Container image sources used across the platform (CI/CD pipelines, cluster ops, developer workflows). Each subdirectory = one image with its own Dockerfile, optional Makefile, and README.
| Directory | Purpose | Notes |
|---|---|---|
utils/ |
Multi-cloud & Kubernetes ops toolbox (kubectl, argocd, eksctl, aws, gcloud, az, gh, yq, etc.) | Version-pinned via build args; supports multi-arch builds |
# Build (defaults)
make -C utils build IMAGE_NAME=utils TAG=dev
# Override a tool version
make -C utils build TAG=dev BUILD_ARGS='--build-arg KUBECTL_VERSION=v1.32.0'
# Push
make -C utils push REGISTRY=ghcr.io/myorg IMAGE_NAME=utils TAG=dev
# Multi-arch push
make -C utils multi-arch REGISTRY=ghcr.io/myorg IMAGE_NAME=utils TAG=v1.0.0Run ephemeral container:
docker run --rm -it \
-v $HOME/.kube:/root/.kube \
-v $HOME/.aws:/root/.aws \
vaibhavthakur/utils:dev bash- Create a directory:
mkdir <name> - Add
Dockerfile(pin base + primary tooling versions) - Add
README.md(purpose, tools, usage) - (Optional) Add
Makefilepatterned afterutils/for build/push/multi-arch - Test locally; consider
docker scout/ Trivy scan - Open PR / commit with concise changelog message
- Prefer semantic tags for stable (
vX.Y.Z) and-rcor date tags for prerelease - Add a git SHA tag (
make push-sha) for immutable references - Keep README tables in sync with default ARG versions
- Pin exact versions and/or image digests (
FROM ubuntu@sha256:<digest>) - Use multi-stage builds to discard build-only layers
- Drop privileges (non-root user) when runtime tooling permits
- Minimize layer count & remove package manager caches
- Scan regularly (e.g., Trivy / Grype) and patch promptly
See utils/Dockerfile ARG declarations (kubectl, argocd, eksctl, aws cli, etc.). Use make print-versions to list them.
- Lint Dockerfiles (hadolint)
- Build & scan on PR
- Multi-arch publish on merge to main
- Optional SBOM generation (syft) & provenance (SLSA / cosign)
Each image inherits upstream tool licenses; repository content itself MIT unless overridden in a subdirectory.