全部產品
Search
文件中心

Container Service for Kubernetes:彈性最佳化之自訂鏡像

更新時間:Sep 11, 2024

Alicloud Image Builder是阿里雲推出的一款鏡像構建工具,旨在通過簡易的方式自動化構建鏡像。利用Alicloud Image Builder構建出的作業系統鏡像,再結合ACK叢集節點池的自訂鏡像功能,可以快速地擴容節點。本文介紹如何在ACK叢集中利用Alicloud Image Builder通過Job的方式構建自訂動作系統鏡像。

前提條件

為什麼需要彈性最佳化的自訂鏡像

ACK叢集的節點池支援ACK叢集節點的Auto Scaling,預設建立節點池時,提供的作業系統鏡像包括Alibaba Cloud Linux、CentOS等作業系統鏡像,已經能夠滿足絕大多數情境的使用。但是在一些預先安裝或者高效能情境下,原有的基礎鏡像並不能滿足我們的需求。阿里雲提供的Alicloud Image Builder,可以協助您構建屬於自己的自訂動作系統鏡像,從而提高複雜情境下Auto Scaling的便捷性。

使用Alicloud Image Builder建立自訂鏡像時,您可以通過Job或CronJob將鏡像構建任務下發到叢集完成構建。

使用ACK Job快速構建自訂動作系統鏡像

本文通過建立名為build-config的配置項和名為build的Job工作負載為例,說明如何使用Alicloud Image Builder快速構建自訂動作系統鏡像。

1、配置構建作業系統鏡像的參數

您可以建立名為build-config的配置項,以配置構建作業系統鏡像的參數。

  1. 使用以下YAML內容建立名為build-config.yaml的檔案。

    展開查看YAML詳情

    apiVersion: v1
    kind: ConfigMap
    metadata:
      name: build-config
    data:
      ack.json: |-
    
        {
          "variables": {
            "image_name": "ack-optimized_image-1.30-{{timestamp}}",
            "source_image": <source_image>,
            "instance_type": <instance_type>,
            "region": "{{env `ALICLOUD_REGION`}}",
            "access_key": "{{env `ALICLOUD_ACCESS_KEY`}}",
            "secret_key": "{{env `ALICLOUD_SECRET_KEY`}}"
          },
          "builders": [
            {
              "type": "alicloud-ecs",
              "system_disk_mapping": {    
                        "disk_size": 120
                        },   # 指定鏡像系統硬碟大小,單位為G。預設為40G。
              "access_key": "{{user `access_key`}}",
              "secret_key": "{{user `secret_key`}}",
              "region": "{{user `region`}}",
              "image_name": "{{user `image_name`}}",
              "source_image": "{{user `source_image`}}",
              "ssh_username": "root",
              "vpc_id": "",  # 不指定vpc_id時,流程會建立此資源,流程結束後自動清理。
              "vswitch_id": "",  # 不指定vswitch_id時,流程會建立此資源,流程結束後自動清理。
              "security_group_id": "",   # 不指定security_group_id時,流程會建立此資源,流程結束後自動清理。
              "instance_type": "{{user `instance_type`}}",
              "skip_image_validation": "true",
              "io_optimized": "true"
            }
          ],
          "provisioners": [{
           "type": "file",
           "source": "scripts/ack-optimized-os-all.sh",
           "destination": "/root/"
            },
            {
           "type": "shell",
           "inline": [
             "export RUNTIME=containerd",    # 根據Runtime填寫。
             "export RUNTIME_VERSION=1.6.28",
             "export SKIP_SECURITY_FIX=true",
             "export KUBE_VERSION=1.30.1-aliyun.1",
             "export OS_ARCH=amd64",    # 根據需求選擇amd64或者arm64。
             "bash /root/ack-optimized-os-all.sh"
          ]
          }]
        }

