kURL: How can I bake an AMI?

AJ-Jester · November 17, 2021, 12:04pm

Hello there,

I would like to provision KOTS and kURL components using an AMI to bake these components in using something like Packer or Cloudformation.

But the one main issue I’m running into is the IP of the VM at the time of the AMI build is the IP that gets hardcoded in all the K8s configs/addons. This causes issue because when the AMI is used on a node with a different IP these configs do not get updated.

How can I handle such a scenario?

Thanks!

AJ-Jester · November 17, 2021, 12:09pm

This is an excellent question, a lot of our vendors do this, may not be AMI exactly but OVA and the like.

Overview

Sadly, there is no easy way to “update” an IP in a K8s, not saying it’s impossible but its not straightforward, we’ve tried to do it once and were at it for several weeks and at the end we weren’t really sure if we “updated” all the right places with the new IP.

Semi-bake

So how do the other folks do it? You can “semi-bake” the AMI. In other words, use the userdata and cloud-init to run the k8s.kurl.sh bash script at VM launch that way K8s will get configured with the IP of the VM that it’s being launched on. As you can imagine one of the downsides to this is it will take the VM 5-10 mins to come up based on the number of addons you have to install.

(Run commands on your Linux instance at launch - Amazon Elastic Compute Cloud)

Cloudformation Example

Here is a cloudformation example we worked on during a hackweek and the interesting bit for you is probably line 151.

github.com

replicatedhq/replicated-automation/blob/main/customer/cloudformation/kots_embedded_online.json

{
  "AWSTemplateFormatVersion" : "2010-09-09",

  "Description" : "AWS CloudFormation template for KOTS Online Single Master install.",

  "Parameters" : {
    "KeyName": {
      "Description" : "Name of an existing EC2 KeyPair to enable SSH access to the instance",
      "Type": "AWS::EC2::KeyPair::KeyName",
      "Default" : "replicated_aj",
      "ConstraintDescription" : "Can contain only ASCII characters."
    },
    "BootVolumeSizeGB": {
      "Description" : "Boot Volume Size in GB",
      "Type": "Number",
      "Default" : 100,
      "ConstraintDescription" : "Can contain only Integer characters."
    },
    "CommonBundleUrl": {
      "Description" : "Tar GZ archive with license and config values yamls.",

This file has been truncated. show original

Public Roadmap

All that being said this is one of the top items on our roadmap, here is the public url Trello

Michael_Smith · November 18, 2021, 6:51pm

We have something that works in (REPLATS-514) Update kurl image to Redhat 8.4 by jpartlow · Pull Request #528 · puppetlabs/puppetlabs-packer · GitHub, but only for a specific set of components. Some of the challenges are:

CNI needs to be reset in a way that causes it to cleanup and recreate a bunch of IP mappings
You need to rename the node to match the new hostname if you want to be able to rerun the kURL script, which requires recreating any PVCs that were created as part of startup.
When creating the image, you want kubelet to be stopped so the image shrinking step doesn’t cause kubelet to think it’s running out of storage and start deleting images.

Topic		Replies	Views
Kubernetes Add-on / Upgrade Guidance (kURL installer) Packaging an application kurl , embedded-cluster , kubernetes-installer	1	251	September 19, 2022
Install: /etc/kubernetes/admin.conf does not exist Troubleshooting	6	395	May 12, 2023
How to create a NodePort service without colliding with the kURL infra? How do I? kurl	2	206	June 7, 2022
How can I generate the join command to add new nodes to a kURL cluster? How do I? kurl	0	256	February 28, 2023
KOTS: enable selinux in kURL Installer Supporting your customers	0	809	February 12, 2021

kURL: How can I bake an AMI?

Overview

Semi-bake

Cloudformation Example

Public Roadmap

Related Topics