diff --git a/docs/book/src/SUMMARY.md b/docs/book/src/SUMMARY.md index 6545869675..c26e0386af 100644 --- a/docs/book/src/SUMMARY.md +++ b/docs/book/src/SUMMARY.md @@ -19,6 +19,7 @@ - [vSphere](./capi/providers/vsphere.md) - [Proxmox](./capi/providers/proxmox.md) - [Windows](./capi/windows/windows.md) + - [Including ECR Credential Provider](./capi/ecr-credential-provider.md) - [Testing the Images](./capi/goss/goss.md) - [Using Container Images](./capi/container-image.md) - [Customizing containerd](./capi/containerd/customizing-containerd.md) diff --git a/docs/book/src/capi/ecr-credential-provider.md b/docs/book/src/capi/ecr-credential-provider.md new file mode 100644 index 0000000000..d17894f1db --- /dev/null +++ b/docs/book/src/capi/ecr-credential-provider.md @@ -0,0 +1,21 @@ +# Including ECR Credential Provider + +Starting with Kuberentes v1.27 the cloud credential providers are no longer included in-tree and need to be included as external binaries and referenced by the Kubelet. + +To do this with image-builder you enable the use of [ecr-credential-provider](https://github.com/kubernetes/cloud-provider-aws/#aws-credential-provider) by setting the `ecr_credential_provider` packer variable to `true`. + +Once enabled, the `ecr-credential-provider` binary will be downloaded, a `CredentialProviderConfig` config will be created, and the kubelet flags will be updated to reference both of these. + +In most setups, this should be all that is needed but the following vars can be set to override various properties: + +| variable | default | description | +| --- | --- | --- | +| ecr_credential_provider_version | "v1.31.0" | The release version of [cloud-provider-aws](https://github.com/kubernetes/cloud-provider-aws/) to use | +| ecr_credential_provider_os | "linux" | The operating system | +| ecr_credential_provider_arch | "amd64" | The architecture | +| ecr_credential_provider_base_url | "https://storage.googleapis.com/k8s-artifacts-prod/binaries/cloud-provider-aws" | The base URL of where to get the binary from | +| ecr_credential_provider_install_dir | "/opt/bin" | The location to install the binary into | +| ecr_credential_provider_binary_filename | "ecr-credential-provider" | The filename to use for the downloaded binary | +| ecr_credential_provider_match_images | ["*.dkr.ecr.*.amazonaws.com", "*.dkr.ecr.*.amazonaws.com.cn"] | An array of globs to use for matching images that should use the credential provider. (If using gov-cloud you may need to change this) | +| ecr_credential_provider_aws_profile | "default" | The AWS profile to use with the credential provider | + diff --git a/images/capi/.ansible-lint-ignore b/images/capi/.ansible-lint-ignore index dc513ba1c2..44bb7b5b65 100644 --- a/images/capi/.ansible-lint-ignore +++ b/images/capi/.ansible-lint-ignore @@ -8,13 +8,16 @@ ansible/python.yml name[play] ansible/roles/containerd/tasks/main.yml name[missing] ansible/roles/containerd/tasks/main.yml risky-file-permissions ansible/roles/containerd/tasks/photon.yml no-changed-when +ansible/roles/containerd/tasks/redhat.yml fqcn[action-core] +ansible/roles/ecr_credential_provider/tasks/main.yaml no-changed-when +ansible/roles/ecr_credential_provider/tasks/main.yaml yaml[line-length] ansible/roles/firstboot/tasks/main.yaml name[missing] ansible/roles/firstboot/tasks/qemu.yml name[missing] ansible/roles/gpu/tasks/amd.yml no-changed-when -ansible/roles/gpu/tasks/main.yml ignore-errors ansible/roles/gpu/tasks/nvidia.yml no-changed-when ansible/roles/kubernetes/defaults/main.yml