.png)
vSphere FIPS: Create a CAPI VM Template
Prerequisites
Users need to create a vSphere FIPS: Create an Image before starting this procedure.
Build image with Konvoy Image Builder (KIB)
In step 4 of the following section, ensure you use
--overrides overrides/fips.yaml
Create a vSphere Template for Your Cluster from a Base OS Image
Using the base OS image created in a previous procedure, DKP creates the new vSphere template directly on the vCenter server.
Set the following vSphere environment variables on the bastion VM host:
CODEexport VSPHERE_SERVER=your_vCenter_APIserver_URL export VSPHERE_USERNAME=your_vCenter_user_name export VSPHERE_PASSWORD=your_vCenter_passwordCopy the base OS image file created in the vSphere Client to your desired location on the bastion VM host and make a note of the path and file name.
Create an
image.yamlfile and add the following variables for vSphere. DKP uses this file and these variables as inputs in the next step. To customize yourimage.yamlfile, refer to this section: Customize your Image.
⚠️ NOTE: This example is Ubuntu 20.04. You will need to replace OS name below based on your OS. See other default YAML examples for copy and paste below last step.CODE--- download_images: true build_name: "ubuntu-2004" packer_builder_type: "vsphere" guestinfo_datasource_slug: "https://raw.githubusercontent.com/vmware/cloud-init-vmware-guestinfo" guestinfo_datasource_ref: "v1.4.0" guestinfo_datasource_script: "{{guestinfo_datasource_slug}}/{{guestinfo_datasource_ref}}/install.sh" packer: cluster: "<VSPHERE_CLUSTER_NAME>" datacenter: "<VSPHERE_DATACENTER_NAME>" datastore: "<VSPHERE_DATASTORE_NAME>" folder: "<VSPHERE_FOLDER>" insecure_connection: "false" network: "<VSPHERE_NETWORK>" resource_pool: "<VSPHERE_RESOURCE_POOL>" template: "os-qualification-templates/d2iq-base-Ubuntu-20.04" # change default value with your base template name vsphere_guest_os_type: "other4xLinux64Guest" guest_os_type: "ubuntu2004-64" # goss params distribution: "ubuntu" distribution_version: "20.04" # Use following overrides to select the authentication method that can be used with base template # ssh_username: "" # can be exported as environment variable 'SSH_USERNAME' # ssh_password: "" # can be exported as environment variable 'SSH_PASSWORD' # ssh_private_key_file = "" # can be exported as environment variable 'SSH_PRIVATE_KEY_FILE' # ssh_agent_auth: false # is set to true, ssh_password and ssh_private_key will be ignoredCreate a vSphere VM template with your variation of the following command:
CODEkonvoy-image build images/ova/<image.yaml>Any additional configurations can be added to this command using
--overridesflags as shown below:Any credential overrides:
--overrides overrides.yamlfor FIPS, add this flag:
--overrides overrides/fips.yamlfor air-gapped, add this flag:
--overrides overrides/offline-fips.yaml
The Konvoy Image Builder (KIB) uses the values in
image.yamland the input base OS image to create a vSphere template directly on the vCenter server. This template contains the required artifacts needed to create a Kubernetes cluster.
When KIB provisions the OS image successfully, it creates a manifest file. Theartifact_idfield of this file contains the name of the AMI ID (AWS), template name (vSphere), or image name (GCP/Azure), for example:CODE{ "name": "vsphere-clone", "builder_type": "vsphere-clone", "build_time": 1644985039, "files": null, "artifact_id": "konvoy-ova-vsphere-rhel-84-1.21.6-1644983717", "packer_run_uuid": "260e8110-77f8-ca94-e29e-ac7a2ae779c8", "custom_data": { "build_date": "2022-02-16T03:55:17Z", "build_name": "vsphere-rhel-84", "build_timestamp": "1644983717", [...] } }Recommendation: Now we can now see the template created in our vCenter, it is best to rename it to
dkp-<DKP_VERSION>-k8s-<K8S_VERSION>-<DISTRO>, likedkp-2.4.0-k8s-1.24.6-ubuntuto keep templates organized.Next steps are to deploy a DKP cluster using your vSphere template.