This directory contains an example that creates a GCE image using HashiCorp Packer.
Example Packer build is using HCL2 syntax and creates GCE image basing on Ubuntu Linux.
Note: This example assumes that you have built the packer build step and pushed it to
gcr.io/$PROJECT_ID/packer.
It also assumes that default VPC network exists and firewall allows SSH ingress traffic.
Below steps create an example Packer service account using gcloud.
Cloud Build will impersonate Packer's service account
to run Packer acting as a given service account.
-
Set GCP project variables. Substitute
my-projectwith your project identifier.export PROJECT_ID=my-project export PROJECT_NUMBER=`gcloud projects list --filter="$PROJECT_ID" --format="value(PROJECT_NUMBER)"`
-
Create Service Account for Packer
gcloud iam service-accounts create packer --description "Packer image builder" -
Grant roles to Packer's Service Account
gcloud projects add-iam-policy-binding $PROJECT_ID \ --role="roles/compute.instanceAdmin.v1" \ --member="serviceAccount:packer@${PROJECT_ID}.iam.gserviceaccount.com" gcloud projects add-iam-policy-binding $PROJECT_ID \ --role="roles/iam.serviceAccountUser" \ --member="serviceAccount:packer@${PROJECT_ID}.iam.gserviceaccount.com"
-
Allow CloudBuild to impersonate Packer service account
gcloud iam service-accounts add-iam-policy-binding \ packer@${PROJECT_ID}.iam.gserviceaccount.com \ --role="roles/iam.serviceAccountTokenCreator" \ --member="serviceAccount:${PROJECT_NUMBER}@cloudbuild.gserviceaccount.com"
-
Adjust packer variables
Edit provided
variables.pkrvars.hclexample file and set following variables accordingly:project_id- identifier of your projectzone- GCP Compute Engine zone for packer instancebuilder_sa- Packer's service account email in a format ofname@{PROJECT_ID}.iam.gserviceaccount.com
-
Run the build
gcloud builds submit --config=cloudbuild.yaml .