History

Noel Georgi d64ce44e46 chore(ci): e2e gcp Add e2e-gcp. Also drop other CAPI stuff. Fixes: #8842 Signed-off-by: Noel Georgi <git@frezbo.dev>		2024-09-06 19:07:20 +05:30
..
aws.go	chore: ensure tls required on s3 buckets	2024-07-17 10:27:29 +02:00
azure.go	feat: update Linux to 6.6.29	2024-05-01 15:59:04 +04:00
gcp.go	chore(ci): e2e gcp	2024-09-06 19:07:20 +05:30
go.mod	feat: update dependencies	2024-09-06 15:51:05 +04:00
go.sum	feat: update dependencies	2024-09-06 15:51:05 +04:00
main.go	chore: support gcp in cloud-image-uploader	2024-09-04 15:08:29 +05:30
options.go	chore: support gcp in cloud-image-uploader	2024-09-04 15:08:29 +05:30
README.md	chore: support gcp in cloud-image-uploader	2024-09-04 15:08:29 +05:30
role-policy.json	chore: add cloud image uploader (AWS AMIs for now)	2020-11-20 08:42:01 -08:00
trust-policy.json	chore: add cloud image uploader (AWS AMIs for now)	2020-11-20 08:42:01 -08:00

README.md

cloud-image-uploader

vmimport role

Role should be pre-created before running this command.

aws iam create-role --role-name vmimport --assume-role-policy-document file://trust-policy.json
aws iam put-role-policy --role-name vmimport --policy-name vmimport --policy-document file://role-policy.json

Azure Pre-requisites

Configuring the Portal

Community Gallery (preview) information can be found here.

Create Resource Group: SideroGallery
- Azure Documentation
Create Storage Account: siderogallery
- Azure Documentation
Create storage Container: images
- Azure Documentation
Create Azure Compute Gallery: SideroLabs
- Azure Documentation
- Search for Azure Compute Gallery in the portal search bar.
- Select Create.
- Fill in the required information.
  - In the Sharing Tab select RBAC + share to public community gallery (PREVIEW)
  - Select Review + create
Create Compute Gallery Image Definition: talos-arm64, `talos-x64
- Azure Documentation
- Select the SideroLabs Compute Gallery.
- Select the notification at the top of the page to share the gallery.
- Select New Image Definition
  - Create an Image definition for each architecture type:
    - This is where V2 must be selected for the VM generation in order for an arm64 image version to be created in the definition.
      - Publisher: siderolabs
      - Offer: talos
      - SKU: must be unique
      - Do not create an image version yet.

App Registration

The App Registration is what we will use to authenticate to Azure for uploading blobs and creating resources.

Azure Documentation

Create an App Registration

Search for and Select Azure Active Directory.
Select App registrations, then select New registration.
Name the application, for example "example-app".
Select a supported account type, which determines who can use the application.
Under Redirect URI, select Web for the type of application you want to create, enter the URI where the access token is sent to.
Select Register.

Environment Variables

Get the following values for azure-go-sdk

Subscription ID -Login into your Azure account
- Select Subscriptions in the left sidebar
- Select whichever subscription is needed
- Click on Overview
- Copy the Subscription ID
Client ID
Client Secret
Tenant ID

These are stored as Drone secrets as:

azure_subscription_id
azure_client_id
azure_client_secret
azure_tenant_id

Add permissions for App Registration

The App registration only needs permissions to the Compute Gallery and the Storage Account.

Compute Gallery:
- Select the SideroLabs Compute Gallery
- Select Access control (IAM)
- Select Add role assignment
- Select the Contributor role
Storage Account:
- Select the siderolabs Storage Account
- Select Access control (IAM)
- Select Add role assignment
- Select the Storage Blob Data Contributor role

Google Cloud Pre-requisites

GOOGLE_PROJECT_ID - Google Cloud Project ID
GOOGLE_CREDENTIALS_JSON - Google Cloud Service Account JSON