    上述YAML中涉及參數解釋如下。

    表 1. Alicloud Image Builder設定檔的參數解釋

    參數

    樣本值

    描述

    variables{"<variable1>":"<value>"}

    variables{"access_key":"{{env ALICLOUD_ACCESS_KEY}}"}

    定義了Alicloud Image Builder中會用到的變數(variables)。

    說明

    如果將重要訊息,例如AccessKey(包括access_keysecret_key)寫入設定檔的話,存在資訊泄露的風險,但是將其設定成變數後可防止意外,變數的值來源於運行時的輸入值。

    builders{"type":"<value>"}

    builders{"type":"alicloud-ecs"}

    鏡像產生器(builders)。當設定typealiyun-ecs時,表示構建鏡像時,會臨時建立一個ECS執行個體來完成鏡像構建。構建完成後,ECS執行個體會自動銷毀。

    provisioners{"type":"<value>"}

    provisioners{"type":"shell"}

    鏡像配置器(provisioners),用以定義需要在臨時執行個體內執行的操作。當設定typeshell時,說明使用的是Shell Provisioner,表示在串連Linux執行個體後自動執行一段Shell命令。例如,執行Shell命令yum install redis.x86_64 -y安裝Redis。

    關於Provisioner配置的更多資訊,請參見下文的Provisioner配置介紹

    表 2. 鏡像構建涉及的參數解釋

    參數

    樣本值

    描述

    是否必填

    access_key

    LTAInPyXXXXQ****

    您的AccessKey ID。更多詳情,請參見擷取AccessKey

    必填

    secret_key

    CM1ycKrrCekQ0dhXXXXXXXXXl7y****

    您的AccessKey Secret。

    必填

    region

    cn-beijing

    目標自訂鏡像的所屬地區。

    必填

    image_name

    ack-custom_image

    目標自訂鏡像的名稱。不允許與已有鏡像重名。

    必填

    source_image

    aliyun_2_1903_x64_20G_alibase_20200904.vhd

    具有相同作業系統的阿里雲公用鏡像ID。詳細資料,請參見Container ServiceKubernetes版支援的作業系統鏡像

    必填

    instance_type

    ecs.c6.xlarge

    以source_image為鏡像產生執行個體運行指定的預先安裝任務然後產生自訂鏡像。如需要GPU類型鏡像此處需要填寫GPU類型的執行個體。

    必填

    RUNTIME

    containerd

    容器運行時,Docker或者containerd。

    必填

    RUNTIME_VERSION

    1.6.28

    • 容器運行時為Docker時,預設RUNTIME_VERSION為19.03.15。

    • 容器運行時為containerd時,預設RUNTIME_VERSION為1.6.20。

    選填

    SKIP_SECURITY_FIX

    true

    跳過安全更新。

    必填

    KUBE_VERSION

    1.30.1-aliyun.1

    叢集版本號碼。

    必填

    PRESET_GPU

    true

    預置安裝GPU,加速啟動。

    選填

    NVIDIA_DRIVER_VERSION

    460.91.03

    預置GPU版本,不填預設為460.91.03。

    選填

    OS_ARCH

    amd64

    CPU架構,amd64或者arm64。

    必填

    MOUNT_RUNTIME_DATADISK

    true

    自訂鏡像緩衝了業務鏡像後,如需在使用過程中為ECS執行個體掛資料盤,則配置為true。

    選填

    重要
    • 為節點池配置自訂鏡像前,請確認節點池的相關配置(叢集版本、容器運行時、GPU版本適配機型)與構建自訂鏡像時的相關配置一致,否則會導致節點無法加入叢集。

