{"id":28741006,"url":"https://github.com/aliyuncontainerservice/ack-image-builder","last_synced_at":"2025-07-30T09:36:09.156Z","repository":{"id":43468785,"uuid":"186602287","full_name":"AliyunContainerService/ack-image-builder","owner":"AliyunContainerService","description":"Custom Image Builder for ACK","archived":false,"fork":false,"pushed_at":"2024-09-09T11:44:28.000Z","size":74,"stargazers_count":30,"open_issues_count":2,"forks_count":19,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-03-30T12:34:36.250Z","etag":null,"topics":["ack","image-builder","kubernetes"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/AliyunContainerService.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-05-14T10:46:12.000Z","updated_at":"2025-01-12T18:40:39.000Z","dependencies_parsed_at":"2023-02-16T07:00:39.820Z","dependency_job_id":"6037a1e2-93f5-4c5a-a122-ac902a5d3ee8","html_url":"https://github.com/AliyunContainerService/ack-image-builder","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/AliyunContainerService/ack-image-builder","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AliyunContainerService%2Fack-image-builder","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AliyunContainerService%2Fack-image-builder/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AliyunContainerService%2Fack-image-builder/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AliyunContainerService%2Fack-image-builder/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/AliyunContainerService","download_url":"https://codeload.github.com/AliyunContainerService/ack-image-builder/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AliyunContainerService%2Fack-image-builder/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":260116644,"owners_count":22961065,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ack","image-builder","kubernetes"],"created_at":"2025-06-16T07:09:51.385Z","updated_at":"2025-06-16T07:09:52.170Z","avatar_url":"https://github.com/AliyunContainerService.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Image Build Specification of Alibaba Cloud Container Service for Kubernetes (ACK) \n\nNotes: The template [ack-centos.json](https://github.com/AliyunContainerService/ack-image-builder/blob/master/ack-centos.json) is used for building custom image for ACK cluster based on the latest published ecs centos public image.\n\nThis repository contains resources and configuration scripts for building a custom base OS Image for ACK with [HashiCorp Packer](https://www.packer.io/).\n\n## Supported OS\n\n* Alibaba Cloud Linux 3\n* Alibaba Cloud Linux 2  - deprecated\n* CentOS 7.6/7.7/7.8/7.9 - deprecated\n* Red Hat Enterprise Linux 9\n* Anolis OS 8\n\n\n## Setup\n\nYou must have [Packer](https://www.packer.io/) installed on your local system. For more information, see [Installing Packer](https://www.packer.io/docs/install/index.html) in the Packer documentation. You must also have Alibaba Cloud account credentials configured so that Packer can make calls to Alibaba Cloud API operations on your behalf.\n\nFor more information, see [Alibaba Cloud builder](https://www.packer.io/docs/builders/alicloud-ecs.html) in the Packer documentation.\n\n## Building the OS Image\n\nExecute following scripts in your shell\n\n```\nexport ALICLOUD_REGION=XXX\nexport ALICLOUD_ACCESS_KEY=XXX\nexport ALICLOUD_SECRET_KEY=XXX\npacker build examples/ack-aliyunlinux3.json\n```\n\n## Build ACK-Optimized-OS image\n\nExecute following scripts in your shell\n\n```\nexport RUNTIME=XXX\nexport ALICLOUD_REGION=XXX\nexport ALICLOUD_ACCESS_KEY=XXX\nexport ALICLOUD_SECRET_KEY=XXX\npacker build examples/ack-optimized-os-all.json\n```\nNOTE: `RUNTIME` only support `docker` and `containerd`\n\n```shell\n{\n  \"variables\": {\n    \"image_name\": \"ack-optimized_image-1.28-{{timestamp}}\",\n    \"source_image\": \"aliyun_3_9_x64_20G_alibase_20231219.vhd\",\n    \"instance_type\": \"ecs.gn6i-c4g1.xlarge\",\n    \"region\": \"{{env `ALICLOUD_REGION`}}\",\n    \"access_key\": \"{{env `ALICLOUD_ACCESS_KEY`}}\",\n    \"secret_key\": \"{{env `ALICLOUD_SECRET_KEY`}}\",\n    \"runtime\": \"{{env `RUNTIME`}}\",\n    \"skip_secrutiy_fix\": \"{{env `SKIP_SECURITY_FIX`}}\"\n  },\n  \"builders\": [\n    {\n      \"type\": \"alicloud-ecs\",\n      \"access_key\": \"{{user `access_key`}}\",\n      \"secret_key\": \"{{user `secret_key`}}\",\n      \"region\": \"{{user `region`}}\",\n      \"image_name\": \"{{user `image_name`}}\",\n      \"source_image\": \"{{user `source_image`}}\",\n      \"ssh_username\": \"root\",\n      \"instance_type\": \"{{user `instance_type`}}\",\n      \"skip_image_validation\": \"true\",\n      \"io_optimized\": \"true\"\n    }\n  ],\n  \"provisioners\": [\n    {\n      \"type\": \"file\",\n      \"source\": \"scripts/ack-optimized-os-all.sh\",\n      \"destination\": \"/root/\"\n    },\n    {\n      \"type\": \"shell\",\n      \"inline\": [\n        \"export RUNTIME={{user `runtime`}}\",\n        \"export SKIP_SECURITY_FIX={{user `skip_secrutiy_fix`}}\",\n        \"export OS_ARCH=amd64\",\n        \"export PRESET_GPU=true\",    # If you want to download gpu, set PRESET_GPU to true and also set instance_type to gpu instance, supports version 1.20+.\n        \"export NVIDIA_DRIVER_VERSION=460.106.00\",   #  You can set the gpu version, default is 460.91.03\n        \"export KEEP_IMAGE_DATA=true\",   #  If you cache images, you must set KEEP_IMAGE_DATA to true\n        \"export KUBE_VERSION=1.28.9-aliyun.1\",   #  Set KUBE_VERSION according to your cluster version\n        \"bash /root/ack-optimized-os-all.sh\",\n        \"ctr -n k8s.io i pull docker.io/library/nginx:1.7.9\"  #  You can cache images into OS image\n      ]\n    }\n  ]\n}\n```\n\n## RAM Policy\n\nIf you are using a sub account，the ram policy should at least include actions as below:\n\n\u003e Note that you'd better release the delete permissions once you have completed your image build task for safety reasons.\n\n```\n{\n    \"Version\": \"1\",\n    \"Statement\": [\n        {\n            \"Action\": [\n                \"ecs:DescribeImages\",\n                \"ecs:CreateImage\",\n                \"ecs:ModifyImageSharePermission\",\n                \"ecs:CreateKeyPair\",\n                \"ecs:DeleteKeyPairs\",\n                \"ecs:DetachKeyPair\",\n                \"ecs:AttachKeyPair\",\n                \"ecs:CreateSecurityGroup\",\n                \"ecs:DeleteSecurityGroup\",\n                \"ecs:AuthorizeSecurityGroupEgress\",\n                \"ecs:AuthorizeSecurityGroup\",\n                \"ecs:CreateSnapshot\",\n                \"ecs:AttachDisk\",\n                \"ecs:DetachDisk\",\n                \"ecs:DescribeDisks\",\n                \"ecs:CreateDisk\",\n                \"ecs:DeleteDisk\",\n                \"ecs:CreateNetworkInterface\",\n                \"ecs:DescribeNetworkInterfaces\",\n                \"ecs:AttachNetworkInterface\",\n                \"ecs:DetachNetworkInterface\",\n                \"ecs:DeleteNetworkInterface\",\n                \"ecs:DescribeInstanceAttribute\",\n                \"ecs:CreateInstance\",\n                \"ecs:DeleteInstance\",\n                \"ecs:StartInstance\",\n                \"ecs:StopInstance\",\n                \"ecs:DescribeInstances\"\n            ],\n            \"Resource\": [\n                \"*\"\n            ],\n            \"Effect\": \"Allow\"\n        },\n        {\n            \"Action\": [\n                \"vpc:CreateVpc\",\n                \"vpc:DeleteVpc\",\n                \"vpc:DescribeVpcs\",\n                \"vpc:CreateVSwitch\",\n                \"vpc:DeleteVSwitch\",\n                \"vpc:DescribeVSwitches\",\n                \"vpc:AllocateEipAddress\",\n                \"vpc:AssociateEipAddress\",\n                \"vpc:UnassociateEipAddress\",\n                \"vpc:DescribeEipAddresses\",\n                \"vpc:ReleaseEipAddress\"\n            ],\n            \"Resource\": [\n                \"*\"\n            ],\n            \"Effect\": \"Allow\"\n        }\n    ]\n}\n```\n\n## Security\n\nFor security issues or concerns, please do not open an issue or pull request on GitHub. Please report any suspected or confirmed security issues to Alibaba Cloud Container Security contact \u003ckubernetes-security@service.aliyun.com\u003e\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faliyuncontainerservice%2Fack-image-builder","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faliyuncontainerservice%2Fack-image-builder","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faliyuncontainerservice%2Fack-image-builder/lists"}