In the cloud-native era, an increasing number of users choose to migrate applications and businesses to the cloud. The requirement on the container platform varies based on different business scenarios. To meet business requirements, many users want to create Kubernetes clusters by using custom images. This topic describes how to create a Kubernetes cluster by using a custom image.
Prerequisites
Before you create a Kubernetes cluster by using a custom image, take note of the following limits on the custom images that are supported by Container Service for Kubernetes (ACK):
- We recommend that you use the latest base images provided by ACK. The base images of ACK can be used to create Kubernetes clusters and have passed the strict tests of the ACK technical team. Custom images that are used to create Kubernetes clusters must meet the following requirements:
- Alibaba Cloud cloud-init can be installed. For more information, see Install cloud-init.
- If you want to create an ACK dedicated cluster by using a custom image, you must enable the sshd server and use the default port 22. This allows you to transfer files to cluster nodes after the nodes are enabled. For more information, see Use SSH to connect to the master nodes of a dedicated Kubernetes cluster.
- Time synchronization is performed by using a Network Time Protocol (NTP) server provided by Alibaba Cloud.
- To use custom images, submit an application in Quota Center.
Background information
- It is not efficient to manually create images.
- Records may be missing in the image change history. This makes it difficult to troubleshoot errors.
- You cannot check whether the custom images meet the requirements of nodes in ACK clusters.
The ack-image-builder project is developed based on the open source tool HashiCorp Packer, and provides default configuration templates and verification scripts that are used to create and verify custom images.
Precautions
If you modify the parameters of the operating system when you use a custom image, nodes may fail to start up or run as normal. For example, if you set kernel.modules_disabled
to 1, Docker becomes unavailable. We recommend that you test the custom image in a test environment.
Procedure
To create a custom image by using ack-image-builder, perform the following steps:
- Install Packer.
- Configure a Packer template. When you create a custom image by using Packer, you must create a template file in JSON format. In the template file, specify the image builder provided by Alibaba Cloud and the provisioner that is used to create and configure custom images. For more information, refer to Alicloud Image Builder and Provisioners.
{ "variables": { "region": "cn-hangzhou", "image_name": "test_image{{timestamp}}", "source_image": "centos_7_06_64_20G_alibase_20190711.vhd", "instance_type": "ecs.n1.large", "access_key": "{{env `ALICLOUD_ACCESS_KEY`}}", "secret_key": "{{env `ALICLOUD_SECRET_KEY`}}" }, "builders": [ { "type": "alicloud-ecs", "access_key": "{{user `access_key`}}", "secret_key": "{{user `secret_key`}}", "region": "{{user `region`}}", "image_name": "{{user `image_name`}}", "source_image": "{{user `source_image`}}", "ssh_username": "root", "instance_type": "{{user `instance_type`}}", "io_optimized": "true" } ], "provisioners": [ { "type": "shell", "scripts": [ "scripts/updateKernel.sh", "scripts/reboot.sh", "scripts/cleanUpKerneles.sh", "config/default.sh", "scripts/updateDNS.sh", "scripts/verify.sh" ], "expect_disconnect": true } ] }
Parameter Description access_key The AccessKey ID that is used to create the custom image. secret_key The AccessKey secret that is used to create the custom image. region The region of the cloud resources that are temporarily used to create the custom image. image_name The name of the custom image. source_image The name of the base image used to create the custom image. You can obtain the name of a base image from the public image list of Alibaba Cloud. instance_type The type of the cloud resources that are temporarily used to create the custom image. provisioners The type of the provisioner used to create the custom image. - Create a Resource Access Management (RAM) user and create an AccessKey pair for the RAM user. For more information, see Create a RAM user and Obtain an AccessKey pair. Note We recommend that you grant the RAM user the permissions on Packer when you create the RAM user. For more information about the RAM policy, see RAM Policy.
- Add the AccessKey pair to the template and create a custom image by using the template.
- Use the custom image to create an ACK cluster. An ACK Pro cluster is used as an example.