    • 自訂鏡像驗證階段使用和所選參數匹配的普通節點池驗證即可,成功加入節點池後在業務上驗證是否正常。

  2. 執行以下命令部署Alicloud Image Builder到叢集。

    kubectl apply -f build-config.yaml

2、建立Job以完成自訂動作系統鏡像的構建

  1. 使用以下YAML內容為AK、SK授予相關許可權。

    展開查看YAML詳情

    {
      "Version": "1",
      "Statement": [
        {
          "Action": [
            "ecs:DeleteInstance",
            "ecs:StartInstance",
            "ecs:StopInstance",
            "ecs:DescribeInstances"
          ],
          "Resource": "*",
          "Effect": "Allow"
        },
        {
          "Action": [
            "ecs:CreateInstance",
            "ecs:DescribeImages",
            "ecs:CreateImage",
            "ecs:ModifyImageSharePermission",
            "ecs:CreateKeyPair",
            "ecs:DeleteKeyPairs",
            "ecs:DetachKeyPair",
            "ecs:AttachKeyPair",
            "ecs:CreateSecurityGroup",
            "ecs:DeleteSecurityGroup",
            "ecs:AuthorizeSecurityGroupEgress",
            "ecs:AuthorizeSecurityGroup",
            "ecs:CreateSnapshot",
            "ecs:AttachDisk",
            "ecs:DetachDisk",
            "ecs:DescribeDisks",
            "ecs:CreateDisk",
            "ecs:DeleteDisk",
            "ecs:CreateNetworkInterface",
            "ecs:DescribeNetworkInterfaces",
            "ecs:AttachNetworkInterface",
            "ecs:DetachNetworkInterface",
            "ecs:DeleteNetworkInterface",
            "ecs:DescribeInstanceAttribute"
          ],
          "Resource": "*",
          "Effect": "Allow"
        },
        {
          "Action": [
            "vpc:DescribeVpcs",
            "vpc:DescribeVSwitches",
            "vpc:AllocateEipAddress",
            "vpc:AssociateEipAddress",
            "vpc:UnassociateEipAddress",
            "vpc:DescribeEipAddresses",
            "vpc:ReleaseEipAddress",
            "vpc:CreateVpc",
            "vpc:DeleteVpc",
            "vpc:DescribeVpcs",
            "vpc:CreateVSwitch",
            "vpc:DeleteVSwitch",
            "vpc:DescribeVSwitches",
            "vpc:CreateRouteTable",
            "vpc:DeleteRouteTable",
            "vpc:DescribeRouteTables",
            "vpc:CreateNatGateway",
            "vpc:DeleteNatGateway",
            "vpc:DescribeNatGateways",
            "vpc:CreateSnatEntry",
            "vpc:DeleteSnatEntry",
            "vpc:DescribeSnatTableEntries"
          ],
          "Resource": "*",
          "Effect": "Allow"
        }
      ]
    }
  2. 使用以下命令產生AK、SK加密字串。

    echo -n "AKxxxxxxxxxxxxxxx" | base64
    echo -n "SKxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" | base64
  3. 使用以下YAML內容建立my-secret。

    apiVersion: v1
    kind: Secret
    metadata:
      name: my-secret
      namespace: default
    type: Opaque
    data:
      ALICLOUD_ACCESS_KEY: TFRxxxxxxxxxxxxxRTkx      // 上一步經過base64加密後的字串
      ALICLOUD_SECRET_KEY: a0zxxxxxxxxxxxxxx2UThl
  4. 使用以下YAML內容建立名為build.yaml的檔案。

    根據需求組態變數運行Job,過程中會用的source_image在AK、SK所在帳號下產生instance_type類型的ECS,然後運行provisioners的配置,運行完成後會將ECS產生鏡像推送到AK、SK所在帳號下指定REGION的自訂鏡像。

    展開查看YAML詳情

    apiVersion: batch/v1
    kind: Job
    metadata:
      name: image-builder
      namespace: default
    spec:
      template:
        metadata:
          name: image-builder
        spec:
      template:
        metadata:
          name: image-builder
        spec:
          containers:
            - name: image-builder
              image: "registry-cn-hangzhou-vpc.ack.aliyuncs.com/acs/image-builder:v3.3"
              imagePullPolicy: Always
            env:            
             - name: ALICLOUD_ACCESS_KEY              
             	 valueFrom:                
            	   secretKeyRef:                  
           		     name: my-secret                  
                   key: ALICLOUD_ACCESS_KEY            
             - name: ALICLOUD_SECRET_KEY              
               valueFrom:                
                 secretKeyRef:                  
                   name: my-secret                  
                   key: ALICLOUD_SECRET_KEY            
             - name: ALICLOUD_REGION              
               value: cn-hangzhou   
              command: ["packer"]
              args:  ["build","/config/ack.json"]
              volumeMounts:
                - name: config
                  mountPath: /config
          volumes:
            - name: config
              configMap:
                name: build-config
                items:
                  - key: ack.json
                    path: ack.json
          restartPolicy: Never
  5. 執行以下命令部署Job到叢集開始構建作業系統鏡像。

