly - build configs co-located with sources, making the process transparent - Direct feedback to devs (on status) through GitHub UI ### Cons - involves touching each repo and creating pipeline config - longer adoption time given that konflux is in its nascent stages - Need to touch/create configs for each repo (~200), branch, variant (okd/ocp) ### Questions? ### What's still needed
Last changed by  
Christian Glombek
138

Read more

Cloud SIG OKD RPM working doc

Notes on building and maintaining the Cloud SIG rpms for OKD.

12/4/2023
OS Image Builds

OS Image Builds

10/24/2023
Introducing OKD Streams

Hello everyone! I'm pleased to (re-)introduce myself here, and announce the creation of the OKD Streams team. I've been working in OpenShift Engineering for around 4 years now, with various stops in the CoreOS, MCO, WMCO and SPLAT teams. As one of the long-time maintainers of OKD, OpenShift's Open Source community edition, I'm pleased to announce my new role as Team Lead of the OKD Streams Team. OKD Streams: The Mission At a high level, we want OKD Streams to be for OpenShift, what CentOS Stream is for RHEL: A place to collaborate and incubate upstream of the product. Specifically, we want to improve the readiness signal for RHEL CoreOS by running daily builds of CentOS Stream CoreOS (aka SCOS), which can be seen like a preview build of future RHCOS. Hey this is me the OKD Stream teammission

5/17/2023
OKD/SCOS release procedure

Validate Pick a nightly from https://origin-release.ci.openshift.org/#4.12.0-0.okd-scos (for 4.next, pick one from https://origin-release.ci.openshift.org/#4.13.0-0.okd-scos) Run the install with cluster-bot and ensure it's ready to be promoted; log in and check branding:launch registry.ci.openshift.org/origin/release-scos:<NIGHTLY> Export RELEASE env:export RELEASE="4.12.0-0.okd-scos-2022-10-22-232744" Check signatures:oc adm release info registry.ci.openshift.org/origin/release-scos:${RELEASE} Copy Digest from output (taking away the sha256: prefix)... Digest: sha256:0132da68b7bc49ae27202585392ad1f6ee4951e0255627c15017775c6c9e33a6 ...

2/15/2023
Read more from Christian Glombek
Published on HackMD