-
Notifications
You must be signed in to change notification settings - Fork 166
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Cas Lubbers
committed
May 7, 2024
1 parent
ca3f2e4
commit 728b08d
Showing
5 changed files
with
260 additions
and
118 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -6,4 +6,3 @@ | |
/adr | ||
/docs | ||
/env | ||
/tools |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,150 @@ | ||
# syntax=docker/dockerfile:1.6 | ||
# The above is needed for the "--checksum" argument to work in the ADD instruction | ||
FROM ubuntu:20.04 | ||
|
||
ARG DEBIAN_FRONTEND=noninteractive | ||
|
||
ARG TARGETPLATFORM | ||
ARG TARGETARCH | ||
ARG BUILDPLATFORM | ||
|
||
RUN apt-get update && apt-get install -y curl | ||
|
||
ARG ARCH=${TARGETARCH} | ||
|
||
# https://github.com/kubernetes/kubernetes/releases | ||
ARG KUBECTL_VERSION=1.26.9 | ||
# https://github.com/helm/helm/tags | ||
ARG HELM_VERSION=3.12.3 | ||
# https://github.com/databus23/helm-diff/releases | ||
ARG HELM_DIFF_VERSION=3.8.0 | ||
# https://github.com/jkroepke/helm-secrets/releases | ||
ARG HELM_SECRETS_VERSION=3.15.0 | ||
# https://github.com/mozilla/sops/releases | ||
ARG SOPS_VERSION=3.7.3 | ||
# https://github.com/noqcks/gucci/releases | ||
ARG GUCCI_VERSION=1.6.6 | ||
# https://github.com/helmfile/helmfile/releases | ||
ARG HELMFILE_VERSION=0.156.0 | ||
# https://github.com/open-policy-agent/opa/releases | ||
ARG OPA_VERSION=0.50.1 | ||
# https://github.com/yannh/kubeconform/releases | ||
ARG KUBECONFORM_VERSION="v0.6.4" | ||
# https://github.com/open-policy-agent/conftest/releases | ||
ARG CONFTEST_VERSION=0.39.2 | ||
# https://github.com/plexsystems/konstraint/releases | ||
ARG KONSTRAINT_VERSION=0.26.0 | ||
# https://nodejs.org/en/download/ | ||
ARG NODE_VERSION=16 | ||
|
||
ARG HELM_FILE_NAME=helm-v${HELM_VERSION}-linux-${TARGETARCH}.tar.gz | ||
|
||
WORKDIR / | ||
|
||
RUN apt-get update -qq \ | ||
&& apt install --reinstall coreutils \ | ||
&& apt install -qqy --no-install-recommends \ | ||
apache2-utils \ | ||
apt-transport-https \ | ||
awscli \ | ||
ca-certificates \ | ||
curl \ | ||
gettext \ | ||
git \ | ||
gnupg \ | ||
gnupg2 \ | ||
groff \ | ||
locales \ | ||
nano \ | ||
netcat \ | ||
openssh-server \ | ||
python3 \ | ||
python3-pip \ | ||
python3-setuptools \ | ||
rlwrap \ | ||
vim \ | ||
nano \ | ||
groff \ | ||
rsync \ | ||
&& rm -rf /var/lib/apt/lists/* | ||
|
||
# set locale | ||
RUN locale-gen en_US.UTF-8 | ||
|
||
# jq | ||
#TODO check this one | ||
RUN jq_download_url="https://github.com/jqlang/jq/releases/download/jq-1.7.1/jq-linux-${TARGETARCH}" && \ | ||
if [ "${TARGETARCH}" = "amd64" ]; then \ | ||
jq_expected_checksum="5942c9b0934e510ee61eb3e30273f1b3fe2590df93933a93d7c58b81d19c8ff5"; \ | ||
elif [ "${TARGETARCH}" = "arm64" ]; then \ | ||
jq_expected_checksum="4dd2d8a0661df0b22f1bb9a1f9830f06b6f3b8f7d91211a1ef5d7c4f06a8b4a5"; \ | ||
else \ | ||
echo "Unsupported TARGETARCH: ${TARGETARCH}" >&2; exit 1; \ | ||
fi && \ | ||