    kubectl apply -f build.yaml

3、(可選)查看自訂鏡像構建日誌

構建鏡像時會產生動作記錄。日誌給出了構建過程中執行的每一個步驟,包括校正參數、建立臨時資源、預先安裝軟體、建立目標資源和釋放臨時資源等。您可以執行以下步驟查看鏡像構建日誌。

  1. 登入Container Service管理主控台,在左側導覽列選擇叢集

  2. 叢集列表頁面,單擊目的地組群名稱,然後在左側導覽列,選擇工作負載 > 任務

  3. 在工作清單中,找到上步建立的任務(Job),並單擊其右側操作列下的詳情

  4. 在目標任務詳情頁,單擊日誌頁簽,然後查看鏡像構建日誌。

Provisioner配置介紹

Provisioner是在轉換為靜態作業系統鏡像之前,在正在啟動並執行機器中用於安裝和配置軟體的組件。常用來被執行安裝軟體到鏡像中的主要工作情境包括:

  • 安裝軟體包。

  • 修補核心。

  • 建立使用者。

  • 下載應用程式代碼。

  • 製作Alibaba Cloud Linux 3自訂鏡像。

執行Shell指令碼

  "provisioners": [{
      "type": "shell",
      "script": "script.sh"
  }]

使用Ansible執行編排指令碼

  "provisioners": [
    {
    "type": "ansible",
    "playbook_file": "./playbook.yml"
    }
  ]

安裝CPFS用戶端

由於CPFS需要安裝的包較多,且一部分安裝包涉及現場編譯流程,安裝過程比較費時。在用戶端節點數量較大時,使用自訂鏡像可以極大減少大量安裝CPFS用戶端節點的成本。樣本配置如下。

展開查看詳情

    {
      "variables": {
        "region": "{{env `ALICLOUD_REGION`}}",
        "image_name": "ack-custom_image",
        "source_image": "centos_7_04_64_20G_alibase_201701015.vhd",
        "access_key": "{{env `ALICLOUD_ACCESS_KEY`}}",
        "instance_type": "ecs.c6.xlarge",
        "secret_key": "{{env `ALICLOUD_SECRET_KEY`}}"
      },
    "builders": [
        {
          "type": "alicloud-ecs",
          "access_key": "{{user `access_key`}}",
          "secret_key": "{{user `secret_key`}}",
          "region": "{{user `region`}}",
          "image_name": "{{user `image_name`}}",
          "source_image": "{{user `source_image`}}",
          "ssh_username": "root",
          "instance_type": "{{user `instance_type`}}",
          "skip_image_validation": "true",
          "io_optimized": "true"
        }
      ],
   "provisioners": [{
        "type": "shell",
        "inline": [
            "cd $HOME",
            "wget https://cpfs-client.oss-cn-beijing.aliyuncs.com/kernel/kernel-devel-`uname -r`.rpm",
            "rpm -ivh --replacefiles kernel-devel-`uname -r`.rpm"
        ]
      }]

