USHIFT-6983: Drop optional components from tuned CI images

test/image-blueprints-bootc/el10/layer4-release/group2/rhel102-bootc-brew-lrel-tuned.containerfile

@@ -1,6 +1,47 @@
 # {{- if env.Getenv "BREW_LREL_RELEASE_VERSION" "" -}}
 # Note: This comment makes templating add a new line before the code
-FROM localhost/rhel102-bootc-brew-lrel-optional:latest
+FROM localhost/rhel102-test-agent:latest
+
+# Build arguments
+ARG USHIFT_RPM_REPO_NAME=microshift-brew
+ARG USHIFT_RPM_REPO_PATH=/tmp/$USHIFT_RPM_REPO_NAME
+
+# Copy the MicroShift repository contents
+COPY ./rpm-repos/$USHIFT_RPM_REPO_NAME $USHIFT_RPM_REPO_PATH
+
+# Copy repository configuration
+COPY ./bootc-images/$USHIFT_RPM_REPO_NAME.repo ./bootc-images/microshift-fast-datapath-rhel9.repo ./bootc-images/microshift-rhocp-y.repo \
+    /etc/yum.repos.d/
+
+# Install MicroShift with low-latency support and cleanup.
+# Optional components are excluded to reduce etcd pressure during startup
+# on CPU-constrained tuned VMs (TuneD isolates most CPUs from system services).
+# OpenSSL is added as a temporary workaround. Systemd-resolved will bump systemd to a newer
+# version that requires openssl 3.4 or higher, but package is kept at 3.2.2. By installing
+# it we force an upgrade so that everything works.
+RUN dnf repoinfo --enabled && \
+    dnf install -y firewalld systemd-resolved openssl \
+        {{ range (env.Getenv "MICROSHIFT_MANDATORY_RPMS" | strings.Split " ") -}}
+        "{{ . }}-{{ env.Getenv "BREW_LREL_RELEASE_VERSION" }}" \
+        {{ end -}}
+        "microshift-low-latency-{{ env.Getenv "BREW_LREL_RELEASE_VERSION" }}" \
+        && \
+    systemctl enable microshift microshift-test-agent && \
+    rm -vf /etc/yum.repos.d/microshift-*.repo && \
+    rm -rvf $USHIFT_RPM_REPO_PATH && \
+    dnf clean all
+
+# Configure firewall
+RUN firewall-offline-cmd --zone=public --add-port=22/tcp && \
+    firewall-offline-cmd --zone=trusted --add-source=10.42.0.0/16 && \
+    firewall-offline-cmd --zone=trusted --add-source=169.254.169.1 && \
+    firewall-offline-cmd --zone=trusted --add-source=fd01::/48 && \
+    firewall-offline-cmd --zone=public --add-port=80/tcp && \
+    firewall-offline-cmd --zone=public --add-port=443/tcp && \
+    firewall-offline-cmd --zone=public --add-port=5353/udp && \
+    firewall-offline-cmd --zone=public --add-port=6443/tcp && \
+    firewall-offline-cmd --zone=public --add-port=30000-32767/tcp && \
+    firewall-offline-cmd --zone=public --add-port=30000-32767/udp
 
 # Enable microshift-tuned service
 RUN systemctl enable microshift-tuned

test/image-blueprints-bootc/el9/layer4-release/group2/rhel98-bootc-brew-lrel-tuned.containerfile

@@ -1,6 +1,44 @@
 # {{- if env.Getenv "BREW_LREL_RELEASE_VERSION" "" -}}
 # Note: This comment makes templating add a new line before the code
-FROM localhost/rhel98-bootc-brew-lrel-optional:latest
+FROM localhost/rhel98-test-agent:latest
+
+# Build arguments
+ARG USHIFT_RPM_REPO_NAME=microshift-brew
+ARG USHIFT_RPM_REPO_PATH=/tmp/$USHIFT_RPM_REPO_NAME
+
+# Copy the MicroShift repository contents
+COPY ./rpm-repos/$USHIFT_RPM_REPO_NAME $USHIFT_RPM_REPO_PATH
+
+# Copy repository configuration
+COPY ./bootc-images/$USHIFT_RPM_REPO_NAME.repo ./bootc-images/microshift-fast-datapath-rhel9.repo ./bootc-images/microshift-rhocp-y.repo \
+    /etc/yum.repos.d/
+
+# Install MicroShift with low-latency support and cleanup.
+# Optional components are excluded to reduce etcd pressure during startup
+# on CPU-constrained tuned VMs (TuneD isolates most CPUs from system services).
+RUN dnf repoinfo --enabled && \
+    dnf install -y firewalld systemd-resolved \
+        {{ range (env.Getenv "MICROSHIFT_MANDATORY_RPMS" | strings.Split " ") -}}
+        "{{ . }}-{{ env.Getenv "BREW_LREL_RELEASE_VERSION" }}" \
+        {{ end -}}
+        "microshift-low-latency-{{ env.Getenv "BREW_LREL_RELEASE_VERSION" }}" \
+        && \
+    systemctl enable microshift microshift-test-agent && \
+    rm -vf /etc/yum.repos.d/microshift-*.repo && \
+    rm -rvf $USHIFT_RPM_REPO_PATH && \
+    dnf clean all
+
+# Configure firewall
+RUN firewall-offline-cmd --zone=public --add-port=22/tcp && \
+    firewall-offline-cmd --zone=trusted --add-source=10.42.0.0/16 && \
+    firewall-offline-cmd --zone=trusted --add-source=169.254.169.1 && \
+    firewall-offline-cmd --zone=trusted --add-source=fd01::/48 && \
+    firewall-offline-cmd --zone=public --add-port=80/tcp && \
+    firewall-offline-cmd --zone=public --add-port=443/tcp && \
+    firewall-offline-cmd --zone=public --add-port=5353/udp && \
+    firewall-offline-cmd --zone=public --add-port=6443/tcp && \
+    firewall-offline-cmd --zone=public --add-port=30000-32767/tcp && \
+    firewall-offline-cmd --zone=public --add-port=30000-32767/udp
 
 # Enable microshift-tuned service
 RUN systemctl enable microshift-tuned