-
Notifications
You must be signed in to change notification settings - Fork 34
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
add image creation jobs for aws and azure
cloud providers Signed-off-by: Snir Sheriber <ssheribe@redhat.com>
- Loading branch information
Showing
2 changed files
with
168 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,78 @@ | ||
| apiVersion: batch/v1 | ||
| kind: Job | ||
| metadata: | ||
| name: aws-image-creation | ||
| namespace: openshift-sandboxed-containers-operator | ||
| spec: | ||
| parallelism: 1 | ||
| completions: 1 | ||
| backoffLimit: 1 | ||
| template: | ||
| metadata: | ||
| name: aws-image-creation | ||
| spec: | ||
| volumes: | ||
| - name: shared-data | ||
| emptyDir: {} | ||
|
|
||
| #hostNetwork: true # needed for imds access | ||
| securityContext: | ||
| runAsUser: 0 # needed for container mode dnf access | ||
|
|
||
| initContainers: | ||
| - name: payload | ||
| # change | ||
| image: quay.io/snir/podvm-binaries:rhel | ||
| volumeMounts: | ||
| - name: shared-data | ||
| mountPath: /payload | ||
| command: ["/bin/sh"] | ||
| args: ["-c", "cp /podvm-binaries.tar.gz /payload/"] | ||
|
|
||
| containers: | ||
| - name: aws-image-creation | ||
| image: registry.access.redhat.com/ubi9/ubi:9.1 | ||
| volumeMounts: | ||
| - name: shared-data | ||
| mountPath: /payload | ||
| env: | ||
| - name: PODVM_DISTRO | ||
| value: rhel | ||
| # - name: INSTANCE_TYPE | ||
| # value: "t2.small" # default is t3.small, uncomment if not available in your region | ||
| # - name: AWS_REGION | ||
| # value: "" | ||
| # - name: VPC_ID | ||
| # value: "" | ||
| # - name: SUBNET_ID | ||
| # value: "" | ||
| envFrom: | ||
| - secretRef: | ||
| name: peer-pods-secret | ||
| - configMapRef: | ||
| name: peer-pods-cm | ||
| optional: true | ||
| command: | ||
| - /bin/sh | ||
| - -c | ||
| - | | ||
| yum install -y yum-utils make git | ||
| yum-config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo | ||
| yum -y install packer | ||
| PATH="/usr/bin:${PATH}" | ||
| packer plugins install github.com/hashicorp/amazon | ||
| git clone https://github.com/confidential-containers/cloud-api-adaptor.git | ||
| cd cloud-api-adaptor && git checkout fcbfb26bb567bfa5aa6dc934d4a43ef9c3b3e3bf && cd - | ||
| tar xvf /payload/podvm-binaries.tar.gz -C cloud-api-adaptor/podvm/files | ||
| export MAC=$(curl -m 30 -s --show-error http://169.254.169.254/latest/meta-data/mac) | ||
| [[ ! "${AWS_REGION}" ]] && export AWS_REGION=$(curl -m 30 -s --show-error http://169.254.169.254/latest/meta-data/placement/region) | ||
| [[ ! "${AWS_REGION}" ]] && echo "AWS_REGION is missing" && exit 1 | ||
| [[ ! "${VPC_ID}" ]] && export VPC_ID=$(curl -m 30 -s --show-error http://169.254.169.254/latest/meta-data/network/interfaces/macs/${MAC}/vpc-id) | ||
| [[ ! "${VPC_ID}" ]] && echo "VPC_ID is missing" && exit 1 | ||
| [[ ! "${SUBNET_ID}" ]] && export SUBNET_ID=$(curl -m 30 -s --show-error http://169.254.169.254/latest/meta-data/network/interfaces/macs/${MAC}/subnet-id) | ||
| [[ ! "${SUBNET_ID}" ]] && echo "SUBNET_ID is missing" && exit 1 | ||
| cd cloud-api-adaptor/aws/image | ||
| export IMAGE_NAME=${IMAGE_NAME:-peer-pod-ami} | ||
| LIBC=gnu make BINARIES= PAUSE_BUNDLE= image && \ | ||
| echo "Set the AMI_ID ^ in your Secret/peer-pods-secret or ConfigMap/peer-pods-cm object" | ||
| restartPolicy: Never |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,90 @@ | ||