定製Arm架構鏡像

展開查看詳情

{
      "variables": {
        "region": "{{env `ALICLOUD_REGION`}}",
        "image_name": "ack-custom_image",
        "source_image": "aliyun_3_arm64_20G_alibase_20240528.vhd",
        "instance_type": "ecs.r8y.xlarge",   # 配置Arm架構的執行個體類型。
        "access_key": "{{env `ALICLOUD_ACCESS_KEY`}}",
        "secret_key": "{{env `ALICLOUD_SECRET_KEY`}}"
      },
    "builders": [
        {
          "type": "alicloud-ecs",
          "access_key": "{{user `access_key`}}",
          "secret_key": "{{user `secret_key`}}",
          "region": "{{user `region`}}",
          "image_name": "{{user `image_name`}}",
          "source_image": "{{user `source_image`}}",
          "instance_type": "{{user `instance_type`}}",
          "ssh_username": "root",
          "skip_image_validation": "true",
          "io_optimized": "true"
        }
      ],
   "provisioners": [
        {
            "type": "file",
            "source": "scripts/ack-optimized-os-linux3-all.sh",
            "destination": "/root/"
        },
        {
            "type": "shell",
            "inline": [
                "export RUNTIME=containerd",
                "export SKIP_SECURITY_FIX=true",
                "export KUBE_VERSION=1.28.9-aliyun.1",
                "export OS_ARCH=arm64",
                "bash /root/ack-optimized-os-linux3-all.sh"
            ]
        }
      ]
    }

定製GPU節點系統鏡像,加速啟動

重要

自訂GPU鏡像和自訂CPU鏡像暫不支援混用。

展開查看詳情

{
      "variables": {
        "region": "{{env `ALICLOUD_REGION`}}",
        "image_name": "ack-custom_image",
        "source_image": "aliyun_2_1903_x64_20G_alibase_20221102.vhd",
        "instance_type": "ecs.gn6i-c4g1.xlarge",   # 預置GPU安裝需要設定GPU規格的類型。
        "access_key": "{{env `ALICLOUD_ACCESS_KEY`}}",
        "secret_key": "{{env `ALICLOUD_SECRET_KEY`}}"
      },
    "builders": [
        {
          "type": "alicloud-ecs",
          "access_key": "{{user `access_key`}}",
          "secret_key": "{{user `secret_key`}}",
          "region": "{{user `region`}}",
          "image_name": "{{user `image_name`}}",
          "source_image": "{{user `source_image`}}",
          "instance_type": "{{user `instance_type`}}",
          "ssh_username": "root",
          "skip_image_validation": "true",
          "io_optimized": "true"
        }
      ],
   "provisioners": [
        {
            "type": "file",
            "source": "scripts/ack-optimized-os-all.sh",
            "destination": "/root/"
        },
        {
            "type": "shell",
            "inline": [
                "export RUNTIME=containerd",
                "export SKIP_SECURITY_FIX=true",
                "export PRESET_GPU=true",          # 預置GPU安裝需要設定PRESET_GPU為true,不需要預置GPU時保持留空或設定為false。
                "export NVIDIA_DRIVER_VERSION=510.47.03",         # 設定GPU版本,留空則預設安裝460.91.03版本。
                "export KUBE_VERSION=1.22.3-aliyun.1",
                "export OS_ARCH=amd64",
                "bash /root/ack-optimized-os-all.sh"
            ]
        }
      ]
    }

將業務鏡像緩衝到系統鏡像中

展開查看詳情

{
      "variables": {
        "image_name": "ack-custom_image",
        "source_image": "aliyun_3_x64_20G_alibase_20240528.vhd",
        "instance_type": "ecs.c6.xlarge",
        "access_key": "{{env `ALICLOUD_ACCESS_KEY`}}",
        "region": "{{env `ALICLOUD_REGION`}}",
        "secret_key": "{{env `ALICLOUD_SECRET_KEY`}}"
      },
    "builders": [
        {
          "type": "alicloud-ecs",
          "access_key": "{{user `access_key`}}",
          "secret_key": "{{user `secret_key`}}",
          "region": "{{user `region`}}",
          "image_name": "{{user `image_name`}}",
          "source_image": "{{user `source_image`}}",
          "instance_type": "{{user `instance_type`}}",
          "ssh_username": "root",
          "skip_image_validation": "true",
          "io_optimized": "true"
        }
      ],
   "provisioners": [
        {
            "type": "file",
            "source": "scripts/ack-optimized-os-linux3-all.sh",
            "destination": "/root/"
        },
        {
            "type": "shell",
            "inline": [
                "export RUNTIME=containerd",
                "export SKIP_SECURITY_FIX=true",
                "export KUBE_VERSION=1.30.1-aliyun.1",
                "export OS_ARCH=amd64",
                "bash /root/ack-optimized-os-linux3-all.sh",
                "ctr -n k8s.io i pull registry-cn-hangzhou-vpc.ack.aliyuncs.com/acs/pause:3.9"        # 將業務鏡像固化到系統鏡像中。
            ]
        }
      ]
    }

