Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Installing with image mode for RHEL

Red Hat build of MicroShift 4.18

Embedding MicroShift in a bootc image

Red Hat OpenShift Documentation Team

Abstract

You can embed MicroShift into a bootc image by using image mode for Red Hat Enterprise Linux (RHEL). Bootc stands for bootable container, and the image includes the kernel, bootloader, and other items typically excluded from application containers.

You can embed MicroShift into an operating system image using image mode for Red Hat Enterprise Linux (RHEL).

Important

Image mode for RHEL is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.

For more information about the support scope of Red Hat Technology Preview features, see Technology Preview Features Support Scope.

Image mode for Red Hat Enterprise Linux (RHEL) is a Technology Preview deployment method that uses a container-native approach to build, deploy, and manage the operating system as a bootc image. By using bootc, you can build, deploy, and manage the operating system as if it is any other container.

  • This container image uses standard OCI or Docker containers as a transport and delivery format for base operating system updates.
  • A bootc image includes a Linux kernel that is used to start the operating system.
  • By using bootc containers, developers, operations administrators, and solution providers can all use the same container-native tools and techniques.

Image mode splits the creation and installation of software changes into two steps: one on a build system and one on a running target system.

  • In the build-system step, a Podman build inspects the RPM files available for installation, determines any dependencies, and creates an ordered list of chained steps to complete, with the end result being a new operating system available to install.
  • In the running-target-system step, a bootc update downloads, unpacks, and makes the new operating system bootable alongside the currently running system. Local configuration changes are carried forward to the new operating system, but do not take effect until the system is rebooted and the new operating system image replaces the running image.

1.2. Additional resources
Copy link

MicroShift is built and published as image mode containers. When installing a Red Hat Enterprise Linux (RHEL) bootable container image with MicroShift, use either a prebuilt bootable container image or build your own custom bootable container image.

Important

Image mode for RHEL is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.

For more information about the support scope of Red Hat Technology Preview features, see Technology Preview Features Support Scope.

To use image mode for RHEL, ensure that the following resources are available:

  • A RHEL 9.4 host with an active Red Hat subscription for building MicroShift bootc images.
  • A remote registry for storing and accessing bootc images.
  • You can use image mode for RHEL with a MicroShift cluster on AArch64 or x86_64 system architectures.

The workflow for using image mode with MicroShift includes the following steps:

  1. Find and use a prebuilt MicroShift container image to install Red Hat Enterprise Linux (RHEL).
  2. Build a custom MicroShift container image if the prebuilt MicroShift container image requires customization.
  3. Run the container image.
Important

The rpm-ostree file system is not supported in image mode. Do not use the rpm-ostree file system to modify deployments that use image mode.

2.2. Get or build your bootc image
Copy link

Either get an existing bootc image or create one, then you can publish that image to a remote registry for use.

You can use the MicroShift container images to install image mode for RHEL.

Prerequisites

  • You have an x86_64 or AArch64 platform.
  • You have access to the registry.redhat.io registry.

Procedure

  1. Navigate to the Red Hat Ecosystem Catalog.
  2. Search for the MicroShift container image by using the microshift-bootc keyword.
  3. Open the container image page of the MicroShift container image.
  4. Select the Get this image tab to view instructions for downloading the image.

  5. Get access to the latest image on x86_64 and AArch64 platforms by logging into the registry using the following command: 

    $ sudo podman login registry.redhat.io
    Copy to Clipboard Toggle word wrap

  6. Download the bootc image by running the following command: 

    $ podman pull registry.redhat.io/openshift4/microshift-bootc-rhel9:v4.18
    Copy to Clipboard Toggle word wrap

2.2.2. Building the bootc image
Copy link

Build your Red Hat Enterprise Linux (RHEL) that contains MicroShift as a bootable container image by using a Containerfile.

Important

Image mode for RHEL is Technology Preview. Using a bootc image in production environments is not supported.

Prerequisites

  • A RHEL 9.4 host with an active Red Hat subscription for building MicroShift bootc images and running containers.
  • You logged into the RHEL 9.4 host by using the user credentials that have sudo permissions.
  • The rhocp and fast-datapath repositories are accessible in the host subscription. The repositories do not necessarily need to be enabled on the host.
  • You have a remote registry such as {quay} for storing and accessing bootc images.

Procedure

  1. Create a Containerfile that includes the following instructions:

    Example Containerfile for RHEL image mode

    FROM registry.redhat.io/rhel9/rhel-bootc:9.4

ARG USHIFT_VER=4.18
RUN dnf config-manager \
        --set-enabled rhocp-${USHIFT_VER}-for-9-$(uname -m)-rpms \
        --set-enabled fast-datapath-for-9-$(uname -m)-rpms
RUN dnf install -y firewalld microshift && \
    systemctl enable microshift && \
    dnf clean all

# Create a default 'redhat' user with the specified password.
# Add it to the 'wheel' group to allow for running sudo commands.
ARG USER_PASSWD
RUN if [ -z "${USER_PASSWD}" ] ; then \
        echo USER_PASSWD is a mandatory build argument && exit 1 ; \
    fi
RUN useradd -m -d /var/home/redhat -G wheel redhat && \
    echo "redhat:${USER_PASSWD}" | chpasswd