| apiVersion: batch/v1 | ||
| kind: Job | ||
| metadata: | ||
| name: azure-image-creation | ||
| namespace: openshift-sandboxed-containers-operator | ||
| spec: | ||
| parallelism: 1 | ||
| completions: 1 | ||
| backoffLimit: 1 | ||
| template: | ||
| metadata: | ||
| name: azure-image-creation | ||
| spec: | ||
| volumes: | ||
| - name: shared-data | ||
| emptyDir: {} | ||
|
|
||
| securityContext: | ||
| runAsUser: 0 # needed for container mode dnf access | ||
|
|
||
| initContainers: | ||
| - name: payload | ||
| image: quay.io/snir/podvm-binaries:rhel | ||
| volumeMounts: | ||
| - name: shared-data | ||
| mountPath: /payload | ||
| command: ["/bin/sh"] | ||
| args: ["-c", "cp /podvm-binaries.tar.gz /payload/"] | ||
|
|
||
| containers: | ||
| - name: azure-image-creation | ||
| image: registry.access.redhat.com/ubi9/ubi:9.1 | ||
| volumeMounts: | ||
| - name: shared-data | ||
| mountPath: /payload | ||
| env: | ||
| #- name: VM_SIZE | ||
| # value: "Standard_A2_v2" | ||
| - name: PODVM_DISTRO | ||
| value: rhel | ||
| - name: PUBLISHER | ||
| value: "RedHat" | ||
| - name: OFFER | ||
| value: "RHEL" | ||
| - name: SKU | ||
| value: "9-lvm" | ||
| envFrom: | ||
| - secretRef: | ||
| name: peer-pods-secret | ||
| - configMapRef: | ||
| name: peer-pods-cm | ||
| optional: true | ||
| command: | ||
| - /bin/sh | ||
| - -c | ||
| - | | ||
| yum install -y yum-utils make git | ||
| yum-config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo | ||
| yum -y install packer | ||
| PATH="/usr/bin:${PATH}" | ||
| git clone https://github.com/confidential-containers/cloud-api-adaptor.git | ||
| cd cloud-api-adaptor && git checkout fcbfb26bb567bfa5aa6dc934d4a43ef9c3b3e3bf && cd - | ||
| tar xvf /payload/podvm-binaries.tar.gz -C cloud-api-adaptor/podvm/files | ||
| [[ ! "${AZURE_REGION}" ]] && echo "AZURE_REGION is missing" && exit 1 | ||
| [[ ! "${AZURE_TENANT_ID}" ]] && echo "AZURE_TENANT_ID is missing" && exit 1 | ||
| [[ ! "${AZURE_RESOURCE_GROUP}" ]] && echo "AZURE_RESOURCE_GROUP is missing" && exit 1 | ||
| [[ ! "${AZURE_SUBSCRIPTION_ID}" ]] && echo "AZURE_SUBSCRIPTION_ID is missing" && exit 1 | ||
| [[ ! "${AZURE_CLIENT_SECRET}" ]] && echo "AZURE_CLIENT_SECRET is missing" && exit 1 | ||
| [[ ! "${AZURE_CLIENT_ID}" ]] && echo "AZURE_CLIENT_ID is missing" && exit 1 | ||
| export PKR_VAR_client_id=${AZURE_CLIENT_ID} | ||
| export PKR_VAR_client_secret=${AZURE_CLIENT_SECRET} | ||
| export PKR_VAR_subscription_id=${AZURE_SUBSCRIPTION_ID} | ||
| export PKR_VAR_tenant_id=${AZURE_TENANT_ID} | ||
| export PKR_VAR_resource_group=${AZURE_RESOURCE_GROUP} | ||
| export PKR_VAR_location=${AZURE_LOCATION} | ||
| export PKR_VAR_az_image_name=${IMAGE_NAME} | ||
| export PKR_VAR_vm_size=${VM_SIZE} | ||
| export PKR_VAR_ssh_username=${SSH_USERNAME:-peerpod} | ||
| export PKR_VAR_publisher=${PUBLISHER} | ||
| export PKR_VAR_offer=${OFFER} | ||
| export PKR_VAR_sku=${SKU} | ||
| export PKR_VAR_plan_name=${PLAN_NAME} | ||
| export PKR_VAR_plan_product=${PLAN_PRODUCT} | ||
| export PKR_VAR_plan_publisher=${PLAN_PUBLISHER} | ||
| cd cloud-api-adaptor/azure/image | ||
| packer init ${PODVM_DISTRO}/ | ||
| export IMAGE_NAME=${IMAGE_NAME:-peer-pod-vmimage} | ||
| make BINARIES= PAUSE_BUNDLE= image && \ | ||
| echo "Set the image AZURE_IMAGE_ID^ in your Secret/peer-pods-secret or ConfigMap/peer-pods-cm object" | ||
| restartPolicy: Never |