1. Documentation
×

Boot image management

For supported platforms, the Machine Config Operator (MCO) can manage and update the boot image on each node to ensure the Fedora CoreOS (FCOS) version of the boot image matches the Fedora CoreOS (FCOS) version appropriate for your cluster.

The following table lists the platforms on which boot image management is available:

Platform Worker machine sets Control plane machine sets

Google Cloud

Enabled by default

Disabled by default

Amazon Web Services (AWS)

Enabled by default

Disabled by default

Microsoft Azure

Enabled by default

Disabled by default

VMware vSphere

Enabled by default

Not supported

For all other platforms, the MCO does not update the boot image with each cluster update.

Boot image management for control plane nodes is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.

For more information about the support scope of Red Hat Technology Preview features, see the following link:

About boot image management

With boot image management enabled, the Machine Config Operator (MCO) manages and updates the Fedora CoreOS (FCOS) version of the boot image in the machine sets for your control plane or worker nodes. This means that the MCO updates the boot image whenever you update your cluster. Without boot image management enabled, if your cluster was originally created with an older OKD version, the boot image that the MCO would use to create new nodes is an older Fedora CoreOS (FCOS) version, even if your cluster is at a later OKD version.

New nodes created after enabling the feature use the updated boot image. This feature has no effect on existing nodes.

The following table lists the platforms on which boot image management is available:

Platform Worker machine sets Control plane machine sets

Google Cloud

Enabled by default

Disabled by default

Amazon Web Services (AWS)

Enabled by default

Disabled by default

Microsoft Azure

Enabled by default

Disabled by default

VMware vSphere

Enabled by default

Not supported

For all other platforms, the MCO does not update the boot image with each cluster update.

For example, with the feature disabled, if your cluster was originally created with OKD 4.16, the boot image that the MCO would use to create new nodes is the same FCOS version that was installed for the cluster, even if your cluster is currently at a later OKD version.

Using an older boot image could cause the following issues:

  • Extra time to start nodes

  • Certificate expiration issues

  • Version skew issues

You can disable the boot image management feature, if needed. When the feature is disabled, the boot image version no longer updates with the cluster. For example, you could disable the boot image management feature in order to use a custom boot image that you do not want changed. For information on how to disable this feature, see "Disabling boot image management". If you disable this feature, you can re-enable the feature at any time. For information, see "Enabling boot image management".

How the cluster behaves after disabling or re-enabling the feature, depends upon when you made the change, including the following scenarios:

  • If you disable the feature before updating to a new OKD version:

    • The boot image version used by the machine sets remains the same OKD version as when the feature was disabled.

    • When you scale up nodes, the new nodes use that same OKD version.

  • If you disable the feature after updating to a new OKD version:

    • The boot image version used by the machine sets is updated to match the updated OKD version.

    • When you scale up nodes, the new nodes use the updated OKD version.

    • If you update to a later OKD version, the boot image version in the machine sets remains at the current version and is not updated with the cluster.

  • If you enable the feature after disabling:

    • The boot image version used by the machine sets is updated to the current OKD version, if different.

    • When you scale up nodes, the new nodes use the current OKD version in the cluster.

Because a boot image is used only when a node is scaled up, this feature has no effect on existing nodes.

To view the current Fedora CoreOS (FCOS) boot image version used in your cluster, you can view the /sysroot/.coreos-aleph-version.json file on that node.

Example coreos-aleph-version.json file with an older boot image
{
# ...
    "ref": "docker://ostree-image-signed:oci-archive:/rhcos-418.94.202511191518-0-ostree.x86_64.ociarchive",
    "version": "418.94.202511191518-0"
}

where:

<version>

Specifies the Fedora CoreOS (FCOS) boot image version. In this example, the boot image is from the originally-installed OKD 4.18 version, regardless of the current version of the cluster.

If any of the machine sets for which you want to enable boot image management use a *-user-data secret that is based on Ignition version 2.2.0, the Machine Config Operator converts the Ignition version to 3.4.0 when you enable the feature. OKD versions 4.5 and lower use Ignition version 2.2.0. If this conversion fails, the MCO or your cluster could degrade. An error message that includes err: converting ignition stub failed: failed to parse Ignition config is added to the output of the oc get ClusterOperator machine-config command. You can use the following general steps to correct the problem:

  1. Disable the boot image management feature. For information, see "Disabling boot image management".

  2. Manually update the *-user-data secret to use Ignition version to 3.2.0.

  3. Enable the boot image management feature. For information, see "Enabling boot image management".
Additional resources

Enabling boot image management

For supported platforms, the Machine Config Operator (MCO) can manage and update the boot image on each node to ensure the Fedora CoreOS (FCOS) version of the boot image matches the Fedora CoreOS (FCOS) version appropriate for your cluster.

The following table lists the platforms on which boot image management is available:

Platform Worker machine sets Control plane machine sets

Google Cloud

Enabled by default

Disabled by default

Amazon Web Services (AWS)

Enabled by default

Disabled by default

Microsoft Azure

Enabled by default

Disabled by default

VMware vSphere

Enabled by default

Not supported

For all other platforms, the MCO does not update the boot image with each cluster update.

