Skip to main content

Rocky and Palette eXtended Kubernetes

This guide teaches you how to use the CAPI Image Builder tool to create a custom Rocky Linux image with Palette eXtended Kubernetes (PXK) for VMware vSphere and use the image to create a cluster profile. You can use either a Rocky Linux boot ISO or an existing Rocky Linux VM to create your image.

tech preview
This is a Tech Preview feature and is subject to change. Do not use this feature in production workloads.

Prerequisites

  • Access to the VMware vSphere environment, including credentials and permission to create virtual machines.

  • An existing Linux device used to execute commands and build your Rocky image. This device must have the following resources available and the following software installed:

    • 4 CPUs
    • 8 GB of RAM
    • 50 GB of free disk space
    • Docker or Podman
    • curl
    • (Optional) Any custom Bash scripts (.sh files) that you want to execute when creating your Rocky image. Custom scripts are supported beginning with CAPI Image Builder version 4.6.23.

Build Custom Image

  1. Open a terminal session on your Linux machine and set your CAPI Image Builder version tag as a variable. This guide uses version 4.6.24 as an example. Refer to the CAPI Image Builder Downloads page for the latest version.

    CAPI_IMAGE_BUILDER_VERSION=<capi-image-builder-version-tag>
    echo CAPI Image Builder version: $CAPI_IMAGE_BUILDER_VERSION
    Example output
    CAPI Image Builder version: v4.6.24

  2. Download the CAPI Image Builder image.

    docker pull us-docker.pkg.dev/palette-images/palette/imagebuilder/capi-builder:$CAPI_IMAGE_BUILDER_VERSION

  3. Create an output directory to store the image files and set the required permissions.

    mkdir /home/$USER/output
    chmod a+rwx /home/$USER/output

  4. Navigate to the output directory.

    cd /home/$USER/output

  1. Download the Rocky Linux ISO file into the output directory. Ensure you download a x86_64-dvd.iso file and not a x86_64-boot.iso file.

    This guide uses Rocky 8 as an example. Refer to the Configuration Reference page for details on supported operating systems.

    curl https://download.rockylinux.org/pub/rocky/8/isos/x86_64/Rocky-8-latest-x86_64-dvd.iso --output Rocky-8-latest-x86_64-dvd.iso

  2. Calculate the SHA256 checksum for the Rocky ISO you downloaded. The calculation might take a few minutes. Save the output, as you will need it later.

    sha256sum Rocky-8-latest-x86_64-dvd.iso

    The output should be similar to the sample output displayed below.

    Example Rocky SHA
    642ada8a49dbeca8cca6543b31196019ee3d649a0163b5db0e646c7409364eeb  Rocky-8-latest-x86_64-dvd.iso

  3. Download the imageconfig template file.

    curl https://software.spectrocloud.com/tools/capi-image-builder/imageconfig --output imageconfig

  4. Open the imageconfig template file in an editor of your choice and fill in the required parameters. The imageconfig file is the file used to personalize the base CAPI image for your cluster, which you can alter to fit your needs. This includes specifying the OS type, Kubernetes version, whether the image should be FIPS compliant, and more.

    The following example configuration configures a Rocky 8 CAPI image from a Rocky ISO using the SHA256 checksum of the Rocky ISO from step 6 of this guide. Replace all VMware-related placeholders in the Define Vmware infra details section with values from your VMware vSphere environment.

    For a complete list of parameters, refer to the Configuration Reference page. Additionally, refer to the Compatibility Matrix for a list of supported Kubernetes versions and their corresponding dependencies.

     # Define the OS type and version here
     # os_version=rhel-8 | rhel-9 | rockylinux-8 | rockylinux-9
     # image_type=standard | fips
     os_version=rockylinux-8
     image_type=standard

     # Define the image name
     # image_name=<Final Image Name to create>
     image_name=rocky-8

     # Define the Cloud type
     # cloud_type=vmware
     cloud_type=vmware

     # Define the Component Versions
     #
     # containerd crictl and cni version update should be done
     #   only if the images are available in the upstream repositories
     k8s_version=1.30.4
     cni_version=1.3.0
     containerd_version=1.7.13
     crictl_version=1.28.0

     # Define RHEL subscription credentials(if $image_type=rhel)
     # used while image creation to use package manager
     #rhel_subscription-user=
     #rhel_subscription_pass=

     # Define ISO url(if image is rhel or rockylinux)
     iso_name=Rocky-8-latest-x86_64-dvd.iso
     iso_checksum=<iso-checksum>

