Using a container image to build a custom image

This image building approach eliminates the need to manually install and maintain pre-requisite packages like Ansible, Packer, libraries etc. It requires only Docker installed on your machine. All dependencies are handled in Docker while building the container image. This stable container image can be used and reused as a basis for building your own custom images.

Image builder uses GCR to store promoted images in a central registry. Latest container images can be found here - Staging and GA

Building a Container Image

Run the docker build target of Makefile

make docker-build

Using a Container Image

The latest image-builder container image release is available here:

docker pull registry.k8s.io/scl-image-builder/cluster-node-image-builder-amd64:v0.1.40

Examples

  • AMI

    • If the AWS CLI is already installed on your machine, you can simply mount the ~/.aws folder that stores all the required credentials.
    docker run -it --rm -v /Users/<user>/.aws:/home/imagebuilder/.aws registry.k8s.io/scl-image-builder/cluster-node-image-builder-amd64:v0.1.40 build-ami-ubuntu-2004
    
    • Another alternative is to use an aws-creds.env file to load the credentials and pass it during docker run.

      AWS_ACCESS_KEY_ID=xxxxxxx
      AWS_SECRET_ACCESS_KEY=xxxxxxxx
      AWS_DEFAULT_REGION=xxxxxx
      
        docker run -it --rm --env-file aws-creds.env registry.k8s.io/scl-image-builder/cluster-node-image-builder-amd64:v0.1.40 build-ami-ubuntu-2004
    
  • AZURE

    • You’ll need an az-creds.env file to load environment variables AZURE_SUBSCRIPTION_ID, AZURE_TENANT_ID, AZURE_CLIENT_ID and AZURE_CLIENT_SECRET

      AZURE_SUBSCRIPTION_ID=xxxxxxx
      AZURE_TENANT_ID=xxxxxxx
      AZURE_CLIENT_ID=xxxxxxxx
      AZURE_CLIENT_SECRET=xxxxxx
      
    docker run -it --rm --env-file az-creds.env registry.k8s.io/scl-image-builder/cluster-node-image-builder-amd64:v0.1.40 build-azure-sig-ubuntu-2004
    
  • Proxmox

    • You’ll need a proxmox.env file to load environment variables such as:

      PROXMOX_BRIDGE=vmbr0
      PROXMOX_ISO_POOL=tower
      PROXMOX_NODE=pve-c
      PROXMOX_STORAGE_POOL=cephfs
      PROXMOX_TOKEN=xxxxxxxx
      PROXMOX_URL=https://1.2.3.4:8006/api2/json
      PROXMOX_USERNAME=capmox@pve!capi
      
    • Docker’s --net=host option to ensure http server starts with the host IP and not the Docker container IP. This option is Linux specific and thus implies that it can be run only from a Linux machine.

    • Proxmox provider requires a tmp folder to be mounted within the container to the downloaded_iso_path folder

    docker run -it --rm --net=host --env-file proxmox.env \
      -v /tmp:/home/imagebuilder/images/capi/downloaded_iso_path \
      registry.k8s.io/scl-image-builder/cluster-node-image-builder-amd64:v0.1.38 build-proxmox-ubuntu-2204
    
  • vSphere OVA

    • vsphere.json configuration file with user and hypervisor credentials. A template of this file can be found here

    • Docker’s --net=host option to ensure http server starts with the host IP and not the Docker container IP. This option is Linux specific and thus implies that it can be run only from a Linux machine.

    docker run -it --rm --net=host --env PACKER_VAR_FILES=/home/imagebuilder/vsphere.json -v <complete path of vsphere.json>:/home/imagebuilder/vsphere.json registry.k8s.io/scl-image-builder/cluster-node-image-builder-amd64:v0.1.40 build-node-ova-vsphere-ubuntu-2004
    

In addition to this, further customizations can be done as discussed here.