Projects
Projects

CoreOS Custom Images Project

Linux
CoreOS
bootc
Podman
KVM
Virtualization
CI/CD
DevOps

Developed custom Fedora CoreOS and bootc-based container images for hyperconverged infrastructure, development, and specialized workloads.

A server rack with various network and storage devices, representing hyperconverged infrastructure.

CoreOS Custom Images Project: Immutable Infrastructure for Modern Workloads

Project Overview

This project focuses on building and deploying custom, immutable operating system images based on Fedora CoreOS and the bootc standard. Leveraging bootc and uCore, these images are tailored for various infrastructure needs, including hyperconverged infrastructure (HCI), robust development environments, and specialized server workloads. The core idea is to provide a declarative, container-native approach to OS management, ensuring automatic updates, enhanced security, and consistent deployments across different environments.

Key Features & Technologies

Immutable & Container-Native OS

  • Fedora CoreOS & bootc: Utilizes the principles of immutable infrastructure, where the OS is treated as a container image. Updates are atomic, reducing the risk of system corruption and simplifying rollbacks.
  • Declarative Configuration: System configurations are managed declaratively, ensuring consistency and reproducibility.

Diverse Image Variants

  • Base Fedora bootc: A general-purpose server image pre-configured with essential services like Tailscale VPN, Cockpit for web-based administration, and backup tools (Borgmatic, Rclone, Rsync).
  • Hyperconverged Infrastructure (HCI): Specialized images (hci.Containerfile, hci-ucore.Containerfile) designed for virtualization, featuring a complete QEMU/KVM stack, Cockpit Machines for VM management, and advanced file sharing capabilities. The hci-ucore variant specifically integrates ZFS filesystem support.
  • Development & Workstation: Images like webtop.Containerfile (currently experimental) aim to provide containerized desktop environments, showcasing the flexibility of the bootc approach for various use cases.

Robust Management & Security

  • Cockpit Integration: Provides a comprehensive web interface for system administration, including network management, Podman container orchestration, OSTree/bootc updates, SELinux management, and storage configuration.
  • Tailscale VPN: Seamlessly integrates zero-configuration mesh VPN networking for secure and easy access to services.
  • Enhanced Security: Implements SSH key-only authentication for the core user, Firewalld for advanced firewall management, and SELinux in enforcing mode, ensuring a hardened operating environment.

Advanced Storage & Virtualization

  • ZFS & Btrfs Support: Integrates modern copy-on-write filesystems for advanced data management, snapshots, and integrity, particularly in HCI variants.
  • QEMU/KVM Virtualization: Full virtualization stack with support for multiple architectures (x86, ARM, RISC-V) and features like GPU passthrough (Virtio-GPU).

Deployment & CI/CD

  • Containerized Builds: Images are built using Podman and defined via Containerfiles, ensuring a consistent and reproducible build process.
  • GitHub Actions CI/CD: Automated build and push workflows are implemented using GitHub Actions, ensuring that images are continuously built, tested, and pushed to ghcr.io upon changes to the Containerfiles or related rootfs components.
  • bootc Deployment: Images are designed for deployment using the bootc switch command, enabling atomic OS updates and easy transitions between image versions.

Personal Contributions & Learning

Through this project, I gained extensive experience in:

  • Immutable Infrastructure Design: Deep understanding of bootc and OSTree principles for building robust and maintainable operating systems.
  • Containerization & Orchestration: Practical application of Podman for image building and system-level container management.
  • CI/CD Pipeline Development: Designing and implementing automated workflows with GitHub Actions for continuous integration and delivery of OS images.
  • Linux System Administration: Advanced configuration of system services, networking, storage (ZFS, Btrfs), and security features (SELinux, Firewalld).
  • Virtualization Technologies: Setting up and managing QEMU/KVM environments and integrating them with management tools like Cockpit Machines.

This project demonstrates my ability to design, implement, and maintain complex infrastructure solutions using modern DevOps practices and open-source technologies.