diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile index 4fcf90e..5b7f214 100644 --- a/.devcontainer/Dockerfile +++ b/.devcontainer/Dockerfile @@ -6,3 +6,7 @@ RUN wget -O - https://apt.releases.hashicorp.com/gpg | gpg --dearmor -o /usr/sha echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" > /etc/apt/sources.list.d/hashicorp.list && \ apt update && \ apt install packer + +RUN curl -L https://go.dev/dl/go1.24.2.linux-$(dpkg --print-architecture).tar.gz | tar -C /usr/local/go -xz && \ + ln -s /usr/local/go/bin/go /usr/local/bin/ && \ + go install github.com/apricote/hcloud-upload-image@latest diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index ef00011..2d17031 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -1,22 +1,25 @@ { - "$schema": "https://raw.githubusercontent.com/devcontainers/spec/refs/heads/main/schemas/devContainer.schema.json", - "name": "Cluster", - "build": { - "dockerfile": "Dockerfile" - } + "$schema": "https://raw.githubusercontent.com/devcontainers/spec/refs/heads/main/schemas/devContainer.schema.json", + "name": "Cluster", + "build": { + "dockerfile": "Dockerfile" + }, + "remoteEnv": { + "PATH": "${localEnv:HOME}/go/bin:${localEnv:PATH}" + } - // Features to add to the dev container. More info: https://containers.dev/features. - // "features": {}, + // Features to add to the dev container. More info: https://containers.dev/features. + // "features": {}, - // Use 'forwardPorts' to make a list of ports inside the container available locally. - // "forwardPorts": [], + // Use 'forwardPorts' to make a list of ports inside the container available locally. + // "forwardPorts": [], - // Use 'postCreateCommand' to run commands after the container is created. - // "postCreateCommand": "uname -a", + // Use 'postCreateCommand' to run commands after the container is created. + // "postCreateCommand": "uname -a", - // Configure tool-specific properties. - // "customizations": {}, + // Configure tool-specific properties. + // "customizations": {}, - // Uncomment to connect as root instead. More info: https://aka.ms/dev-containers-non-root. - // "remoteUser": "root" + // Uncomment to connect as root instead. More info: https://aka.ms/dev-containers-non-root. + // "remoteUser": "root" } diff --git a/images/k3s/packer.pkr.hcl b/images/k3s/packer.pkr.hcl new file mode 100644 index 0000000..2609f35 --- /dev/null +++ b/images/k3s/packer.pkr.hcl @@ -0,0 +1,164 @@ +/* + * Creates a MicroOS snapshot for Kube-Hetzner + */ +packer { + required_plugins { + hcloud = { + source = "github.com/hetznercloud/hcloud" + version = ">= 1.6.0" + } + } +} + +variable "hcloud_token" { + type = string + default = env("HCLOUD_TOKEN") + sensitive = true +} + +# We download the OpenSUSE MicroOS x86 image from an automatically selected mirror. +variable "opensuse_microos_x86_mirror_link" { + type = string + default = "https://download.opensuse.org/tumbleweed/appliances/openSUSE-MicroOS.x86_64-ContainerHost-OpenStack-Cloud.qcow2" +} + +# We download the OpenSUSE MicroOS ARM image from an automatically selected mirror. +variable "opensuse_microos_arm_mirror_link" { + type = string + default = "https://download.opensuse.org/ports/aarch64/tumbleweed/appliances/openSUSE-MicroOS.aarch64-ContainerHost-OpenStack-Cloud.qcow2" +} + +# If you need to add other packages to the OS, do it here in the default value, like ["vim", "curl", "wget"] +# When looking for packages, you need to search for OpenSUSE Tumbleweed packages, as MicroOS is based on Tumbleweed. +variable "packages_to_install" { + type = list(string) + default = [] +} + +locals { + needed_packages = join(" ", concat(["restorecond policycoreutils policycoreutils-python-utils setools-console audit bind-utils wireguard-tools fuse open-iscsi nfs-client xfsprogs cryptsetup lvm2 git cifs-utils bash-completion mtr tcpdump udica"], var.packages_to_install)) + + # Add local variables for inline shell commands + download_image = "wget --timeout=5 --waitretry=5 --tries=5 --retry-connrefused --inet4-only " + + write_image = <<-EOT + set -ex + echo 'MicroOS image loaded, writing to disk... ' + qemu-img convert -p -f qcow2 -O host_device $(ls -a | grep -ie '^opensuse.