Construct UKIURL from the OCI format for the HTTPBoot

hardikdr · hardikdr · commit a19e9d4ed2c3 · 2025-06-10T15:12:48.000+02:00
diff --git a/internal/controller/serverbootconfiguration_http_controller.go b/internal/controller/serverbootconfiguration_http_controller.go
@@ -5,7 +5,10 @@ package controller
 
 import (
 	"context"
+	"encoding/json"
 	"fmt"
+	"github.com/containerd/containerd/remotes/docker"
+	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 	"strings"
 
 	corev1 "k8s.io/api/core/v1"
@@ -25,6 +28,10 @@ import (
 	metalv1alpha1 "github.com/ironcore-dev/metal-operator/api/v1alpha1"
 )
 
+const (
+	MediaTypeUKI = "application/vnd.ironcore.image.uki"
+)
+
 type ServerBootConfigurationHTTPReconciler struct {
 	client.Client
 	Scheme         *runtime.Scheme
@@ -75,7 +82,10 @@ func (r *ServerBootConfigurationHTTPReconciler) reconcile(ctx context.Context, l
 	}
 	log.V(1).Info("Got system IPs from Server", "systemIPs", systemIPs)
 
-	ukiURL := r.constructUKIURL(config.Spec.Image)
+	ukiURL, err := r.constructUKIURL(ctx, config.Spec.Image)
+	if err != nil {
+		return ctrl.Result{}, fmt.Errorf("failed to construct UKI URL: %w", err)
+	}
 	log.V(1).Info("Extracted UKI URL for boot")
 
 	httpBootConfig := &bootv1alpha1.HTTPBootConfig{
@@ -166,16 +176,46 @@ func (r *ServerBootConfigurationHTTPReconciler) getSystemIPFromServer(ctx contex
 	return systemIPs, nil
 }
 
-func (r *ServerBootConfigurationHTTPReconciler) constructUKIURL(image string) string {
-	sanitizedImage := strings.ReplaceAll(image, "/", "-")
-	sanitizedImage = strings.ReplaceAll(sanitizedImage, ":", "-")
-	sanitizedImage = strings.ReplaceAll(sanitizedImage, "https://", "")
-	sanitizedImage = strings.ReplaceAll(sanitizedImage, "http://", "")
+func (r *ServerBootConfigurationHTTPReconciler) constructUKIURL(ctx context.Context, image string) (string, error) {
+	imageDetails := strings.Split(image, ":")
+	if len(imageDetails) != 2 {
+		return "", fmt.Errorf("invalid image format")
+	}
+
+	ukiDigest, err := r.getUKIDigestFromNestedManifest(ctx, imageDetails[0], imageDetails[1])
+	if err != nil {
+		return "", fmt.Errorf("failed to fetch UKI layer digest: %w", err)
+	}
+
+	ukiURL := fmt.Sprintf("%s/image?imageName=%s&version=%s&layerDigest=%s", r.ImageServerURL, imageDetails[0], imageDetails[1], ukiDigest)
+	return ukiURL, nil
+}
+
+func (r *ServerBootConfigurationHTTPReconciler) getUKIDigestFromNestedManifest(ctx context.Context, imageName, imageVersion string) (string, error) {
+	resolver := docker.NewResolver(docker.ResolverOptions{})
+	imageRef := fmt.Sprintf("%s:%s", imageName, imageVersion)
+	name, desc, err := resolver.Resolve(ctx, imageRef)
+	if err != nil {
+		return "", fmt.Errorf("failed to resolve image reference: %w", err)
+	}
+
+	manifestData, err := fetchContent(ctx, resolver, name, desc)
+	if err != nil {
+		return "", fmt.Errorf("failed to fetch manifest data: %w", err)
+	}
+
+	var manifest ocispec.Manifest
+	if err := json.Unmarshal(manifestData, &manifest); err != nil {
+		return "", fmt.Errorf("failed to unmarshal manifest: %w", err)
+	}
 
-	filename := fmt.Sprintf("%s-uki.efi", sanitizedImage)
+	for _, layer := range manifest.Layers {
+		if layer.MediaType == MediaTypeUKI {
+			return layer.Digest.String(), nil
+		}
+	}
 
-	ukiURL := fmt.Sprintf("%s/%s", r.ImageServerURL, filename)
-	return ukiURL
+	return "", fmt.Errorf("UKI layer digest not found")
 }
 
 // SetupWithManager sets up the controller with the Manager.