var-naming[no-role-prefix] ansible/roles/kubernetes/defaults/main.yml yaml[line-length] +ansible/roles/kubernetes/tasks/azurelinux.yml fqcn[action-core] ansible/roles/kubernetes/tasks/crictl-url.yml name[template] ansible/roles/kubernetes/tasks/debian.yml jinja[spacing] ansible/roles/kubernetes/tasks/ecrpull.yml command-instead-of-shell @@ -24,6 +27,7 @@ ansible/roles/kubernetes/tasks/kubeadmpull.yml no-changed-when ansible/roles/kubernetes/tasks/main.yml name[missing] ansible/roles/kubernetes/tasks/photon.yml jinja[spacing] ansible/roles/kubernetes/tasks/photon.yml no-changed-when +ansible/roles/kubernetes/tasks/redhat.yml fqcn[action-core] ansible/roles/kubernetes/tasks/redhat.yml jinja[spacing] ansible/roles/kubernetes/tasks/url.yml command-instead-of-shell ansible/roles/kubernetes/tasks/url.yml no-changed-when @@ -44,6 +48,7 @@ ansible/roles/providers/defaults/main.yml var-naming[no-role-prefix] ansible/roles/providers/tasks/aws.yml command-instead-of-shell ansible/roles/providers/tasks/aws.yml name[missing] ansible/roles/providers/tasks/aws.yml no-changed-when +ansible/roles/providers/tasks/awscliv2.yml fqcn[action-core] ansible/roles/providers/tasks/awscliv2.yml no-changed-when ansible/roles/providers/tasks/awscliv2.yml package-latest ansible/roles/providers/tasks/awscliv2.yml risky-file-permissions @@ -52,18 +57,25 @@ ansible/roles/providers/tasks/azure.yml risky-file-permissions ansible/roles/providers/tasks/cloudstack.yml command-instead-of-shell ansible/roles/providers/tasks/cloudstack.yml no-changed-when ansible/roles/providers/tasks/googlecompute.yml command-instead-of-shell +ansible/roles/providers/tasks/googlecompute.yml fqcn[action-core] ansible/roles/providers/tasks/googlecompute.yml no-changed-when +ansible/roles/providers/tasks/hcloud.yml fqcn[action-core] ansible/roles/providers/tasks/main.yml name[missing] ansible/roles/providers/tasks/main.yml risky-file-permissions +ansible/roles/providers/tasks/nutanix-redhat.yml fqcn[action-core] ansible/roles/providers/tasks/nutanix-redhat.yml risky-file-permissions ansible/roles/providers/tasks/nutanix-ubuntu.yml risky-file-permissions ansible/roles/providers/tasks/nutanix.yml name[missing] ansible/roles/providers/tasks/nutanix.yml risky-file-permissions +ansible/roles/providers/tasks/proxmox.yml fqcn[action-core] +ansible/roles/providers/tasks/qemu.yml fqcn[action-core] ansible/roles/providers/tasks/raw.yml command-instead-of-shell +ansible/roles/providers/tasks/raw.yml fqcn[action-core] ansible/roles/providers/tasks/raw.yml no-changed-when ansible/roles/providers/tasks/vmware-photon.yml no-changed-when ansible/roles/providers/tasks/vmware-photon.yml risky-file-permissions ansible/roles/providers/tasks/vmware-redhat.yml command-instead-of-shell +ansible/roles/providers/tasks/vmware-redhat.yml fqcn[action-core] ansible/roles/providers/tasks/vmware-redhat.yml no-changed-when ansible/roles/providers/tasks/vmware-ubuntu.yml risky-file-permissions ansible/roles/providers/tasks/vmware.yml name[missing] @@ -73,6 +85,7 @@ ansible/roles/python/tasks/main.yml name[missing] ansible/roles/python/tasks/main.yml no-changed-when ansible/roles/security/tasks/trivy.yml jinja[spacing] ansible/roles/setup/defaults/main.yml var-naming[no-role-prefix] +ansible/roles/setup/tasks/azurelinux.yml fqcn[action-core] ansible/roles/setup/tasks/azurelinux.yml name[missing] ansible/roles/setup/tasks/azurelinux.yml package-latest ansible/roles/setup/tasks/debian.yml command-instead-of-module @@ -84,6 +97,7 @@ ansible/roles/setup/tasks/main.yml