     # Define AWS infra details
     aws_access_key=
     aws_secret_key=

     # Define Vmware infra details
     vcenter_server=<vcenter-server>
     vcenter_user=<vcenter-user>
     vcenter_password=<vcenter-password>
     vcenter_datacenter=<vcenter-datacenter>
     vcenter_datastore=<vcenter-datastore>
     vcenter_network=<vcenter-network>
     vcenter_folder=<vcenter-folder>
     vcenter_cluster=<vcenter-cluster>
     vcenter_resource_pool=<vcenter-resource-pool>

     # Optional: for OVA based builds
     vcenter_template=

     # Define Azure infra details
     azure_client_id=
     azure_client_secret=
     azure_subscription_id=
     azure_location=
     azure_storage_account=
     azure_resource_group=

     # Define GCE infra details
     google_app_creds=
     gcp_project_id=

     # Airgap Configuration
     airgap=false
     airgap_ip=""
     k8s_rpm_key=
     k8s_rpm_server=
     containerd_url=
     crictl_url=
     k8s_container_reg=
     cert_url=
    tip

    To build a FIPS-compliant image, keep the image_type set to fips.

    Once you are finished making changes, save and exit the file.

  5. (Optional) You can add custom Bash scripts (.sh files) to run before or after the build process. This feature is available beginning with CAPI Image Builder version 4.6.23. If any scripts are found in the relevant directories, they are copied to an Ansible playbook. If you do not want to add custom scripts, skip this step.

    Add Pre- and Post-Install Bash Scripts

    1. In the output directory, create the directories custom_scripts/pre and custom_scripts/post.

      mkdir -p custom_scripts/pre custom_scripts/post

    2. Move any scripts that you want to be executed before the build process to the pre directory. Move any scripts that you want to be executed after the build process to the post directory. Ensure the scripts are executable.

      Below is an example of moving a pre-install script to the appropriate pre directory and making it executable.

      Example of moving a script and modifying permissions
      mv sample-script.sh custom_scripts/pre/sample-script.sh
      chmod +x custom_scripts/pre/sample-script.sh

  6. Issue the command below to start the CAPI Image Builder container and assign the container ID to the BUILD_ID variable. The tool will create and configure a VM with Dynamic Host Configuration Protocol (DHCP) in your VMware vSphere environment using the image_name defined in imageconfig. The tool will then generate a Rocky image from the VM and save it to the output directory.

    BUILD_ID=$(docker run --net=host --volume /home/$USER/output:/home/imagebuilder/output  --detach  us-docker.pkg.dev/palette-images/palette/imagebuilder/capi-builder:$CAPI_IMAGE_BUILDER_VERSION)

    If you need the VM to use static IP placement instead of DHCP, follow the steps described below.

    CAPI Image Builder with Static IP Placement

    1. Download the Rocky 8 ks.cfg file from the Image Builder GitHub repository directly into the output folder.

      curl --location https://github.com/kubernetes-sigs/image-builder/raw/main/images/capi/packer/ova/linux/rockylinux/http/8/ks.cfg.tmpl --output ks.cfg

    2. Open the ks.cfg file in an editor of your choice. Locate and replace the network line network --bootproto=dhcp --onboot=on --ipv6=auto --activate --hostname=capv.vm with the configuration below.

      network --bootproto=static --ip=<vcenter-static-ip-address> --netmask=<vcenter-netmask> --gateway=<vcenter-gateway> --nameserver=<vcenter-nameserver>

      Replace <vcenter-static-ip-address> with a valid IP address from your VMware vSphere environment and <vcenter-netmask>, <vcenter-gateway>, and <vcenter-nameserver> with the correct values from your VMware vSphere environment. The <vcenter-netmask> parameter must be specified in dotted decimal notation, for example, --netmask=255.255.255.0.

      Once you are finished making changes, save and exit the file.

    3. Issue the command below to start the CAPI Image Builder container and assign the container ID to the BUILD_ID variable. The tool will use the imageconfig file to create and configure a VM with static IP placement in your VMware vSphere environment.

      BUILD_ID=$(docker run --net=host --volume /home/$USER/output:/home/imagebuilder/output  --detach  us-docker.pkg.dev/palette-images/palette/imagebuilder/capi-builder:$CAPI_IMAGE_BUILDER_VERSION)

  7. Execute the following command to view the CAPI Image Builder container logs and monitor the build progress. It may take a few minutes for the logs to start being displayed, and the build takes several minutes to complete. If you added any custom scripts in step 9, the output will be displayed in the build log.

    docker logs --follow $BUILD_ID

  8. Once the build is complete, the Rocky CAPI image is downloaded to the output directory as the image_name specified in the imageconfig file. Issue the following command to confirm that the build files are present in the output directory.

