Notes: The template ack-centos.json is used for building custom image for ACK cluster based on the latest published ecs centos public image.
This repository contains resources and configuration scripts for building a custom base OS Image for ACK with HashiCorp Packer.
- CentOS 7.6/7.7
- Aliyun Linux 2 (Alibaba Cloud Linux 2)
You must have Packer installed on your local system. For more information, see Installing Packer in the Packer documentation. You must also have Alibaba Cloud account credentials configured so that Packer can make calls to Alibaba Cloud API operations on your behalf.
For more information, see Alibaba Cloud builder in the Packer documentation.
Execute following scripts in your shell
export ALICLOUD_ACCESS_KEY=XXX
export ALICLOUD_SECRET_KEY=XXX
packer build ack-centos.json
bash build/build.sh examples/ack-kubernetes.json
Notes: you need input the follow params:
- Alicloud ACCESS_KEY
- Alicloud SECRET_KEY
- REGION
- Docker Version
- Kubernetes Version
If you are using a sub account,the ram policy should at least include actions as below:
{
"Version": "1",
"Statement": [
{
"Action": [
"ecs:DescribeImages",
"ecs:CreateImage",
"ecs:ModifyImageSharePermission",
"ecs:CreateKeyPair",
"ecs:DeleteKeyPairs",
"ecs:DetachKeyPair",
"ecs:AttachKeyPair",
"ecs:CreateSecurityGroup",
"ecs:DeleteSecurityGroup",
"ecs:AuthorizeSecurityGroupEgress",
"ecs:AuthorizeSecurityGroup",
"ecs:CreateSnapshot",
"ecs:AttachDisk",
"ecs:DetachDisk",
"ecs:DescribeDisks",
"ecs:CreateDisk",
"ecs:DeleteDisk",
"ecs:CreateNetworkInterface",
"ecs:DescribeNetworkInterfaces",
"ecs:AttachNetworkInterface",
"ecs:DetachNetworkInterface",
"ecs:DeleteNetworkInterface",
"ecs:DescribeInstanceAttribute",
"ecs:CreateInstance",
"ecs:DeleteInstance",
"ecs:StartInstance",
"ecs:StopInstance",
"ecs:DescribeInstances"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Action": [
"vpc:CreateVpc",
"vpc:DeleteVpc",
"vpc:DescribeVpcs",
"vpc:CreateVSwitch",
"vpc:DeleteVSwitch",
"vpc:DescribeVSwitches",
"vpc:AllocateEipAddress",
"vpc:AssociateEipAddress",
"vpc:UnassociateEipAddress",
"vpc:DescribeEipAddresses",
"vpc:ReleaseEipAddress"
],
"Resource": [
"*"
],
"Effect": "Allow"
}
]
}
For security issues or concerns, please do not open an issue or pull request on GitHub. Please report any suspected or confirmed security issues to Alibaba Cloud Container Security contact kubernetes-security@service.aliyun.com