Build Content Bundle
Content bundles are archives of all the required container images required for one or more cluster profiles. The content bundle includes Helm charts, Packs, and manifest files needed to deploy your Edge host cluster. In addition to core container images, the content bundle can include artifacts from your applications that you wish to deploy to the Edge cluster. Cluster Profiles are the primary source for building these content bundles.
Currently, the content bundles include Helm charts and Packs. However, keep in mind that the container images of the Helm Charts and Packs are extracted and predeployed into the container runtime containerd for optimization. In the future, Palette will include a built-in OCI registry to host Helm Charts and other artifacts to avoid downloading these from the internet if included in a content bundle
Benefits of Content Bundle
Creating a content bundle provides several benefits that may address common use cases related to deploying Edge hosts.
-
Preloading required software dependencies removes the need to download assets during cluster deployment.
-
If connectivity to a container registry is unstable or bandwidth limited, preloading the software dependencies can address these concerns.
-
Preloading required software dependencies optimizes the Edge host deployment process when the Edge host is in an internet bandwidth-constrained environment.
-
Organizations that want better control over the software used by their Edge hosts can use content bundles to ensure that only approved software is consumed.
Prerequisites
-
Linux Machine (Physical or VM) with an AMD64 architecture.
-
Palette API key. Refer to the User Authentication resource to learn how to create a Palette API key.
-
An Edge Native cluster profile. Refer to Create Edge Native Cluster Profile guide to learn how to create an Edge Native cluster profile. You may also have other add-on profiles that you wish to attach to your cluster.
-
Content tags in your profiles highlight the exact location of container images to be downloaded.
Create Content Bundle
-
Download Palette Edge Content CLI and assign the executable bit to the CLI.
VERSION=4.1.2
wget https://software.spectrocloud.com/stylus/v$VERSION/cli/linux/palette-edge
chmod +x palette-edge -
Log in to Palette.
-
Select the project you want to deploy the Edge host to and copy down the Project ID. You can find the project id at the top right side corner of the landing page below the User drop-down Menu.
-
Navigate to the left Main Menu and select Profiles.
-
Use the Cloud Types drop-down Menu and select Edge Native.
-
Click on the cluster profile you want to include in the content bundle.
-
You can find the cluster profile ID by reviewing the URL of the current page. The cluster profile ID is the last value in the URL. Repeat this step for all the cluster profiles you want to specify in the content bundle.
https://console.spectrocloud.com/projects/yourProjectId/profiles/cluster/<YourClusterProfileHere>
-
(Optional) If your cluster profile uses images or helm charts that are hosted on private registries that require authentication, you must provide a JSON file that contains the necessary credentials to access the registry.
- Helm
- Image
For authenticated access to Helm charts, your must provide credentials with the following schema. Use a key at the root level of the JSON object named "helm" and set its value to a list. The list is a list of credentials for each Helm chart repository. For each set of credentials, use an object in the list with the keys "endpoint", "username", and "password".
{
"helm": [
{
"endpoint": <Registry URL>,
"username": <Registry username>,
"password": <Password>
}
]
}For example, the following JSON code is a valid set of credentials.
{
"helm": [
{
"endpoint": "harbor.abcd.com",
"username": "admin",
"password": "xxxxxxxx"
}
]
}For image registries, you must provide credentials with the following schema. Provide a key at the root level of the JSON object named "image" and set its value to a list. The list is a list of credentials for each Helm chart repository. For each set of credentials, use an object in the list with the keys "endpoint", "username", and "password".
{
"image": [
{
"endpoint": <Registry URL>,
"username": <Registry username>,
"password": <Password>
}
]
}For example, the following JSON code provides access to two registries
ttl.sh
anddocker.io
with two username-password pairs.{
"image": [
{
"endpoint": "ttl.sh",
"username": "admin",
"password": "Welc0me!123"
},
{
"endpoint": "docker.io",
"username": "akhileshpvt",
"password": "Lucent122333!"
}
]
}For Google Container Registry (GCR) access, you need to set the username field to
"_json_key"
and set the password to an JSON object containing the following fields.Field Description type
The type of credential, which is service_account
for Google Cloud service accounts.project_id
The project ID associated with your Google Cloud project. For example, spectro-images
.private_key_id
A unique identifier for the private key associated with the service account. private_key
The private key that is used to authenticate to Google Cloud services, encapsulated in a PEM block. client_email
The email address associated with the service account, used for authentication. client_id
The client ID associated with the service account. auth_uri
The URI for the authentication provider, typically Google's OAuth 2.0 server. token_uri
The URI for obtaining tokens from Google's OAuth 2.0 server. auth_provider_x509_cert_url
The URL of the public x509 certificate for the authentication provider. client_x509_cert_url
The URL of the public x509 certificate for the client (service account). For example, the following is a valid set of credentials for a GCR registry.
{
"image": [
{
"endpoint": "gcr.io",
"username": "_json_key",
"password": {
"type": "service_account",
"project_id": "spectro-images",
"private_key_id": "847c09190xxxxxxxxxxxxc4ebc",
"private_key": "-----BEGIN KEY-----MIIEvQIBADA ... -----Shortened for brevity",
"client_email": "xxx.iam.gserviceaccount.com",
"client_id": "115830xxxxxxx340453",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/spectro-images-viewer%40spectro-images.iam.gserviceaccount.com"
}
}
]
} -
Navigate back to your terminal window and issue the following command to create the content bundle. Replace the placeholder values with your actual values.
infoThere are several Spectro Cloud CLI flags that you can use to customize the content bundle. Use the command
./palette-edge build --help
to learn more about the available flags../palette-edge build --api-key <API_KEY> \
--project-id <PROJECT_ID> \
--cluster-profile-ids <CLUSTER_PROFILE_ID1,CLUSTER_PROFILE_ID2...> \
--palette-endpoint <Palette API Endpoint> \
--outfile <bundle-name>.tar \
--include-palette-content \
--iso# Output
INFO[0000] getting hubble export for build
INFO[0000] Fetching latest version for service 'stylus'
INFO[0000] stylus version: 3.4.3
INFO[0000] Fetching manifest for service stylus and version 3.4.3 for action resources
INFO[0000] Fetching manifest of service stylus and version '3.4.3' for action resources
INFO[0000] Fetching manifest from service stylus and version '3.4.3' for action resources with file name images.yaml
INFO[0000] Get manifest with file name: images.yaml
INFO[0000] Get manifest with file content: image: gcr.io/spectro-images-public/stylus:v3.4.3
INFO[0002] successfully pulled image : gcr.io/spectro-images-public/calico/cni:v3.25.0
...
...
INFO[0143] Total translation table size: 0
INFO[0143] Total rockridge attributes bytes: 272
INFO[0143] Total directory bytes: 0
INFO[0143] Path table size(bytes): 10
INFO[0143] Max brk space used 0
INFO[0143] 872027 extents written (1703 MB)
INFO[0144] ISO file created successfully
The result is a content bundle that you can use to preload into your installer. For more information, refer to Build Edge Artifacts with Content Bundle or Build Installer ISO. Our Tech Preview feature local UI also allows you to upload content bundles to a disconnected Edge deployment.
Alternatively, you can use the ISO version of the content bundle and transfer it to a USB drive to be used separately at the time of Edge host installation.
Validate
You can validate that the ISO image has not been corrupted by attempting to flash a bootable device. Most software that creates a bootable device will validate the ISO image before the flash process.
Next Steps
Your next step is to build the Edge artifacts so that you can deploy an Edge host. To create an Edge artifacts, check out the Build Images guide.