Figure out how to publish images

[vincepri]

/kind design

Describe the solution you'd like Currently, the image building lives in https://github.com/kubernetes-sigs/image-builder/tree/master/images/capi/packer/gce. We don't have a good way to share images with users yet and I'm not totally sure if it's possible in GCP to make images of a project public.

This issue needs a little bit more investigation, in the mean time, we can ask users to build their own images as part of the quick start.

/cc @justinsb

[sara4dev]

we could create a virtual disk and share it from public GCS bucket. And users can create custom images by importing the virtual disks - https://cloud.google.com/compute/docs/import/importing-virtual-disks

[alejandrox1]

I'd like to help out with this one /assign

[vincepri]

/assign @justinsb

[fejta-bot]

Issues go stale after 90d of inactivity. Mark the issue as fresh with /remove-lifecycle stale. Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta. /lifecycle stale

[vincepri]

/lifecycle frozen

[asatish]

I found a way to mark images for public consumption and how to use public images

To mark an image for public consumption: https://cloud.google.com/compute/docs/images/managing-access-custom-images#share-images-publicly

gcloud compute images add-iam-policy-binding image-name \ --member='allAuthenticatedUsers' \ --role='roles/compute.imageUser'

To use an image which is public: https://cloud.google.com/compute/docs/images/managing-access-custom-images#accessing_images

The project which has the image needs to be explicitly specified gcloud compute instances create test-instance \ --image database-image-a --image-project database-images

[cpanato]

i'm doing some work on this

• https://github.com/kubernetes/test-infra/pull/22041
• https://github.com/kubernetes-sigs/image-builder/pull/445

/assign

[tpdownes]

Here's a basic example of how to do this with post-processors:

  post-processor "manifest" {}

  post-processor "shell-local" {
    inline = [
      "IMAGE=$(jq -r \".builds[-1].artifact_id\" packer-manifest.json)",
      "gcloud compute images add-iam-policy-binding $${IMAGE} --project=${var.project_id} --member='allAuthenticatedUsers' --role='roles/compute.imageUser'",
    ]

You can specify the manifest file using output in the first block.

[sathieu]

What is the status of this? Any image publicly available?

[cpanato]

we publish some nightly images that we rebuild everyday, if you want i can share the project and maybe you can copy from there for your own project

[sathieu]

@cpanato Thanks. Could the image be made public as per https://github.com/kubernetes-sigs/cluster-api-provider-gcp/issues/152#issuecomment-738339787?

[cpanato]

@sathieu sorry for the delay, the images are public in the gcp project k8s-staging-cluster-api-gcp i will check how we can make that a general available inside the gcp cloud

[sathieu]

Thanks @cpanato. I've not found (yet) how to access those images ...

[cpanato]

you can check here https://github.com/kubernetes-sigs/cluster-api-provider-gcp/blob/main/scripts/ci-e2e.sh#L56 we export the IMAGE_ID and then you can use to bootstrap the cluster