Add CUSTOM.md

CUSTOM.md

@@ -0,0 +1,42 @@
+# Custom Cloud Images
+When creating a "cloud image" that is intended to be as dynamic as possible for various environments and custom deployments, there are several key considerations and components to include. Here's a summary of what's required:
+
+### 1. **Base Operating System**
+   - Choose a minimal installation of a well-supported OS (e.g., Ubuntu, Debian, Fedora) that’s widely compatible with various cloud platforms.
+   - Strip down unnecessary packages to keep the image lightweight and reduce attack surfaces.
+
+### 2. **Cloud-Init Configuration**
+   - **Cloud-Init**: This is the industry-standard tool for initializing cloud instances. It should be installed and properly configured in the image. Cloud-init allows for dynamic configuration of network settings, SSH keys, user data, hostname, and more when the image is deployed.
+   - Ensure that the `cloud.cfg` file is set up to handle common initialization tasks such as setting the hostname, user account creation, SSH key injection, and package installation.
+
+### 3. **Default User and SSH Configuration**
+   - **Default User**: Set up a default user (e.g., `ubuntu`, `debian`, etc.) with sudo privileges. Ensure that this user can be easily overridden via cloud-init.
+   - **SSH Key Injection**: Ensure the image is configured to accept SSH keys through cloud-init or similar initialization systems to facilitate secure remote access.
+
+### 4. **Networking**
+   - **Dynamic Networking Configuration**: Use DHCP for network configuration by default, but ensure that cloud-init can dynamically reconfigure network settings during initialization.
+   - **No Hardcoded Network Configurations**: Avoid hardcoding IP addresses or other network configurations to maintain flexibility.
+
+### 5. **Disk Partitioning**
+   - **Growable Partitions**: Configure the disk partition to automatically resize on first boot to use all available disk space, ensuring that the image can be deployed on varying disk sizes without manual intervention.
+
+### 6. **Package Management and Updates**
+   - **Minimal Set of Packages**: Include only essential packages and dependencies. This ensures that the image is lean and reduces potential attack vectors.
+   - **Automatic Updates**: Depending on your security posture, configure the image to apply security updates automatically. However, this should be easily overridden or managed by the user.
+
+### 7. **Security Configurations**
+   - **Disable Root Login**: Ensure that root login via SSH is disabled by default to enhance security.
+   - **Firewall and SELinux**: Configure basic firewall rules and SELinux/AppArmor to enforce security policies out-of-the-box. However, these should be configurable during the deployment.
+
+### 8. **Customization Options**
+   - **Pre-Installed Tools**: Depending on the use case, you might include pre-installed tools (e.g., monitoring agents, logging tools) that can be customized through cloud-init scripts.
+   - **Custom Scripts**: Allow for custom scripts to be run during the first boot, providing flexibility to install additional software or apply specific configurations as needed.
+
+### 9. **Testing and Validation**
+   - Before distributing the image, thoroughly test it in various environments to ensure compatibility and functionality. This includes testing with different cloud-init configurations, network setups, and disk sizes.
+
+### 10. **Documentation**
+   - Provide clear documentation that outlines how to use the image, including how to pass custom configurations via cloud-init, what defaults are set, and how users can modify the image for their needs.
+
+### Summary:
+By following these guidelines, you can create a cloud image that is versatile, secure, and easy to use in a variety of cloud environments. The focus should be on ensuring that the image can be dynamically configured at deployment time, minimizing the need for manual intervention post-deployment.