forked from aws-samples/amazon-eks-custom-amis
-
Notifications
You must be signed in to change notification settings - Fork 2
/
amazon-eks-node-rhel8.json
159 lines (158 loc) · 5.11 KB
/
amazon-eks-node-rhel8.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
{
"variables":{
"aws_region":"us-east-2",
"ami_description":"EKS Kubernetes Worker AMI on RHEL 8 (k8s: {{user `eks_version`}})",
"eks_version":"",
"eks_build_date":"",
"cni_plugin_version": "v0.8.6",
"binary_bucket_name": "amazon-eks",
"binary_bucket_region": "us-west-2",
"hardening_flag": "false",
"root_volume_size": "10",
"data_volume_size": "50",
"vpc_id":"",
"subnet_id":"",
"http_proxy": "",
"https_proxy": "",
"no_proxy": "",
"source_ami_owner":"309956199498",
"source_ami_owner_govcloud":"219670896067",
"source_ami_ssh_user":"ec2-user",
"source_ami_arch":"x86_64",
"source_ami_name":"RHEL-8*_HVM-*-x86_64-0-Hourly2-GP2",
"target_ami_name": "amazon-eks-node-{{user `eks_version`}}-rhel8-{{ timestamp }}"
},
"builders":[
{
"type":"amazon-ebs",
"region":"{{user `aws_region`}}",
"source_ami_filter":{
"filters":{
"name":"{{user `source_ami_name`}}",
"root-device-type":"ebs",
"state":"available",
"virtualization-type":"hvm",
"architecture":"{{user `source_ami_arch`}}"
},
"owners":[
"{{user `source_ami_owner`}}",
"{{user `source_ami_owner_govcloud`}}"
],
"most_recent":true
},
"instance_type":"m5.xlarge",
"ssh_username":"{{user `source_ami_ssh_user`}}",
"ssh_pty":true,
"subnet_id":"{{user `subnet_id`}}",
"launch_block_device_mappings":[
{
"device_name":"/dev/sda1",
"volume_size": "{{user `root_volume_size`}}",
"volume_type":"gp2",
"delete_on_termination":true
},
{
"device_name":"/dev/sdb",
"volume_size":"{{user `data_volume_size`}}",
"volume_type":"gp2",
"delete_on_termination":true
}
],
"ami_block_device_mappings":[
{
"device_name":"/dev/sdb",
"volume_size":"{{user `data_volume_size`}}",
"volume_type":"gp2",
"delete_on_termination":true
}
],
"tags":{
"Name":"{{user `target_ami_name`}}",
"BuildDate":"{{ isotime }}"
},
"ami_name":"{{user `target_ami_name`}}",
"ami_description":"{{user `ami_description` }}",
"ami_virtualization_type":"hvm",
"run_tags":{
"Name":"packer-{{user `target_ami_name`}}"
}
}
],
"provisioners":[
{
"type": "shell",
"inline": [
"mkdir -p /etc/packer/files",
"chown -R {{user `source_ami_ssh_user`}}:{{user `source_ami_ssh_user`}} /etc/packer/files"
],
"execute_command":"echo 'packer' | {{.Vars}} sudo -S -E bash -eux '{{.Path}}'"
},
{
"type": "file",
"source": "./files/",
"destination": "/etc/packer/files"
},
{
"type":"shell",
"scripts": [
"./scripts/rhel8/boilerplate.sh"
],
"environment_vars": [
"HTTP_PROXY={{user `http_proxy`}}",
"HTTPS_PROXY={{user `https_proxy`}}",
"NO_PROXY={{user `no_proxy`}}",
"KUBERNETES_VERSION={{user `eks_version`}}",
"KUBERNETES_BUILD_DATE={{user `eks_build_date`}}",
"BINARY_BUCKET_NAME={{user `binary_bucket_name`}}",
"BINARY_BUCKET_REGION={{user `binary_bucket_region`}}",
"CNI_PLUGIN_VERSION={{user `cni_plugin_version`}}",
"HARDENING_FLAG={{user `hardening_flag`}}"
],
"execute_command":"echo 'packer' | {{.Vars}} sudo -S -E bash -eux '{{.Path}}'",
"expect_disconnect":true,
"pause_after":"30s"
},
{
"type":"shell",
"scripts":[
"./scripts/shared/docker.sh",
"./scripts/shared/eks.sh",
"./scripts/shared/cis-docker.sh",
"./scripts/shared/cis-eks.sh"
],
"environment_vars": [
"HTTP_PROXY={{user `http_proxy`}}",
"HTTPS_PROXY={{user `https_proxy`}}",
"NO_PROXY={{user `no_proxy`}}",
"KUBERNETES_VERSION={{user `eks_version`}}",
"KUBERNETES_BUILD_DATE={{user `eks_build_date`}}",
"BINARY_BUCKET_NAME={{user `binary_bucket_name`}}",
"BINARY_BUCKET_REGION={{user `binary_bucket_region`}}",
"CNI_PLUGIN_VERSION={{user `cni_plugin_version`}}",
"HARDENING_FLAG={{user `hardening_flag`}}"
],
"execute_command":"echo 'packer' | {{.Vars}} sudo -S -E bash -eux '{{.Path}}'",
"expect_disconnect":true,
"pause_after":"30s"
},
{
"type":"shell",
"scripts": [
"./scripts/rhel8/hardening.sh",
"./scripts/rhel8/cleanup.sh"
],
"environment_vars": [
"HTTP_PROXY={{user `http_proxy`}}",
"HTTPS_PROXY={{user `https_proxy`}}",
"NO_PROXY={{user `no_proxy`}}",
"KUBERNETES_VERSION={{user `eks_version`}}",
"KUBERNETES_BUILD_DATE={{user `eks_build_date`}}",
"BINARY_BUCKET_NAME={{user `binary_bucket_name`}}",
"BINARY_BUCKET_REGION={{user `binary_bucket_region`}}",
"CNI_PLUGIN_VERSION={{user `cni_plugin_version`}}",
"HARDENING_FLAG={{user `hardening_flag`}}"
],
"execute_command":"echo 'packer' | {{.Vars}} sudo -S -E bash -eux '{{.Path}}'"
}
]
}