Packer: Packing Custom AMIs (Amazon Linux 2) for EKS
Packing the AMI
The first question that comes to your mind might be: Why do you need to switch to a custom AMI when AWS provides Optimised AMIs for EKS?
The truth be told, is that not everyone is a fan of Amazon Linux 2 and not all cybersecurity folks are fans of the black box “optimisation” done by AWS. Hence, AWS has kindly provided two repositories on Github to show the world how the “optimisation” is done and allow anyone to modify it to their whims as long as it has the necessary setup to connect to the EKS control plane.
In this article, we will be referring to the second repository on creating an EKS Worker Node AMI out of a customised Amazon Linux 2 image. Lucky for us, AWS’s repository has mostly simplified the working steps. With a simple command of make and prerequisite of packer installed, a new AMI can be generated easily.
Step 1
We first look at eks-worker-al2.json , this is the default Packer configuration file provided by AWS:
### eks-worker-al2.json
"source_ami_id": "",
"source_ami_owners": "137112412989",
"source_ami_filter_name": "amzn2-ami-minimal-hvm-*",We make changes to the above 3 lines to look for the customised AMI that we want to pack for EKS’s usage.
Step 2
We now move on to the Makefile provided in the repository. By default, the file generates a list of customised AMIs based on each Kubernetes version. As I only need for a specific version like 1.17, we remove the other version from the line.
### Makefile.PHONY: all
all: 1.17Step 3
Configure your AWS Credentials and you are ready to go! (Make sure they have the iam:PassRole and the necessary EC2 permissions!) You can refer to the following as a reference:
Tip
By default again, Packer does not provide a straightforward way to retrieve the newly created AMI ID. It does save the output to a manifest.json file which provides further information. Hence we can take the newest AMI ID generated with the following command:
cat manifest.json | jq -r " .builds[-1].artifact_id" | cut -d':' -f2 In the next article, we work on using Terraform to create Launch Template with this custom AMI ID.