curl -L "${jq_download_url}" --output /usr/bin/jq && \ | ||
echo "${jq_expected_checksum} /usr/bin/jq" | sha256sum -c - && \ | ||
chmod +x /usr/bin/jq | ||
|
||
# yq | ||
COPY --from=mikefarah/yq:4 /usr/bin/yq /usr/bin/yq | ||
|
||
RUN mkdir -p /home/app | ||
RUN groupadd -r app &&\ | ||
useradd -r -g app -d /home/app -s /sbin/nologin -c "Docker image user" app | ||
ENV HOME=/home/app | ||
ENV APP_HOME=/home/app/tools | ||
RUN mkdir $APP_HOME | ||
WORKDIR $APP_HOME | ||
ENV PATH $PATH:$APP_HOME | ||
|
||
# kubectl | ||
RUN curl -LO "https://dl.k8s.io/release/v$KUBECTL_VERSION/bin/linux/$TARGETARCH/kubectl" && \ | ||
curl -LO "https://dl.k8s.io/release/v$KUBECTL_VERSION/bin/linux/$TARGETARCH/kubectl.sha256" && \ | ||
echo "$(cat kubectl.sha256) kubectl" | sha256sum --check && \ | ||
chmod +x kubectl | ||
|
||
# sops | ||
ADD https://github.com/mozilla/sops/releases/download/v${SOPS_VERSION}/sops-v${SOPS_VERSION}.linux sops | ||
RUN chmod +x sops | ||
|
||
# helm | ||
ADD https://get.helm.sh/${HELM_FILE_NAME} /tmp | ||
RUN tar -zxvf /tmp/${HELM_FILE_NAME} -C /tmp && mv /tmp/linux-${TARGETARCH}/helm helm && rm -rf /tmp/* | ||
RUN helm plugin install https://github.com/databus23/helm-diff --version ${HELM_DIFF_VERSION} | ||
RUN echo "exec \$*" > /usr/bin/sudo && chmod +x /usr/bin/sudo | ||
RUN helm plugin install https://github.com/jkroepke/helm-secrets --version ${HELM_SECRETS_VERSION} | ||
|
||
# helmfile | ||
ADD https://github.com/helmfile/helmfile/releases/download/v${HELMFILE_VERSION}/helmfile_${HELMFILE_VERSION}_linux_${TARGETARCH}.tar.gz /tmp | ||
RUN tar -zxvf /tmp/helmfile_${HELMFILE_VERSION}_linux_${TARGETARCH}.tar.gz -C /tmp && mv /tmp/helmfile helmfile | ||
|
||
# gucci | ||
ADD https://github.com/noqcks/gucci/releases/download/${GUCCI_VERSION}/gucci-v${GUCCI_VERSION}-linux-${TARGETARCH} gucci | ||
RUN chmod +x gucci | ||
|
||
# aws | ||
RUN pip3 install --upgrade --no-cache-dir awscli | ||
|
||
# aws-iam-authenticator | ||
ADD https://s3.us-west-2.amazonaws.com/amazon-eks/1.21.2/2021-07-05/bin/linux/${TARGETARCH}/aws-iam-authenticator aws-iam-authenticator | ||
RUN chmod +x aws-iam-authenticator | ||
|
||
# kubeconform | ||
ADD https://github.com/yannh/kubeconform/releases/download/v0.6.4/kubeconform-linux-${TARGETARCH}.tar.gz /tmp | ||
RUN tar -zxvf /tmp/kubeconform-linux-${TARGETARCH}.tar.gz -C /tmp && mv /tmp/kubeconform kubeconform | ||
|
||
# node | ||
# https://github.com/nodesource/distributions | ||
RUN set -uex && \ | ||
mkdir -p /etc/apt/keyrings && \ | ||
curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg && \ | ||
NODE_MAJOR=${NODE_VERSION} && \ | ||
echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_$NODE_MAJOR.x nodistro main" > /etc/apt/sources.list.d/nodesource.list && \ | ||
apt-get update && \ | ||
apt-get install nodejs -y && \ | ||
npm install -g ajv-cli@v3.3.0 json-dereference-cli@0.1.2 zx | ||
|
||
RUN chown -R app:app /home/app | ||
USER app | ||
|
||
CMD "/bin/bash" |
Oops, something went wrong.