name[missing] ansible/roles/setup/tasks/photon.yml name[missing] ansible/roles/setup/tasks/photon.yml no-changed-when ansible/roles/setup/tasks/redhat.yml command-instead-of-module +ansible/roles/setup/tasks/redhat.yml fqcn[action-core] ansible/roles/setup/tasks/redhat.yml name[missing] ansible/roles/setup/tasks/redhat.yml no-changed-when ansible/roles/setup/tasks/redhat.yml package-latest @@ -98,6 +112,7 @@ ansible/roles/sysprep/tasks/main.yml risky-file-permissions ansible/roles/sysprep/tasks/photon.yml name[missing] ansible/roles/sysprep/tasks/photon.yml no-changed-when ansible/roles/sysprep/tasks/redhat.yml command-instead-of-module +ansible/roles/sysprep/tasks/redhat.yml fqcn[action-core] ansible/roles/sysprep/tasks/redhat.yml name[missing] ansible/roles/sysprep/tasks/redhat.yml no-changed-when ansible/roles/sysprep/tasks/rpm_repos.yml no-changed-when diff --git a/images/capi/Makefile b/images/capi/Makefile index 3388a5a9b8..663fefeb0d 100644 --- a/images/capi/Makefile +++ b/images/capi/Makefile @@ -263,7 +263,8 @@ COMMON_NODE_VAR_FILES := packer/config/kubernetes.json \ packer/config/ansible-args.json \ packer/config/goss-args.json \ packer/config/common.json \ - packer/config/additional_components.json + packer/config/additional_components.json \ + packer/config/ecr_credential_provider.json COMMON_WINDOWS_VAR_FILES := packer/config/kubernetes.json \ packer/config/windows/kubernetes.json \ @@ -274,7 +275,8 @@ COMMON_WINDOWS_VAR_FILES := packer/config/kubernetes.json \ packer/config/windows/common.json \ packer/config/windows/cloudbase-init.json \ packer/config/goss-args.json \ - packer/config/additional_components.json + packer/config/additional_components.json \ + packer/config/ecr_credential_provider.json COMMON_POWERVS_VAR_FILES := packer/config/kubernetes.json \ packer/config/ppc64le/kubernetes.json \ @@ -282,12 +284,13 @@ COMMON_POWERVS_VAR_FILES := packer/config/kubernetes.json \ packer/config/ppc64le/cni.json \ packer/config/containerd.json \ packer/config/wasm-shims.json \ - packer/config/ppc64le/containerd.json \ - packer/config/ansible-args.json \ - packer/config/goss-args.json \ - packer/config/common.json \ - packer/config/ppc64le/common.json \ - packer/config/additional_components.json + packer/config/ppc64le/containerd.json \ + packer/config/ansible-args.json \ + packer/config/goss-args.json \ + packer/config/common.json \ + packer/config/ppc64le/common.json \ + packer/config/additional_components.json \ + packer/config/ecr_credential_provider.json # Initialize a list of flags to pass to Packer. This includes any existing flags # specified by PACKER_FLAGS, as well as prefixing the list with the variable diff --git a/images/capi/ansible/node.yml b/images/capi/ansible/node.yml index 8bdec16570..3a9cec149a 100644 --- a/images/capi/ansible/node.yml +++ b/images/capi/ansible/node.yml @@ -37,6 +37,9 @@ - ansible.builtin.include_role: name: load_additional_components when: load_additional_components | bool + - ansible.builtin.include_role: + name: ecr_credential_provider + when: ecr_credential_provider | bool - ansible.builtin.include_role: name: "{{ role }}" loop: "{{ custom_role_names.split() + node_custom_roles_post.split() }}" diff --git a/images/capi/ansible/roles/ecr_credential_provider/defaults/main.yml b/images/capi/ansible/roles/ecr_credential_provider/defaults/main.yml new file mode 100644 index 0000000000..d6953dbbd2 --- /dev/null +++ b/images/capi/ansible/roles/ecr_credential_provider/defaults/main.yml @@ -0,0 +1,25 @@ +# Copyright 2024 The Kubernetes Authors. + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- + +ecr_credential_provider_version: v1.31.0 +ecr_credential_provider_os: linux +ecr_credential_provider_arch: amd64 +ecr_credential_provider_base_url: https://storage.googleapis.com/k8s-artifacts-prod/binaries/cloud-provider-aws +ecr_credential_provider_install_dir: /opt/bin +ecr_credential_provider_binary_filename: ecr-credential-provider +ecr_credential_provider_match_images: + - "*.dkr.ecr.