It's utterly ridiculous how complicated it is to get cri-o and Kubernetes to work on Fedora CoreOS.

Everything is supposed to be layered on top of the base OS but that speaks against the idea of image-based systems.

OpenShift solved this issue by… using a custom build of cri-o, Kubernetes and Fedora CoreOS, that uses these components from outside the distro.

And I'm sitting here, fiddling around and probably built a custom OS as well, just because there seems to be no way around it. :/


After an evening of fighting with osbuild and osbuild-composer, which is already much easier than coreos-assembler, and some fights with Fedora modularity, and a whole new way to define RPM repositories and their keys, I managed to build an insecure ostree image. Progress!

Maybe at the end of the weekend I'll manage to setup a functioning install and move my infrastructure to it. Or it all ends up horrible and I'll throw stuff into the bin. Who knows… 🤷

rant / calmed 

After quite some annoyance, I wrote various parts of it down, which might becomes an own blog article, for now it's a README in my new os directory:

First tests make it look quite okay. Some further tweaks required, but it's on a good way.

@sheogorath uff that sounds interesting because I use #coreos myself, but without #kubernetes and just plain #podman. I also am currently struggling with the podman v4 upgrade, given the networking stuff changed and podman-compose is generally not a… say… well documented software (compared to the main podman project, which is great!).

@sheogorath So if you have some experience to report I would be very keen to hear that.
Or even better: put it somewhere where more interested people can see it like


@sheogorath I mwam I asked myself if using #kubernetes would have been simpler but if that is what I hear from ypu… uff… it's possibly better the way I currently have it.🙃


@sheogorath When I stray near Red Hat projects this is sort of the feeling I get. "It's open source". But implementing the free open source upstream seems so complicated and vaguely documented you'd swear it had been deliberately sabotaged.

