This repository contains resources and configuration scripts for building a custom base OS Image for ACK with HashiCorp Packer.
You must have Packer installed on your local system. For more information, see Installing Packer in the Packer documentation. You must also have Alibaba Cloud account credentials configured so that Packer can make calls to Alibaba Cloud API operations on your behalf.
For more information, see Alibaba Cloud builder in the Packer documentation.
Execute following scripts in your shell
export ALICLOUD_ACCESS_KEY=XXX
export ALICLOUD_SECRET_KEY=XXX
packer build ack-centos.json
If you are using a sub account,the ram policy should at least include actions as below:
{
"Version": "1",
"Statement": [
{
"Action": [
"ecs:DescribeImages",
"ecs:CreateImage",
"ecs:ModifyImageSharePermission",
"ecs:CreateKeyPair",
"ecs:DeleteKeyPairs",
"ecs:DetachKeyPair",
"ecs:AttachKeyPair",
"ecs:CreateSecurityGroup",
"ecs:DeleteSecurityGroup",
"ecs:AuthorizeSecurityGroupEgress",
"ecs:AuthorizeSecurityGroup",
"ecs:CreateSnapshot",
"ecs:AttachDisk",
"ecs:DetachDisk",
"ecs:DescribeDisks",
"ecs:CreateDisk",
"ecs:DeleteDisk",
"ecs:CreateNetworkInterface",
"ecs:DescribeNetworkInterfaces",
"ecs:AttachNetworkInterface",
"ecs:DetachNetworkInterface",
"ecs:DeleteNetworkInterface",
"ecs:DescribeInstanceAttribute",
"ecs:CreateInstance",
"ecs:DeleteInstance",
"ecs:StartInstance",
"ecs:StopInstance",
"ecs:DescribeInstances"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Action": [
"vpc:CreateVpc",
"vpc:DeleteVpc",
"vpc:DescribeVpcs",
"vpc:CreateVSwitch",
"vpc:DeleteVSwitch",
"vpc:DescribeVSwitches",
"vpc:AllocateEipAddress",
"vpc:AssociateEipAddress",
"vpc:UnassociateEipAddress",
"vpc:DescribeEipAddresses",
"vpc:ReleaseEipAddress"
],
"Resource": [
"*"
],
"Effect": "Allow"
}
]
}
For security issues or concerns, please do not open an issue or pull request on GitHub. Please report any suspected or confirmed security issues to Alibaba Cloud Container Security contact [email protected]