    ls -l <image_name>
    Example output
    -rw-r--r-- 1 ubuntu ubuntu       1203 Nov 18 02:48 packer-manifest.json
    -rw-r--r-- 1 ubuntu ubuntu 3571576320 Nov 18 02:48 rocky-8-disk-0.vmdk
    -rw-r--r-- 1 ubuntu ubuntu       9507 Nov 18 02:48 rocky-8-fips.ovf
    -rw-r--r-- 1 ubuntu ubuntu        212 Nov 18 02:48 rockylinux-8-kube-v1.30.4.mf
    -rw-r--r-- 1 ubuntu ubuntu 3571630080 Nov 18 02:49 rockylinux-8-kube-v1.30.4.ova
    -rw-r--r-- 1 ubuntu ubuntu         64 Nov 18 02:49 rockylinux-8-kube-v1.30.4.ova.sha256
    -rw-r--r-- 1 ubuntu ubuntu      41044 Nov 18 02:48 rockylinux-8-kube-v1.30.4.ovf

  9. Locate the new Rocky image VM in your VMware vSphere environment. Right-click the VM and select Clone > Clone to Template.

    tip

    Once the image is built, you can connect to the image via SSH. The following steps are based on guidance from the Image Builder Book.

    Connect to image VM with SSH

    1. On a machine with govc installed and configured with your VMware vSphere credentials, clone the Kubernetes Image Builder repository.

    2. Navigate to the capi directory of the Kubernetes Image Builder repository.

      cd ./image-builder/images/capi/

    3. Run the Kubernetes Image Builder image-govc-cloudinit.sh script and pass in the image_name of your Rocky image VM as specified in the imageconfig file. This creates a snapshot of the image and updates it with the data located in the cloudinit directory. Ensure the VM is off before running the command.

      ./hack/image-govc-cloudinit.sh <image_name>
      Example output
      image-govc-cloudinit: creating snapshot 'new'
      image-govc-cloudinit: initializing cloud-init data
      image-govc-cloudinit: creating snapshot 'cloudinit'

    4. Set read-write permissions for the id_rsa.capi file.

      chmod 600 cloudinit/id_rsa.capi

    5. Power on the Rocky image VM.

    6. Connect to the VM via SSH using your id_rsa.capi key. Replace <vm-ip> with the IP of your Rocky image VM.

      ssh -i cloudinit/id_rsa.capi capv@<vm-ip>

  10. Enter a VM template name, choose a location for the template, and select Next.

    info

    The name and location do not have to match those defined in the imageconfig file. The same applies to the remaining locations and resources specified in the following steps.

  11. Choose a compute resource and select Next.

  12. Choose a storage location and select Next.

  13. Review your template configurations and select Finish to convert the VM into a Rocky image template that you can reference when creating your cluster profile.

Create Cluster Profile

The Rocky image is now built and available in the VMware vSphere environment. You can use it to create a cluster profile and deploy a VMware host cluster.

  1. Log in to Palette.

  2. From the left main menu, select Profiles > Add Cluster Profile.

  3. In the Basic Information section, assign the cluster profile a Name, brief Description, and Tags. Choose Full or Infrastructure for the profile Type, and select Next.

  4. In the Cloud Type section, choose VMware vSphere, and select Next.

  1. Select the Bring Your Own OS (BYOOS) pack and provide the following values in the YAML configuration editor. Proceed to the Next layer when finished.

    FieldDescriptionExample
    osImageOverrideThe path to your Rocky Linux image template in your VMware vSphere environment./Datacenter/vm/sp-docs/rockylinux-8-kube-v1.30.4
    osNameThe type of operating system used in your image.rockylinux
    osVersionThe version of your operating system. Enter 8 or 9 depending on the Rocky Linux os_version referenced in the imageconfig file.8
    Example YAML configuration
    pack:
      osImageOverride: "/Datacenter/vm/sp-docs/rockylinux-8-kube-v1.30.4"
      osName: "rockylinux"
      osVersion: "8"

  2. Select the Palette eXtended Kubernetes (PXK) pack. Ensure the Pack Version matches the k8s_version specified in the imageconfig file. Proceed to the Next layer.

  1. Complete the remaining profile layers, making any changes necessary. When finished, select Finish Configuration to create your cluster profile. For additional information on creating cluster profiles, refer to our Create an Infrastructure Profile and Create a Full Profile guides.

Next Steps

After you have created an OS image with CAPI Image Builder and have it referenced in a cluster profile, you can deploy a VMware host cluster using the created cluster profile. Refer to the Deploy App Workloads with a PCG tutorial for instructions on deploying a VMware host cluster.