*.amazonaws.com" + - "*.dkr.ecr.*.amazonaws.com.cn" +ecr_credential_provider_aws_profile: default diff --git a/images/capi/ansible/roles/ecr_credential_provider/tasks/main.yaml b/images/capi/ansible/roles/ecr_credential_provider/tasks/main.yaml new file mode 100644 index 0000000000..4e5afd48c2 --- /dev/null +++ b/images/capi/ansible/roles/ecr_credential_provider/tasks/main.yaml @@ -0,0 +1,48 @@ +--- +- name: Ensure ecr_credential_provider is not already installed + ansible.builtin.stat: + path: "{{ ecr_credential_provider_install_dir }}/{{ ecr_credential_provider_binary_filename }}" + register: ecr_credential_provider_binary + +- name: Install ECR Credential Provider binary + when: not ecr_credential_provider_binary.stat.exists + block: + - name: Ensure bin directory exists + ansible.builtin.file: + path: "{{ ecr_credential_provider_install_dir }}" + state: directory + mode: "0755" + + - name: Download ecr_credential_provider binary + ansible.builtin.get_url: + url: "{{ ecr_credential_provider_base_url }}/{{ ecr_credential_provider_version }}/{{ ecr_credential_provider_os }}/{{ ecr_credential_provider_arch }}/ecr-credential-provider-{{ ecr_credential_provider_os }}-{{ ecr_credential_provider_arch }}" + dest: "{{ ecr_credential_provider_install_dir }}/{{ ecr_credential_provider_binary_filename }}" + mode: "0755" + +- name: Create the CredentialProviderConfig for the ECR Credential Provider + block: + - name: Ensure config directory exists + ansible.builtin.file: + path: /var/usr/ecr-credential-provider + state: directory + mode: "0755" + + - name: Create CredentialProviderConfig + ansible.builtin.template: + src: var/usr/ecr-credential-provider/ecr-credential-provider-config + dest: /var/usr/ecr-credential-provider/ecr-credential-provider-config + mode: "0644" + +- name: Update kubelet args to include credential provider flags + block: + - name: Ensure kubelet config exists + ansible.builtin.stat: + path: "{{ '/etc/default/kubelet' if ansible_os_family == 'Debian' else '/etc/sysconfig/kubelet' }}" + register: kubelet_config + failed_when: not kubelet_config.stat.exists + + - name: Add credential provider flags + when: kubelet_config.stat.exists + ansible.builtin.shell: | + set -e -o pipefail + sed -Ei 's|^(KUBELET_EXTRA_ARGS.*)|\1 --image-credential-provider-config=/var/usr/ecr-credential-provider/ecr-credential-provider-config --image-credential-provider-bin-dir={{ ecr_credential_provider_install_dir }}|' {{ '/etc/default/kubelet' if ansible_os_family == 'Debian' else '/etc/sysconfig/kubelet' }} diff --git a/images/capi/ansible/roles/ecr_credential_provider/templates/var/usr/ecr-credential-provider/ecr-credential-provider-config b/images/capi/ansible/roles/ecr_credential_provider/templates/var/usr/ecr-credential-provider/ecr-credential-provider-config new file mode 100644 index 0000000000..dcf50ef875 --- /dev/null +++ b/images/capi/ansible/roles/ecr_credential_provider/templates/var/usr/ecr-credential-provider/ecr-credential-provider-config @@ -0,0 +1,10 @@ +apiVersion: kubelet.config.k8s.io/v1 +kind: CredentialProviderConfig +providers: + - name: ecr-credential-provider + matchImages: {{ ecr_credential_provider_match_images }} + defaultCacheDuration: "12h" + apiVersion: credentialprovider.kubelet.k8s.io/v1 + env: + - name: AWS_PROFILE + value: "{{ ecr_credential_provider_aws_profile }}" diff --git a/images/capi/packer/config/ansible-args.json b/images/capi/packer/config/ansible-args.json index fd93b29d6c..b100f8e746 100644 --- a/images/capi/packer/config/ansible-args.json +++ b/images/capi/packer/config/ansible-args.json @@ -1,5 +1,5 @@ { "ansible_common_ssh_args": "-o IdentitiesOnly=yes", - "ansible_common_vars": "containerd_url={{user `containerd_url`}} containerd_sha256={{user `containerd_sha256`}} pause_image={{user `pause_image`}} containerd_additional_settings={{user `containerd_additional_settings`}} containerd_cri_socket={{user `containerd_cri_socket`}} containerd_version={{user `containerd_version`}} containerd_wasm_shims_url={{user `containerd_wasm_shims_url`}} containerd_wasm_shims_version={{user `containerd_wasm_shims_version`}} containerd_wasm_shims_sha256={{user `containerd_wasm_shims_sha256`}} containerd_wasm_shims_runtimes=\"{{user `containerd_wasm_shims_runtimes`}}\" containerd_wasm_shims_runtime_versions=\"{{user `containerd_wasm_shims_runtime_versions`}}\" crictl_url={{user `crictl_url`}} crictl_sha256={{user `crictl_sha256`}} crictl_source_type={{user `crictl_source_type`}} custom_role_names=\"{{user `custom_role_names`}}\" firstboot_custom_roles_pre=\"{{user `firstboot_custom_roles_pre`}}\" firstboot_custom_roles_post=\"{{user `firstboot_custom_roles_post`}}\" node_custom_roles_pre=\"{{user `node_custom_roles_pre`}}\" node_custom_roles_post=\"{{user `node_custom_roles_post`}}\" disable_public_repos={{user `disable_public_repos`}} extra_debs=\"{{user `extra_debs`}}\" extra_repos=\"{{user `extra_repos`}}\" extra_rpms=\"{{user `extra_rpms`}}\" http_proxy={{user `http_proxy`}} https_proxy={{user `https_proxy`}} kubeadm_template={{user `kubeadm_template`}} kubernetes_apiserver_port={{user `kubernetes_apiserver_port`}} kubernetes_cni_http_source={{user `kubernetes_cni_http_source`}} kubernetes_cni_http_checksum={{user `kubernetes_cni_http_checksum`}} kubernetes_goarch={{user `kubernetes_goarch`}} kubernetes_http_source={{user `kubernetes_http_source`}} kubernetes_container_registry={{user `kubernetes_container_registry`}} kubernetes_rpm_repo={{user `kubernetes_rpm_repo`}} kubernetes_rpm_gpg_key={{user `kubernetes_rpm_gpg_key`}} kubernetes_rpm_gpg_check={{user `kubernetes_rpm_gpg_check`}} kubernetes_deb_repo={{user `kubernetes_deb_repo`}} kubernetes_deb_gpg_key={{user `kubernetes_deb_gpg_key`}} kubernetes_cni_deb_version={{user `kubernetes_cni_deb_version`}} kubernetes_cni_rpm_version={{user `kubernetes_cni_rpm_version`}} kubernetes_cni_semver={{user `kubernetes_cni_semver`}} kubernetes_cni_source_type={{user `kubernetes_cni_source_type`}} kubernetes_semver={{user `kubernetes_semver`}} kubernetes_source_type={{user `kubernetes_source_type`}} kubernetes_load_additional_imgs={{user `kubernetes_load_additional_imgs`}} kubernetes_deb_version={{user `kubernetes_deb_version`}} kubernetes_rpm_version={{user `kubernetes_rpm_version`}} no_proxy={{user `no_proxy`}} pip_conf_file={{user `pip_conf_file`}} python_path={{user `python_path`}} redhat_epel_rpm={{user `redhat_epel_rpm`}} epel_rpm_gpg_key={{user `epel_rpm_gpg_key`}} reenable_public_repos={{user `reenable_public_repos`}} remove_extra_repos={{user `remove_extra_repos`}} systemd_prefix={{user `systemd_prefix`}} sysusr_prefix={{user `sysusr_prefix`}} sysusrlocal_prefix={{user `sysusrlocal_prefix`}} load_additional_components={{ user `load_additional_components`}} additional_registry_images={{ user `additional_registry_images`}} additional_registry_images_list={{ user `additional_registry_images_list`}} additional_url_images={{ user `additional_url_images`}} additional_url_images_list={{ user `additional_url_images_list`}} additional_executables={{ user `additional_executables`}} additional_executables_list={{ user `additional_executables_list`}} additional_executables_destination_path={{ user `additional_executables_destination_path`}} additional_s3={{ user `additional_s3`}} build_target={{ user `build_target`}} amazon_ssm_agent_rpm={{ user `amazon_ssm_agent_rpm` }} enable_containerd_audit={{ user `enable_containerd_audit` }} kubernetes_enable_automatic_resource_sizing={{ user `kubernetes_enable_automatic_resource_sizing` }} debug_tools={{user `debug_tools`}} ubuntu_repo={{user `ubuntu_repo`}} ubuntu_security_repo={{user `ubuntu_security_repo`}} gpu_block_nouveau_loading={{user `block_nouveau_loading`}}", + "ansible_common_vars": "containerd_url={{user `containerd_url`}} containerd_sha256={{user `containerd_sha256`}} pause_image={{user `pause_image`}} containerd_additional_settings={{user `containerd_additional_settings`}} containerd_cri_socket={{user `containerd_cri_socket`}} containerd_version={{user `containerd_version`}} containerd_wasm_shims_url={{user `containerd_wasm_shims_url`}} containerd_wasm_shims_version={{user `containerd_wasm_shims_version`}} containerd_wasm_shims_sha256={{user `containerd_wasm_shims_sha256`}} containerd_wasm_shims_runtimes=\"{{user `containerd_wasm_shims_runtimes`}}\" containerd_wasm_shims_runtime_versions=\"{{user `containerd_wasm_shims_runtime_versions`}}\" crictl_url={{user `crictl_url`}} crictl_sha256={{user `crictl_sha256`}} crictl_source_type={{user `crictl_source_type`}} custom_role_names=\"{{user `custom_role_names`}}\" firstboot_custom_roles_pre=\"{{user `firstboot_custom_roles_pre`}}\" firstboot_custom_roles_post=\"{{user `firstboot_custom_roles_post`}}\" node_custom_roles_pre=\"{{user `node_custom_roles_pre`}}\" node_custom_roles_post=\"{{user `node_custom_roles_post`}}\" disable_public_repos={{user `disable_public_repos`}} extra_debs=\"{{user `extra_debs`}}\" extra_repos=\"{{user `extra_repos`}}\" extra_rpms=\"{{user `extra_rpms`}}\" http_proxy={{user `http_proxy`}} https_proxy={{user `https_proxy`}} kubeadm_template={{user `kubeadm_template`}} kubernetes_apiserver_port={{user `kubernetes_apiserver_port`}} kubernetes_cni_http_source={{user `kubernetes_cni_http_source`}} kubernetes_cni_http_checksum={{user `kubernetes_cni_http_checksum`}} kubernetes_goarch={{user `kubernetes_goarch`}} kubernetes_http_source={{user `kubernetes_http_source`}} kubernetes_container_registry={{user `kubernetes_container_registry`}} kubernetes_rpm_repo={{user `kubernetes_rpm_repo`}} kubernetes_rpm_gpg_key={{user `kubernetes_rpm_gpg_key`}} kubernetes_rpm_gpg_check={{user `kubernetes_rpm_gpg_check`}} kubernetes_deb_repo={{user `kubernetes_deb_repo`}} kubernetes_deb_gpg_key={{user `kubernetes_deb_gpg_key`}} kubernetes_cni_deb_version={{user `kubernetes_cni_deb_version`}} kubernetes_cni_rpm_version={{user `kubernetes_cni_rpm_version`}} kubernetes_cni_semver={{user `kubernetes_cni_semver`}} kubernetes_cni_source_type={{user `kubernetes_cni_source_type`}} kubernetes_semver={{user `kubernetes_semver`}} kubernetes_source_type={{user `kubernetes_source_type`}} kubernetes_load_additional_imgs={{user `kubernetes_load_additional_imgs`}} kubernetes_deb_version={{user `kubernetes_deb_version`}} kubernetes_rpm_version={{user `kubernetes_rpm_version`}} no_proxy={{user `no_proxy`}} pip_conf_file={{user `pip_conf_file`}} python_path={{user `python_path`}} redhat_epel_rpm={{user `redhat_epel_rpm`}} epel_rpm_gpg_key={{user `epel_rpm_gpg_key`}} reenable_public_repos={{user `reenable_public_repos`}} remove_extra_repos={{user `remove_extra_repos`}} systemd_prefix={{user `systemd_prefix`}} sysusr_prefix={{user `sysusr_prefix`}} sysusrlocal_prefix={{user `sysusrlocal_prefix`}} load_additional_components={{ user `load_additional_components`}} additional_registry_images={{ user `additional_registry_images`}} additional_registry_images_list={{ user `additional_registry_images_list`}} ecr_credential_provider={{ user `ecr_credential_provider` }} additional_url_images={{ user `additional_url_images`}} additional_url_images_list={{ user `additional_url_images_list`}} additional_executables={{ user `additional_executables`}} additional_executables_list={{ user `additional_executables_list`}} additional_executables_destination_path={{ user `additional_executables_destination_path`}} additional_s3={{ user `additional_s3`}} build_target={{ user `build_target`}} amazon_ssm_agent_rpm={{ user `amazon_ssm_agent_rpm` }} enable_containerd_audit={{ user `enable_containerd_audit` }} kubernetes_enable_automatic_resource_sizing={{ user `kubernetes_enable_automatic_resource_sizing` }} debug_tools={{user `debug_tools`}} ubuntu_repo={{user `ubuntu_repo`}} ubuntu_security_repo={{user `ubuntu_security_repo`}} gpu_block_nouveau_loading={{user `block_nouveau_loading`}}", "ansible_scp_extra_args": "{{env `ANSIBLE_SCP_EXTRA_ARGS`}}" } diff --git a/images/capi/packer/config/ecr_credential_provider.json b/images/capi/packer/config/ecr_credential_provider.json new file mode 100644 index 0000000000..283cf60455 --- /dev/null +++ b/images/capi/packer/config/ecr_credential_provider.json @@ -0,0 +1,11 @@ +{ + "ecr_credential_provider": "false", + "ecr_credential_provider_arch": "", + "ecr_credential_provider_aws_profile": "", + "ecr_credential_provider_base_url": "", + "ecr_credential_provider_binary_filename": "", + "ecr_credential_provider_install_dir": "", + "ecr_credential_provider_match_images": "", + "ecr_credential_provider_os": "", + "ecr_credential_provider_version": "" +} diff --git a/images/capi/packer/config/windows/ansible-args-windows.json b/images/capi/packer/config/windows/ansible-args-windows.json index 2954e9808a..0ccbdbdde1 100644 --- a/images/capi/packer/config/windows/ansible-args-windows.json +++ b/images/capi/packer/config/windows/ansible-args-windows.json @@ -1,3 +1,3 @@ { - "ansible_common_vars": "runtime={{user `runtime`}} containerd_url={{user `containerd_url`}} containerd_sha256={{user `containerd_sha256_windows`}} pause_image={{user `pause_image`}} additional_debug_files=\"{{user `additional_debug_files`}}\" containerd_additional_settings={{user `containerd_additional_settings`}} custom_role_names=\"{{user `custom_role_names`}}\" http_proxy={{user `http_proxy`}} https_proxy={{user `https_proxy`}} no_proxy={{user `no_proxy`}} kubernetes_base_url={{user `kubernetes_base_url`}} kubernetes_semver={{user `kubernetes_semver`}} kubernetes_install_path={{user `kubernetes_install_path`}} cloudbase_init_url=\"{{user `cloudbase_init_url`}}\" cloudbase_plugins=\"{{user `cloudbase_plugins`}}\" cloudbase_metadata_services=\"{{user `cloudbase_metadata_services`}}\" cloudbase_plugins_unattend=\"{{user `cloudbase_plugins_unattend`}}\" cloudbase_metadata_services_unattend=\"{{user `cloudbase_metadata_services_unattend`}}\" prepull={{user `prepull`}} windows_updates_kbs=\"{{user `windows_updates_kbs`}}\" windows_updates_categories=\"{{user `windows_updates_categories`}}\" windows_service_manager={{user `windows_service_manager`}} nssm_url={{user `nssm_url`}} distribution_version={{user `distribution_version`}} netbios_host_name_compatibility={{user `netbios_host_name_compatibility`}} disable_hypervisor={{ user `disable_hypervisor` }} cloudbase_logging_serial_port={{ user `cloudbase_logging_serial_port` }} cloudbase_real_time_clock_utc={{ user `cloudbase_real_time_clock_utc` }} load_additional_components={{ user `load_additional_components`}} additional_registry_images={{ user `additional_registry_images`}} additional_registry_images_list={{ user `additional_registry_images_list`}} additional_url_images={{ user `additional_url_images`}} additional_url_images_list={{ user `additional_url_images_list`}} additional_executables={{ user `additional_executables`}} additional_executables_list={{ user `additional_executables_list`}} additional_executables_destination_path={{ user `additional_executables_destination_path`}} ssh_source_url={{user `ssh_source_url` }} debug_tools={{user `debug_tools`}}" + "ansible_common_vars": "runtime={{user `runtime`}} containerd_url={{user `containerd_url`}} containerd_sha256={{user `containerd_sha256_windows`}} pause_image={{user `pause_image`}} additional_debug_files=\"{{user `additional_debug_files`}}\" containerd_additional_settings={{user `containerd_additional_settings`}} custom_role_names=\"{{user `custom_role_names`}}\" http_proxy={{user `http_proxy`}} https_proxy={{user `https_proxy`}} no_proxy={{user `no_proxy`}} kubernetes_base_url={{user `kubernetes_base_url`}} kubernetes_semver={{user `kubernetes_semver`}} kubernetes_install_path={{user `kubernetes_install_path`}} cloudbase_init_url=\"{{user `cloudbase_init_url`}}\" cloudbase_plugins=\"{{user `cloudbase_plugins`}}\" cloudbase_metadata_services=\"{{user `cloudbase_metadata_services`}}\" cloudbase_plugins_unattend=\"{{user `cloudbase_plugins_unattend`}}\" cloudbase_metadata_services_unattend=\"{{user `cloudbase_metadata_services_unattend`}}\" prepull={{user `prepull`}} windows_updates_kbs=\"{{user `windows_updates_kbs`}}\" windows_updates_categories=\"{{user `windows_updates_categories`}}\" windows_service_manager={{user `windows_service_manager`}} nssm_url={{user `nssm_url`}} distribution_version={{user `distribution_version`}} netbios_host_name_compatibility={{user `netbios_host_name_compatibility`}} disable_hypervisor={{ user `disable_hypervisor` }} cloudbase_logging_serial_port={{ user `cloudbase_logging_serial_port` }} cloudbase_real_time_clock_utc={{ user `cloudbase_real_time_clock_utc` }} load_additional_components={{ user `load_additional_components`}} ecr_credential_provider={{ user `ecr_credential_provider` }} additional_registry_images={{ user `additional_registry_images`}} additional_registry_images_list={{ user `additional_registry_images_list`}} additional_url_images={{ user `additional_url_images`}} additional_url_images_list={{ user `additional_url_images_list`}} additional_executables={{ user `additional_executables`}} additional_executables_list={{ user `additional_executables_list`}} additional_executables_destination_path={{ user `additional_executables_destination_path`}} ssh_source_url={{user `ssh_source_url` }} debug_tools={{user `debug_tools`}}" }