*microos.*qcow2$') /dev/sda + echo 'done. Rebooting...' + sleep 1 && udevadm settle && reboot + EOT + + install_packages = <<-EOT + set -ex + echo "First reboot successful, installing needed packages..." + transactional-update --continue pkg install -y ${local.needed_packages} + transactional-update --continue shell <<- EOF + setenforce 0 + rpm --import https://rpm.rancher.io/public.key + zypper install -y https://github.com/k3s-io/k3s-selinux/releases/download/v1.6.stable.1/k3s-selinux-1.6-1.sle.noarch.rpm + zypper addlock k3s-selinux + restorecon -Rv /etc/selinux/targeted/policy + restorecon -Rv /var/lib + setenforce 1 + EOF + sleep 1 && udevadm settle && reboot + EOT + + clean_up = <<-EOT + set -ex + echo "Second reboot successful, cleaning-up..." + rm -rf /etc/ssh/ssh_host_* + echo "Make sure to use NetworkManager" + touch /etc/NetworkManager/NetworkManager.conf + sleep 1 && udevadm settle + EOT +} + +# Source for the MicroOS x86 snapshot +source "hcloud" "microos-x86-snapshot" { + image = "ubuntu-24.04" + rescue = "linux64" + location = "fsn1" + server_type = "cx22" # disk size of >= 40GiB is needed to install the MicroOS image + snapshot_labels = { + microos-snapshot = "yes" + creator = "kube-hetzner" + } + snapshot_name = "OpenSUSE MicroOS x86 by Kube-Hetzner" + ssh_username = "root" + token = var.hcloud_token +} + +# Source for the MicroOS ARM snapshot +source "hcloud" "microos-arm-snapshot" { + image = "ubuntu-24.04" + rescue = "linux64" + location = "fsn1" + server_type = "cax11" # disk size of >= 40GiB is needed to install the MicroOS image + snapshot_labels = { + microos-snapshot = "yes" + creator = "kube-hetzner" + } + snapshot_name = "OpenSUSE MicroOS ARM by Kube-Hetzner" + ssh_username = "root" + token = var.hcloud_token +} + +# Build the MicroOS x86 snapshot +build { + sources = ["source.hcloud.microos-x86-snapshot"] + + # Download the MicroOS x86 image + provisioner "shell" { + inline = ["${local.download_image}${var.opensuse_microos_x86_mirror_link}"] + } + + # Write the MicroOS x86 image to disk + provisioner "shell" { + inline = [local.write_image] + expect_disconnect = true + } + + # Ensure connection to MicroOS x86 and do house-keeping + provisioner "shell" { + pause_before = "5s" + inline = [local.install_packages] + expect_disconnect = true + } + + # Ensure connection to MicroOS x86 and do house-keeping + provisioner "shell" { + pause_before = "5s" + inline = [local.clean_up] + } +} + +# Build the MicroOS ARM snapshot +build { + sources = ["source.hcloud.microos-arm-snapshot"] + + # Download the MicroOS ARM image + provisioner "shell" { + inline = ["${local.download_image}${var.opensuse_microos_arm_mirror_link}"] + } + + # Write the MicroOS ARM image to disk + provisioner "shell" { + inline = [local.write_image] + expect_disconnect = true + } + + # Ensure connection to MicroOS ARM and do house-keeping + provisioner "shell" { + pause_before = "5s" + inline = [local.install_packages] + expect_disconnect = true + } + + # Ensure connection to MicroOS ARM and do house-keeping + provisioner "shell" { + pause_before = "5s" + inline = [local.clean_up] + } +}