掛載了資料盤的ECS執行個體在加入節點池的過程中會經歷磁碟初始化,預先緩衝的業務鏡像會被清理。如果您使用自訂鏡像產生ECS時有掛載資料盤的需求,可以選擇在製作自訂鏡像的過程中產生資料盤快照,確保業務鏡像不會被清理。

{
      "variables": {
        "image_name": "ack-custom_image",
        "source_image": "aliyun_3_x64_20G_alibase_20240528.vhd",
        "instance_type": "ecs.c6.xlarge",
        "access_key": "{{env `ALICLOUD_ACCESS_KEY`}}",
        "region": "{{env `ALICLOUD_REGION`}}",
        "secret_key": "{{env `ALICLOUD_SECRET_KEY`}}"
      },
    "builders": [
        {
          "type": "alicloud-ecs",
          "system_disk_mapping": {    
                    "disk_size": 120,
                    "disk_category": "cloud_essd"
                    },
          "image_disk_mappings": {
                    "disk_size": 40,
                    "disk_category": "cloud_auto"
                    },     # 製作自訂鏡像時配置資料盤,鏡像製作完成後將自動產生資料盤的快照。
          "access_key": "{{user `access_key`}}",
          "secret_key": "{{user `secret_key`}}",
          "region": "{{user `region`}}",
          "image_name": "{{user `image_name`}}",
          "source_image": "{{user `source_image`}}",
          "instance_type": "{{user `instance_type`}}",
          "ssh_username": "root",
          "skip_image_validation": "true",
          "io_optimized": "true"
        }
      ],
   "provisioners": [
        {
            "type": "file",
            "source": "scripts/ack-optimized-os-linux3-all.sh",
            "destination": "/root/"
        },
        {
            "type": "shell",
            "inline": [
                "export RUNTIME=containerd",
                "export SKIP_SECURITY_FIX=true",
                "export KUBE_VERSION=1.30.1-aliyun.1",
                "export OS_ARCH=amd64",
                "export MOUNT_RUNTIME_DATADISK=true",     # 將容器運行時的檔案路徑掛載到資料盤
                "bash /root/ack-optimized-os-linux3-all.sh",
                "ctr -n k8s.io i pull registry-cn-hangzhou-vpc.ack.aliyuncs.com/acs/pause:3.9",        # 將業務鏡像固化到系統鏡像中。
                "mv /var/lib/containerd /var/lib/container/containerd"       # 將鏡像檔案移動到資料盤
            ]
        }
      ]
    }

配置節點池時,您可以配置包含資料盤快照的自訂鏡像,系統會自動關聯對應的資料盤快照。

image

Runtime為Docker時拉取私人倉庫鏡像

docker login <鏡像地址> -u user -p password
docker pull nginx

Runtime為containerd時拉取私人倉庫鏡像

ctr -n k8s.io i pull --user=username:password nginx

自訂鏡像構建拉取私人倉庫鏡像

  1. 在已安裝完成Docker的Linux機器上,執行如下docker login命令,產生認證。

    docker login --username=zhongwei.***@aliyun-test.com --password xxxxxxxxxx registry.cn-beijing.aliyuncs.com

    docker login成功後,會在/root/.docker下產生認證config.json。96

  2. 將產生的config.json檔案製作成ConfigMap。

    apiVersion: v1
    kind: ConfigMap
    metadata:
      name: docker-config
    data:
      config.json: |-
    
        {
            "auths": {
                    "registry.cn-beijing.aliyuncs.com": {
                            "auth": "xxxxxxxxxxxxxx"
                    }
            },
            "HttpHeaders": {
                    "User-Agent": "Docker-Client/19.03.15 (linux)"
            }
    
