az login
RESOURCE_GROUP={RESOURCE_GROUP}
SUBSCRIPTION_ID={SUBSCRIPTION_ID}
TENANT_ID={TENANT_ID}
CLIENT_SECRET={CLIENT_SECRET}
APP_NAME={SERVICE_PRINCIPAL_NAME}
az account set -s $SUBSCRIPTION_ID
az ad app create --display-name $APP_NAME --homepage "http://localhost/$APP_NAME"
APP_ID=$(az ad app list --display-name $APP_NAME | jq '.[0].appId' | tr -d '"')
az ad sp create-for-rbac --name $APP_ID --role="Contributor" --scopes="/subscriptions/$SUBSCRIPTION_ID/resourceGroups/$RESOURCE_GROUP"
az ad sp credential reset --name "$APP_ID" --password "${CLIENT_SECRET}"
CLIENT_ID=$(az ad sp list --display-name $APP_ID | jq '.[0].appId' | tr -d '"')
az role assignment create --assignee "$CLIENT_ID" --role "Owner" --subscription "$SUBSCRIPTION_ID"
Replace
{RESOURCE_GROUP}
with an existing resource group name; a resource group is nothing more than a container for related resources. Replace{SUBSCRIPTION_ID}
with the id of your Azure subscription. Replace{TENANT_ID}
with the tenant identifier. To find the default subscription and tenant id typeaz account list --query "[?isDefault]"
. Replace{CLIENT_SECRET}
with any alpha-numeric set of characters (and this secret must be 8 or more characters in length). Replace{SERVICE_PRINCIPAL_NAME}
with any alpha-numeric set of characters (and this name must also be 8 or more characters in length).
az login --service-principal --username {APP_ID} --password {CLIENT_SECRET} --tenant {TENANT_ID}
Replace
{APP_ID}
,{CLIENT_SECRET}
, and{TENANT_ID}
with the values you used to create the service principal above.
See https://docs.microsoft.com/en-us/azure/virtual-machines/create-gallery?tabs=cli and https://docs.microsoft.com/en-us/cli/azure/sig?view=azure-cli-latest#az-sig-create-examples.
For example
az sig create --resource-group cloudmonk --gallery-name toolsetvms
See https://docs.microsoft.com/en-us/azure/virtual-machines/image-version?tabs=cli and https://docs.microsoft.com/en-us/cli/azure/sig/image-definition?view=azure-cli-latest#az-sig-image-definition-create.
For example
az sig image-definition create \
--resource-group cloudmonk \
--gallery-name toolsetvms \
--gallery-image-definition K8sToolsetImage \
--publisher myPublisher \
--offer 0000-com-vmware-k8s-toolset-vm \
--sku 2023 \
--os-type Linux \
--os-state generalized
Copy common scripts into place
cp ../../../../scripts/init.sh .
cp ../../../../scripts/kind-load-cafile.sh .
cp ../../../../scripts/inventory.sh .
cp ../../../../scripts/install-krew-and-plugins.sh .
Fetch Tanzu CLI
cp ../../../../scripts/fetch-tanzu-cli.sh .
./fetch-tanzu-cli.sh {CSP_API_TOKEN} linux {TANZU_CLI_VERSION} {TANZU_CLI_CORE_VERSION}
Replace
{CSP_API_TOKEN}
with the VMware Cloud Service Platform API Token, used for authenticating to the VMware Marketplace. Replace{TANZU_CLI_VERSION}
and{TANZU_CLI_CORE_VERSION}
with a supported (and available) version numbers for the CLI you wish to embed in the container image. If your account has been granted access, the script will download a tarball, extract the Tanzu CLI and place it into adist
directory. The tarball and other content will be discarded. (The script has "smarts" built-in to determine whether or not to fetch a version of the CLI that may have already been fetched and placed in thedist
directory).
Fetch and install TAP plugins
cp ../../../../scripts/install-tap-plugins.sh
You're just copying this script into place.
Fetch and install oci CLI
cp ../../../../scripts/fetch-and-install-oci-cli.sh .
You're just copying this script into place.
Type the following to build the image
packer init {HCL_FILENAME}
packer fmt {HC_FILENAME}
packer validate {HCL_FILENAME}
packer inspect {HCL}
packer build -only='{BUILD_NAME}.*' {HCL_FILENAME}
Replace
{HCL_FILENAME}
with one of [arm.pkr.hcl
,arm-ci.pkr.hcl
]. If you choosearm-ci.pkr.hcl
you will need to supply additional-var
key-value pairs for [subscription_id
,tenant_id
,client_id
, andclient_secret
] topacker build
above.
Replace
{BUILD_NAME}
with one of [standard
,with-tanzu
]; a file provisioner uploads the Tanzu CLI into your image when set towith-tanzu
. You have the option post image build to fetch and install or upgrade it via mkpcli. The fetch-tanzu-cli.sh script is also packaged and available for your convenience in the resultant image.
In ~10 minutes you should notice a
manifest.json
file where within theartifact_id
contains a reference to the image ID.
You may wish to size the instance and/or choose a different region to host the image.
packer build --var vm_size="Standard_A4" --var location="eastus2" -only='standard.*' arm.pkr.hcl
Consult the
variable
blocks inside arm.pkr.hcl