talos/hack/cloud-image-uploader
Andrey Smirnov 514e514ba6
feat: update Linux 6.1.63, containerd 1.7.9
Also various small bumps.

Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
2023-11-21 18:01:36 +04:00
..
2023-08-11 19:58:14 +05:30
2023-08-11 19:58:14 +05:30
2023-09-19 17:24:44 +04:00

cloud-image-uploader

vmimport role

Role should be pre-created before running this command.

aws iam create-role --role-name vmimport --assume-role-policy-document file://trust-policy.json
aws iam put-role-policy --role-name vmimport --policy-name vmimport --policy-document file://role-policy.json

Azure Pre-requisites

Configuring the Portal

Community Gallery (preview) information can be found here.

  • Create Resource Group: SideroGallery
  • Create Storage Account: siderogallery
  • Create storage Container: images
  • Create Azure Compute Gallery: SideroLabs
    • Azure Documentation
    • Search for Azure Compute Gallery in the portal search bar.
    • Select Create.
    • Fill in the required information.
      • In the Sharing Tab select RBAC + share to public community gallery (PREVIEW)
      • Select Review + create
  • Create Compute Gallery Image Definition: talos-arm64, `talos-x64
    • Azure Documentation
    • Select the SideroLabs Compute Gallery.
    • Select the notification at the top of the page to share the gallery.
    • Select New Image Definition
      • Create an Image definition for each architecture type:
        • This is where V2 must be selected for the VM generation in order for an arm64 image version to be created in the definition.
          • Publisher: siderolabs
          • Offer: talos
          • SKU: must be unique
          • Do not create an image version yet.

App Registration

The App Registration is what we will use to authenticate to Azure for uploading blobs and creating resources.

Azure Documentation

Create an App Registration

  • Search for and Select Azure Active Directory.
  • Select App registrations, then select New registration.
  • Name the application, for example "example-app".
  • Select a supported account type, which determines who can use the application.
  • Under Redirect URI, select Web for the type of application you want to create, enter the URI where the access token is sent to.
  • Select Register.

Environment Variables

Get the following values for azure-go-sdk

  • Subscription ID -Login into your Azure account
    • Select Subscriptions in the left sidebar
    • Select whichever subscription is needed
    • Click on Overview
    • Copy the Subscription ID
  • Client ID
  • Client Secret
  • Tenant ID

These are stored as Drone secrets as:

  • azure_subscription_id
  • azure_client_id
  • azure_client_secret
  • azure_tenant_id

Add permissions for App Registration

The App registration only needs permissions to the Compute Gallery and the Storage Account.

  • Compute Gallery:

    • Select the SideroLabs Compute Gallery
    • Select Access control (IAM)
    • Select Add role assignment
    • Select the Contributor role
  • Storage Account:

    • Select the siderolabs Storage Account
    • Select Access control (IAM)
    • Select Add role assignment
    • Select the Storage Blob Data Contributor role