        }
  3. 修改Job的YAML,將Configmap掛載到Pod中。95

    展開查看YAML詳情

    apiVersion: batch/v1
    kind: Job
    metadata:
      name: image-builder
      namespace: default
    spec:
      template:
        metadata:
          name: image-builder
        spec:
          containers:
            - name: image-builder
              image: "registry.cn-hangzhou.aliyuncs.com/acs/image-builder:v2.9"
              imagePullPolicy: Always
              env:
                - name: ALICLOUD_ACCESS_KEY
                  value: xxxxxxxxxxxxxx
                - name: ALICLOUD_SECRET_KEY
                  value: xxxxxxxxxxxxx
                - name: ALICLOUD_REGION
                  value: cn-heyuan
              command: ["packer"]
              args:  ["build","/config/ack.json"]
              volumeMounts:
                - name: config
                  mountPath: /config
                - name: docker
                  mountPath: /dockerconfig
          volumes:
            - name: config
              configMap:
                name: build-config
                items:
                  - key: ack.json
                    path: ack.json
            - name: docker
              configMap:
                name: docker-config
                items:
                  - key: config.json
                    path: config.json
          restartPolicy: Never
  4. 修改build-config,增加圖中所示內容。94

    展開查看詳情

    apiVersion: v1
    kind: ConfigMap
    metadata:
      name: build-config
    data:
      ack.json: |-
    
        {
          "variables": {
            "image_name": "ack-optimized_image-1.20-{{timestamp}}",
            "source_image": "aliyun_2_1903_x64_20G_alibase_20221102.vhd",
            "instance_type": "ecs.c6.xlarge",
            "region": "{{env `ALICLOUD_REGION`}}",
            "access_key": "{{env `ALICLOUD_ACCESS_KEY`}}",
            "secret_key": "{{env `ALICLOUD_SECRET_KEY`}}"
          },
          "builders": [
            {
              "type": "alicloud-ecs",
              "access_key": "{{user `access_key`}}",
              "secret_key": "{{user `secret_key`}}",
              "region": "{{user `region`}}",
              "image_name": "{{user `image_name`}}",
              "source_image": "{{user `source_image`}}",
              "ssh_username": "root",
              "instance_type": "{{user `instance_type`}}",
              "skip_image_validation": "true",
              "io_optimized": "true"
            }
          ],
          "provisioners": [{
           "type": "file",
           "source": "scripts/ack-optimized-os-all.sh",
           "destination": "/root/"
            },
            {
           "type": "file",
           "source": "dockerconfig/config.json",
           "destination": "/root/"
            },
            {
           "type": "shell",
           "inline": [
             "export OS_ARCH=amd64",
             "export RUNTIME=docker",
             "export SKIP_SECURITY_FIX=true",
             "export KUBE_VERSION=1.22.15-aliyun.1",
             "bash /root/ack-optimized-os-all.sh",
             "mkdir -p /root/.docker",
             "cp /root/config.json /root/.docker",
             "docker pull registry.cn-beijing.aliyuncs.com/ringtail/kruise-game:0.1"
    
          ]
          }]
        }
  5. 執行Job。

設定鏡像上傳、下載並發數

  1. 登入Container Service管理主控台,在左側導覽列單擊叢集

  2. 叢集列表頁面,單擊目的地組群名稱,然後在左側導覽列,選擇節點管理 > 節點池

  3. 單擊目標節點池名稱,然後單擊基本資料頁簽,在節點池資訊地區,單擊Auto Scaling ESS 伸縮組 的連結。

  4. 單擊執行個體配置來源頁簽,然後在操作列單擊目標伸縮配置右側的修改,單擊確定

  5. 修改伸縮配置頁面,修改相關配置項並展開進階設定,記錄執行個體自訂資料地區的內容。使用Base64編碼方式解密執行個體自訂資料框中的資料。

  6. 解密完成後,將以下代碼加入解密後代碼的後面。

    yum install -y jq
    echo "$jq '. += {"max-concurrent-downloads": 20,"max-concurrent-uploads": 20}' /etc/docker/daemon.json" > /etc/docker/daemon.json
    service docker restart