# Mandatory firewall configuration
RUN firewall-offline-cmd --zone=public --add-port=22/tcp && \
    firewall-offline-cmd --zone=trusted --add-source=10.42.0.0/16 && \
    firewall-offline-cmd --zone=trusted --add-source=169.254.169.1

# Create a systemd unit to recursively make the root filesystem subtree
# shared as required by OVN images
RUN cat > /etc/systemd/system/microshift-make-rshared.service <<'EOF'
[Unit]
Description=Make root filesystem shared
Before=microshift.service
ConditionVirtualization=container
[Service]
Type=oneshot
ExecStart=/usr/bin/mount --make-rshared /
[Install]
WantedBy=multi-user.target
EOF
RUN systemctl enable microshift-make-rshared.service
    Copy to Clipboard Toggle word wrap

    Important

    Podman uses the host subscription information and repositories inside the container when building the container image. If the rhocp and fast-datapath repositories are not available on the host, the build fails.

  2. Set the PULL_SECRET environment variable: 

    $ PULL_SECRET=~/.pull-secret.json
    Copy to Clipboard Toggle word wrap

  3. Configure the USER_PASSWD environment variable: 

    $ USER_PASSWD=<redhat_user_password>
    1
    Copy to Clipboard Toggle word wrap
    1
    Replace <redhat_user_password> with your password.

  4. Configure the IMAGE_NAME environment variable: 

    $ IMAGE_NAME=microshift-4.18-bootc
    Copy to Clipboard Toggle word wrap

  5. Create a local bootc image by running the following image build command: 

    $ sudo podman build --authfile "${PULL_SECRET}" -t "${IMAGE_NAME}" \
    --build-arg USER_PASSWD="${USER_PASSWD}" \
    -f Containerfile
    Copy to Clipboard Toggle word wrap
    Important

    How secrets are used during the image build:

    • The podman --authfile argument is required to pull the base rhel-bootc:9.4 image from the registry.redhat.io registry.
    • The build USER_PASSWD argument is used to set a password for the redhat user.

Verification

  1. Verify that the local MicroShift bootc image was created by running the following command: 

    $ sudo podman images "${IMAGE_NAME}"
    Copy to Clipboard Toggle word wrap

    Example output

    REPOSITORY                       TAG         IMAGE ID      CREATED        SIZE
localhost/microshift-4.18-bootc  latest      193425283c00  2 minutes ago  2.31 GB
    Copy to Clipboard Toggle word wrap

Publish your bootc image to the remote registry so that the image can be used for running the container on another host, or for when you want to install a new operating system with the bootc image layer.

Prerequisites

  • You are logged in to the RHEL 9.4 host where the image was built using the user credentials that have sudo permissions.
  • You have a remote registry such as {quay} for storing and accessing bootc images.
  • You created the Containerfile and built the image.

Procedure

  1. Set the REGISTRY_URL variable for the image by running the following command: 

    $ REGISTRY_URL=<quay.io>
    1
    Copy to Clipboard Toggle word wrap
    1
    Replace <quay.io> with the URL for your image registry.

  2. Log in to your remote registry by running the following command: 

    $ sudo podman login "${REGISTRY_URL}"
    Copy to Clipboard Toggle word wrap

  3. Set the IMAGE_NAME variable for the image by running the following command: 

    $ IMAGE_NAME=<microshift-4.18-bootc>
    1
    Copy to Clipboard Toggle word wrap
    1
    Replace <microshift-4.18-bootc> with the name of the image you want to publish.

  4. Set the REGISTRY_IMG variable for the image by running the following command: 

    $ REGISTRY_IMG=<myorg/mypath>/"${IMAGE_NAME}"
    1
    Copy to Clipboard Toggle word wrap
    1
    Replace <myorg/mypath> with your remote registry organization name and path.

  5. Publish the image by running the following command: 

    $ sudo podman push localhost/"${IMAGE_NAME}" "${REGISTRY_URL}/${REGISTRY_IMG}"
    Copy to Clipboard Toggle word wrap

Verification

  • Run the container using the image you pushed to your registry as described in the "Running the MicroShift bootc container" section.

Use the bootable container image as an installation source to set up a Red Hat Enterprise Linux (RHEL) virtual machine.

Important

Image mode for RHEL is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.

For more information about the support scope of Red Hat Technology Preview features, see Technology Preview Features Support Scope.

3.1. Creating the Kickstart file
Copy link

You must create the Kickstart file to use during installation.

Prerequisites

  • You have root-user access.
  • You are logged in to the physical hypervisor host.

