Skip to content

Commit 0d13d32

Browse files
syscod3syscod3
committed
feat(hack): OCI golden image builder, Packer wrapper, and e2e improvements
- hack/oci-build-golden-image.sh: idempotent golden image builder; auto-detects compartment/AD for VM.Standard.E2.1.Micro, reuses or creates VCN/subnet, prunes oldest images when custom image quota is full - hack/packer-build-golden-image.sh + hack/packer-oci-golden-image.pkr.hcl: Packer wrapper that delegates pre/post checks to the shell builder - hack/oci-firecracker-e2e.sh: auto-resolves OCI profile/compartment/AD/subnet, auto-builds golden image when OCI_IMAGE_OCID is unset - infra/terraform: OCI compartment, identity domain, and API user provisioning - README.md: document golden image and e2e usage
1 parent 4a16fd9 commit 0d13d32

9 files changed

Lines changed: 1316 additions & 8 deletions

README.md

Lines changed: 73 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,79 @@
1212
- kubectl version v1.11.3+.
1313
- Access to a Kubernetes v1.11.3+ cluster.
1414

15+
### OCI Golden Image + Firecracker E2E
16+
17+
The repository includes two standalone IaC scripts:
18+
19+
- `hack/oci-build-golden-image.sh`
20+
- `hack/oci-firecracker-e2e.sh`
21+
- `hack/packer-build-golden-image.sh` (Packer wrapper around `oci-build-golden-image.sh`)
22+
23+
`hack/oci-build-golden-image.sh` is idempotent for missing OCI inputs:
24+
25+
- auto-detects compartment and AD for `VM.Standard.E2.1.Micro` from limits
26+
- reuses an existing public subnet, or creates a minimal public VCN/subnet stack
27+
- prunes oldest `imp-fc-golden-*` images if custom image quota is full
28+
29+
Build a minimal golden image:
30+
31+
```sh
32+
IMP_OCI_PROFILE=syscode-api \
33+
IMP_OCI_COMPARTMENT_NAME=homelab \
34+
IMP_OCI_DOMAIN_NAME=homelab \
35+
OCI_SSH_PUBLIC_KEY_FILE="$HOME/.ssh/builder.pub" \
36+
OCI_SSH_PRIVATE_KEY_FILE="$HOME/.ssh/builder" \
37+
OCI_OUTPUT_ENV_FILE="$HOME/.config/imp/oci-golden.env" \
38+
hack/oci-build-golden-image.sh
39+
```
40+
41+
Build the same golden image through Packer while reusing the script checks:
42+
43+
```sh
44+
IMP_OCI_PROFILE=syscode-api \
45+
IMP_OCI_COMPARTMENT_NAME=homelab \
46+
IMP_OCI_DOMAIN_NAME=homelab \
47+
OCI_SSH_PUBLIC_KEY_FILE="$HOME/.ssh/builder.pub" \
48+
OCI_SSH_PRIVATE_KEY_FILE="$HOME/.ssh/builder" \
49+
OCI_OUTPUT_ENV_FILE="$HOME/.config/imp/oci-golden.env" \
50+
hack/packer-build-golden-image.sh
51+
```
52+
53+
Run e2e using the generated image:
54+
55+
```sh
56+
source "$HOME/.config/imp/oci-golden.env"
57+
IMP_OCI_PROFILE=syscode-api \
58+
IMP_OCI_COMPARTMENT_NAME=homelab \
59+
IMP_OCI_DOMAIN_NAME=homelab \
60+
OCI_SSH_PUBLIC_KEY_FILE="$HOME/.ssh/builder.pub" \
61+
OCI_SSH_PRIVATE_KEY_FILE="$HOME/.ssh/builder" \
62+
OCI_IMAGE_OCID="$OCI_IMAGE_OCID" \
63+
hack/oci-firecracker-e2e.sh
64+
```
65+
66+
Or run e2e and let it build a golden image automatically when `OCI_IMAGE_OCID` is unset:
67+
68+
```sh
69+
IMP_OCI_PROFILE=syscode-api \
70+
IMP_OCI_COMPARTMENT_NAME=homelab \
71+
IMP_OCI_DOMAIN_NAME=homelab \
72+
OCI_SSH_PUBLIC_KEY_FILE="$HOME/.ssh/builder.pub" \
73+
OCI_SSH_PRIVATE_KEY_FILE="$HOME/.ssh/builder" \
74+
hack/oci-firecracker-e2e.sh
75+
```
76+
77+
Notes:
78+
79+
- OCI requires boot volume size `>= 50` GB.
80+
- Golden image max size is controlled by `OCI_GOLDEN_MAX_GB` (default `50` GiB), and the script will fail/delete oversize images by default.
81+
- Optional: set `OCI_GOLDEN_ZERO_FILL=true` to zero free space before capture (slower, may reduce resulting image size).
82+
- If your SSH key is passphrase-protected, use an unencrypted key for automation or set `ALLOW_SSH_AGENT=true` with a loaded agent.
83+
- Targeting defaults can be set once with:
84+
- `IMP_OCI_PROFILE` (recommended `syscode-api`)
85+
- `IMP_OCI_COMPARTMENT_NAME` (recommended `homelab`)
86+
- `IMP_OCI_DOMAIN_NAME` (recommended `homelab`)
87+
1588
### To Deploy on the cluster
1689
**Build and push your image to the location specified by `IMG`:**
1790

0 commit comments

Comments
 (0)