    加

  7. 使用Base64編碼方式加密合成的代碼,用加密後的代碼替換原來執行個體自訂資料框中的代碼,單擊修改,然後單擊確認修改

製作Alibaba Cloud Linux 3自訂鏡像

展開查看詳情

apiVersion: v1
kind: ConfigMap
metadata:
  name: build-config
data:
  ack.json: |-
    
    {
      "variables": {
        "image_name": "ack-optimized_image-1.22-{{timestamp}}",
        "source_image":"aliyun_3_x64_20G_alibase_20230110.vhd",  # Alibaba Cloud Linux 3的基礎鏡像。
        "instance_type": "ecs.c6.xlarge",
        "region": "{{env `ALICLOUD_REGION`}}",
        "access_key": "{{env `ALICLOUD_ACCESS_KEY`}}",
        "secret_key": "{{env `ALICLOUD_SECRET_KEY`}}",
      },
      "builders": [
        {
          "type": "alicloud-ecs",
          "access_key": "{{user `access_key`}}",
          "secret_key": "{{user `secret_key`}}",
          "region": "{{user `region`}}",
          "image_name": "{{user `image_name`}}",
          "source_image": "{{user `source_image`}}",
          "ssh_username": "root",  
          "instance_type": "{{user `instance_type`}}",
          "skip_image_validation": "true",
          "io_optimized": "true"
        }
      ],
      "provisioners": [{
       "type": "file",
       "source": "scripts/ack-optimized-os-linux3-all.sh",
       "destination": "/root/"
        },
        {
       "type": "shell",
       "inline": [
         "export RUNTIME=containerd",
         "export SKIP_SECURITY_FIX=true",
         "export OS_ARCH=amd64",
         "export KUBE_VERSION=1.22.3-aliyun.1",
         "bash /root/ack-optimized-os-linux3-all.sh",
      ]
      }]
    }

製作Red Hat Enterprise Linux 9自訂鏡像

展開查看詳情

apiVersion: v1
kind: ConfigMap
metadata:
  name: build-config
data:
  ack.json: |-
    
    {
      "variables": {
        "image_name": "ack-optimized_image-1.26-{{timestamp}}",
        "source_image": "m-bp1c7zuf8mcabc99babc",       # RHEL9的基礎鏡像。
        "instance_type": "ecs.c6.xlarge",
        "region": "{{env `ALICLOUD_REGION`}}",
        "access_key": "{{env `ALICLOUD_ACCESS_KEY`}}",
        "secret_key": "{{env `ALICLOUD_SECRET_KEY`}}",
        "runtime": "{{env `RUNTIME`}}",
        "skip_secrutiy_fix": "{{env `SKIP_SECURITY_FIX`}}"
      },
      "builders": [
        {
          "type": "alicloud-ecs",
          "access_key": "{{user `access_key`}}",
          "secret_key": "{{user `secret_key`}}",
          "region": "{{user `region`}}",
          "image_name": "{{user `image_name`}}",
          "source_image": "{{user `source_image`}}",
          "ssh_username": "root",
          # "vpc_id": "",
          # "vswitch_id": "",
          # "security_group_id": "",      
          "instance_type": "{{user `instance_type`}}",
          "skip_image_validation": "true",
          "io_optimized": "true"
        }
      ],
      "provisioners": [{
       "type": "file",
       "source": "scripts/ack-optimized-os-rhel9-all.sh",
       "destination": "/root/"
        },
        {
       "type": "shell",
       "inline": [
         "export RUNTIME=containerd",
         "export SKIP_SECURITY_FIX=true",
         "export OS_ARCH=amd64",
         "export KUBE_VERSION=1.26.3-aliyun.1",
         "bash /root/ack-optimized-os-rhel9-all.sh"
      ]
      }]
    }

相關操作

  • 使用Alicloud Image Builder建立好自訂鏡像後,您就可以使用自訂的鏡像建立Auto Scaling節點池以實現快速擴容節點。關於如何建立彈性節點池,請參見啟用節點自動調整

  • 建立好自訂鏡像後,您可以使用自訂鏡像建立叢集。詳細資料,請參見基於自訂鏡像建立叢集或節點池