Within OpenShift, certain OS extensions such as realtime kernels, and other packages are distributed via an extensions image within the OpenShift release manifest. One can get the pullspec for the current extensions image by running:

$ oc get configmap/machine-config-osimageurl -n openshift-machine-config-operator -o=jsonpath='{.data.baseOSExtensionsContainerImage}'

Currently, the MCO supports enabling realtime kernels and other extensions by pulling and extracting this image to the local filesystem so that its contents may be consumed as a local package repository. We should enable the same behavior within on-cluster builds. At this moment in time, the Dockerfile that is generated by BuildController is aware of the extensions image, but it no-ops.

For additional context, the web server was removed from the extensions image due to FIPS concerns. Therefore, the path of least resistance may be extracting the image contents and configuring it within a local directory.

Done When:

• BuildController consumes the extensions and kernelType field in the MachineConfig spec by selectively copying the appropriate files from the extensions image into the final OS image and installing those packages using rpm-ostree.