Procedure

  1. Set the AUTH_CONFIG environment variable to reference the secret file in the kickstart.ks file to authenticate private container registry access by running the following command: 

    $ AUTH_CONFIG=~/.quay-auth.json
    Copy to Clipboard Toggle word wrap

  2. Set the PULL_SECRET environment variable to reference the secret files in the kickstart.ks file to authenticate the OpenShift Container Platform registry access by running the following command: 

    $ PULL_SECRET=~/.pull-secret.json
    Copy to Clipboard Toggle word wrap

  3. Set the IMAGE_REF environment variable to reference the image mode for your container image to use during installation by running the following command: 

    $ IMAGE_REF="quay.io/<myorg>/<mypath>/microshift-4.18-bootc"
    1
    Copy to Clipboard Toggle word wrap
    1
    Replace <myorg/<mypath> with your remote registry organization name and path.

  4. Create the kickstart.ks file to use during installation by running the following script: 

    $ cat > kickstart.ks <<EOFKS
lang en_US.UTF-8
keyboard us
timezone UTC
text
reboot

# Partition the disk with hardware-specific boot and swap partitions, adding an
# LVM volume that contains a 10GB+ system root. The remainder of the volume will
# be used by the CSI driver for storing data.
zerombr
clearpart --all --initlabel
# Create boot and swap partitions as required by the current hardware platform
reqpart --add-boot
# Add an LVM volume group and allocate a system root logical volume
part pv.01 --grow
volgroup rhel pv.01
logvol / --vgname=rhel --fstype=xfs --size=10240 --name=root

# Lock root user account
rootpw --lock

# Configure network to use DHCP and activate on boot
network --bootproto=dhcp --device=link --activate --onboot=on

%pre-install --log=/dev/console --erroronfail

# Create a 'bootc' image registry authentication file
mkdir -p /etc/ostree
cat > /etc/ostree/auth.json <<'EOF'
$(cat "${AUTH_CONFIG}")
EOF

%end

# Pull a 'bootc' image from a remote registry
ostreecontainer --url "${IMAGE_REF}"

%post --log=/dev/console --erroronfail

# Create an OpenShift pull secret file
cat > /etc/crio/openshift-pull-secret <<'EOF'
$(cat "${PULL_SECRET}")
EOF
chmod 600 /etc/crio/openshift-pull-secret

%end
EOFKS
    Copy to Clipboard Toggle word wrap

3.2. Creating a virtual machine
Copy link

You can create a virtual machine by using the Red Hat Enterprise Linux (RHEL) boot ISO image.

Prerequisites

  • You created the Kickstart file.
  • You installed the OpenShift CLI (oc).
  • You have redhat credentials.

Procedure

  1. Download the Red Hat Enterprise Linux (RHEL) boot ISO image from the Download Red Hat Enterprise Linux.
  2. Copy the downloaded file to the /var/lib/libvirt/images directory.

  3. Configure the VMNAME environment variable with your value by running the following command: 

    $ VMNAME=microshift-4.18-bootc
    Copy to Clipboard Toggle word wrap

  4. Configure the NETNAME environment variable with your value by running the following command: 

    $ NETNAME=default
    Copy to Clipboard Toggle word wrap

  5. Create a Red Hat Enterprise Linux (RHEL) virtual machine with 2 cores, 2GB of RAM and 20GB of storage by running the following command: 

    $ sudo virt-install \
    --name ${VMNAME} \
    --vcpus 2 \
    --memory 2048 \
    --disk path=/var/lib/libvirt/images/${VMNAME}.qcow2,size=20 \
    --network network=${NETNAME},model=virtio \
    --events on_reboot=restart \
    --location /var/lib/libvirt/images/rhel-9.4-$(uname -m)-boot.iso \
    --initrd-inject kickstart.ks \
    --extra-args "inst.ks=file://kickstart.ks" \
    --wait
    Copy to Clipboard Toggle word wrap
    Note

    The sudo virt-install command uses the Kickstart file to pull a bootc image from the remote registry and install the RHEL operating system.

  6. Log in to the virtual machine by using your redhat credentials.

Verification

  1. Verify that all of the MicroShift pods are running without error by entering the following command: 

    $ watch sudo oc get pods -A \
    --kubeconfig /var/lib/microshift/resources/kubeadmin/kubeconfig
    Copy to Clipboard Toggle word wrap

    Example output

    NAMESPACE                  NAME                                       READY   STATUS    RESTARTS      AGE
kube-system                csi-snapshot-controller-7cfb9df49c-kc9dx   1/1     Running   0             31s
openshift-dns              dns-default-rpnlt                          2/2     Running   0             14s
openshift-dns              node-resolver-rxvdk                        1/1     Running   0             31s
openshift-ingress          router-default-69cd7b5545-7zcw7            1/1     Running   0             29s
openshift-ovn-kubernetes   ovnkube-master-c7hlh                       4/4     Running   1 (16s ago)   31s
openshift-ovn-kubernetes   ovnkube-node-mkpht                         1/1     Running   1 (17s ago)   31s
openshift-service-ca       service-ca-5d5d96459d-5pd5s                1/1     Running   0             28s
openshift-storage          topolvm-controller-677cbfcdb9-28dqr        5/5     Running   0             31s
openshift-storage          topolvm-node-6fzbl                         3/3     Running   0             14s
    Copy to Clipboard Toggle word wrap

Legal Notice
Copy link

Copyright © 2025 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.
Back to top
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2025 Red Hat