To enable the boot image management feature for control plane machine sets or to re-enable the boot image management feature for worker machine sets where it was disabled, edit the MachineConfiguration object. You can enable the feature for all of the machine sets in the cluster or specific machine sets.

Because the boot image management feature for worker nodes is default for the Google Cloud and AWS platforms, the managedBootImages configuration does not appear in the machine configuration object. To enable the feature for control plane machine sets without disabling the feature for worker machine sets, you must expressly add the configuration for both the control plane and worker machine sets, as shown in the following procedure. If you add only the configuration for control plane machine sets, due to default behavior, the Machine Config Operator (MCO) overwrites the configuration for the worker machine sets.

Enabling the feature updates the boot image to the Fedora CoreOS (FCOS) boot image version appropriate for your cluster. If the cluster is again updated to a new OKD version in the future, the boot image is updated again. New nodes created after enabling the feature use the updated boot image. This feature has no effect on existing nodes.

Prerequisites

  • If you are enabling boot image management for control plane machine sets, you enabled the required Technology Preview features for your cluster by editing the FeatureGate CR named cluster:

    $ oc edit featuregate cluster
    Example FeatureGate CR
    apiVersion: config.openshift.io/v1
kind: FeatureGate
metadata:
  name: cluster
spec:
  featureSet: TechPreviewNoUpgrade (1)
    1 Enables the required ManagedBootImagesCPMS feature gate.

    Do not enable this feature set on production clusters. Enabling the TechPreviewNoUpgrade feature set on your cluster cannot be undone and prevents minor version updates. This feature set allows you to enable these Technology Preview features on test clusters, where you can fully test them. Do not enable this feature set on production clusters.
Procedure

  1. Edit the MachineConfiguration object, named cluster, by using the following command:

    $ oc edit MachineConfiguration cluster

  2. Enable the boot image management feature for some or all of your machine sets:

    • Enable the boot image management feature for all machine sets:

      apiVersion: operator.openshift.io/v1
kind: MachineConfiguration
metadata:
  name: cluster
  namespace: openshift-machine-config-operator
spec:
# ...
  managedBootImages:
    machineManagers:
    - apiGroup: machine.openshift.io
      resource: controlplanemachinesets
      selection:
        mode: All
    - apiGroup: machine.openshift.io
      resource: machinesets
      selection:
        mode: All

      where:

      spec.managedBootImages

      Configures the boot image management feature.

      spec.managedBootImages.machineManagers.apiGroup

      Specifies the API group. This must be machine.openshift.io.

      spec.managedBootImages.machineManagers.resource

      Specifies the resource within the specified API group to apply the change. Use one or both of the following parameters. You must add the full stanza, as shown, if you want to enable the feature for control plane and worker machine sets.

      • controlplanemachinesets: Enables boot image management for control plane machine sets.

      • machinesets: Enables boot image management for worker machine sets.

      spec.managedBootImages.machineManagers.selection.mode

      Specifies that the feature is enabled for all machine sets in the cluster.

    • Enable the boot image management feature for specific worker machine sets:

      apiVersion: operator.openshift.io/v1
kind: MachineConfiguration
metadata:
  name: cluster
  namespace: openshift-machine-config-operator
spec:
# ...
  managedBootImages:
    machineManagers:
    - apiGroup: machine.openshift.io
      resource: machinesets
      selection:
        mode: Partial
        partial:
          machineResourceSelector:
            matchLabels:
              region: "east"

      where:

      spec.managedBootImages

      Configures the boot image management feature.

      spec.managedBootImages.machineManagers.apiGroup

      Specifies the API group. This must be machine.openshift.io.

      spec.managedBootImages.machineManagers.resource

      Specifies the resource within the specified API group to apply the change. This must be machinesets. Partial boot image management for control plane machine sets is not supported.

      spec.managedBootImages.machineManagers.selection.mode

      Specifies that the feature is enabled for specific machine sets in the cluster. This must be Partial.

      spec.managedBootImages.machineManagers.selection.partial

      Specifies that the feature is enabled for machine sets with the specified label in their MachineSet object.

Verification

  1. View the current state of the boot image management feature by using the following command to view the machine configuration object:

    $ oc get machineconfiguration cluster -o yaml
    Example machine set with the boot image reference
    kind: MachineConfiguration
metadata:
  name: cluster
# ...
status:
  conditions:
  - lastTransitionTime: "2025-05-01T20:11:49Z"
    message: Reconciled 2 of 4 MAPI MachineSets | Reconciled 0 of 0 CAPI MachineSets
      | Reconciled 0 of 0 CAPI MachineDeployments
    reason: BootImageUpdateConfigurationUpdated
    status: "True"
    type: BootImageUpdateProgressing
  - lastTransitionTime: "2025-05-01T19:30:13Z"
    message: 0 Degraded MAPI MachineSets | 0 Degraded CAPI MachineSets | 0 CAPI MachineDeployments
    reason: BootImageUpdateConfigurationUpdated
    status: "False"
    type: BootImageUpdateDegraded
  managedBootImagesStatus:
    machineManagers:
    - apiGroup: machine.openshift.io
      resource: controlplanemachinesets
      selection:
        mode: All
    - apiGroup: machine.openshift.io
      resource: machinesets
      selection:
        mode: All

    where:

    status.managedBootImagesStatus.machineManagers.selection.mode

    Specifies that the boot image management feature is enabled when set to All.

  2. Scale a machine set to create a new node by using a command similar to the following. The boot image is updated only for new nodes.

    $ oc scale --replicas=2 machinesets.machine.openshift.io <machineset> -n openshift-machine-api

  3. If your cluster was using an older boot image version, you can see the new boot image version when the new node reaches the READY state. View the Fedora CoreOS (FCOS) version on a nodes:

    1. Log in to the node by using a command similar to the following:

      $ oc debug node/<node_name>

    2. Set /host as the root directory within the debug shell by using the following command:

      sh-5.1# chroot /host

    3. View the /sysroot/.coreos-aleph-version.json file by using a command similar to the following:

      sh-5.1# cat /sysroot/.coreos-aleph-version.json
      Example output
      {
# ...
    "ref": "docker://ostree-image-signed:oci-archive:/rhcos-9.6.20251015-1-ostree.x86_64.ociarchive",
    "version": "9.6.20251015-1"
}

      where:

      <version>

      Specifies the boot image version.

Disabling boot image management

You can disable the boot image management feature so that the Machine Config Operator (MCO) no longer manages or updates the boot image in the affected machine sets. For example, you could disable this feature for the worker nodes in order to use a custom boot image that you do not want changed.

You disable the boot image management feature for the control plane or worker machine sets in your cluster by editing the MachineConfiguration object.

The following table lists the platforms on which boot image management is available:

Platform Worker machine sets Control plane machine sets

Google Cloud

Enabled by default

Disabled by default

Amazon Web Services (AWS)

Enabled by default

Disabled by default

Microsoft Azure

Enabled by default

Disabled by default

VMware vSphere

Enabled by default

Not supported

For all other platforms, the MCO does not update the boot image with each cluster update.

Disabling this feature does not rollback the nodes or machine sets to the originally-installed boot image. The machine sets retain the boot image version that was present when the feature was disabled and is not updated if the cluster is upgraded to a new OKD version in the future. This feature has no effect on existing nodes.

After disabling the feature, you can re-enable the feature at any time. For more information, see "Enabling updated boot images".

Procedure

  1. Edit the MachineConfiguration object, named cluster, by using the following command::

    $ oc edit MachineConfiguration cluster

  2. Disable the feature for some or all of your machine sets:

    apiVersion: operator.openshift.io/v1
kind: MachineConfiguration
metadata:
  name: cluster
  namespace: openshift-machine-config-operator
spec:
# ...
  managedBootImages:
    machineManagers:
    - apiGroup: machine.openshift.io
      resource: machinesets
      selection:
        mode: None
    - apiGroup: machine.openshift.io
      resource: controlplanemachinesets
      selection:
        mode: None

    where:

    spec.managedBootImages

    Configures the boot image management feature.

    spec.managedBootImages.machineManagers.selection.mode.None

    Specifies that the feature is disabled for all machine sets in the cluster. Set the selection mode to None for one or both of the following resources to disable the feature for that resource.

    • controlplanemachinesets: Disable boot image management for control plane machine sets.

    • machinesets: Disables boot image management for worker machine sets.

Verification

  • View the current state of the boot image management feature by using the following command to view the machine configuration object:

    $ oc get machineconfiguration cluster -o yaml
    Example machine set with the boot image reference
    kind: MachineConfiguration
metadata:
  name: cluster
# ...
status:
  conditions:
  - lastTransitionTime: "2025-05-01T20:11:49Z"
    message: Reconciled 2 of 4 MAPI MachineSets | Reconciled 0 of 0 CAPI MachineSets
      | Reconciled 0 of 0 CAPI MachineDeployments
    reason: BootImageUpdateConfigurationUpdated
    status: "True"
    type: BootImageUpdateProgressing
  - lastTransitionTime: "2025-05-01T19:30:13Z"
    message: 0 Degraded MAPI MachineSets | 0 Degraded CAPI MachineSets | 0 CAPI MachineDeployments
    reason: BootImageUpdateConfigurationUpdated
    status: "False"
    type: BootImageUpdateDegraded
  managedBootImagesStatus:
    machineManagers:
    - apiGroup: machine.openshift.io
      resource: controlplanemachinesets
      selection:
        mode: None
    - apiGroup: machine.openshift.io
      resource: machinesets
      selection:
        mode: All

    where:

    status.managedBootImagesStatus.machineManagers.selection.mode

    Specifies that the boot image management feature is disabled when set to None. In this example, the boot image management feature is disabled for control plane machine sets and enabled for worker machine sets.