-
Notifications
You must be signed in to change notification settings - Fork 7
Expand file tree
/
Copy pathDockerfile
More file actions
373 lines (304 loc) · 12.9 KB
/
Dockerfile
File metadata and controls
373 lines (304 loc) · 12.9 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
# Cloud environment container
# Provides a suite of cloud tools for AWS, GCP and Kubernetes
FROM debian:trixie-20260316-slim
WORKDIR /usr/bin/
# Install base packages and deps
RUN apt-get update \
&& apt-get install --no-install-recommends -y \
bash \
bash-completion \
bind9-utils \
ca-certificates \
coreutils \
curl \
diffutils \
fish \
fzf \
git \
gnupg \
groff \
iputils-ping \
iputils-tracepath \
keychain \
less \
make \
net-tools \
nmap \
openssh-client \
python3-pip \
tmux \
tzdata \
unzip \
vim \
wget \
zsh \
&& apt-get clean
# Install pip apps
RUN pip install --no-cache-dir --break-system-packages \
aws-okta-keyman \
aws-sam-cli \
ec2instanceconnectcli \
keyrings.cryptfile \
aws-export-credentials \
cookiecutter \
datadog \
okta-awscli \
&& curl -o /usr/local/bin/ecs-cli https://s3.amazonaws.com/amazon-ecs-cli/ecs-cli-linux-amd64-latest \
&& chmod +x /usr/local/bin/ecs-cli \
&& mkdir -p /etc/bash_completion.d
# Install KUBECTL
# From https://storage.googleapis.com/kubernetes-release/release/stable.txt
# curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl
ENV KUBECTL_VERSION 1.31.0
ENV KUBECTL_URL https://storage.googleapis.com/kubernetes-release/release/v$KUBECTL_VERSION/bin/linux/amd64
ENV KUBECTL_FILENAME kubectl
ENV KUBECTL_SHA256 7c27adc64a84d1c0cc3dcf7bf4b6e916cc00f3f576a2dbac51b318d926032437
RUN wget $KUBECTL_URL/$KUBECTL_FILENAME \
&& echo "$KUBECTL_SHA256 ./$KUBECTL_FILENAME" | sha256sum -c - \
&& chmod +x ./$KUBECTL_FILENAME \
&& kubectl completion bash > /etc/bash_completion.d/kubectl
# Install HELM
# From https://github.com/helm/helm/releases
ENV HELM_VERSION 4.1.3
ENV HELM_URL https://get.helm.sh
ENV HELM_FILENAME helm-v${HELM_VERSION}-linux-amd64.tar.gz
ENV HELM_SHA256 02ce9722d541238f81459938b84cf47df2fdf1187493b4bfb2346754d82a4700
RUN wget $HELM_URL/$HELM_FILENAME \
&& echo "$HELM_SHA256 ./$HELM_FILENAME" | sha256sum -c - \
&& tar -xzf $HELM_FILENAME \
&& mv ./linux-amd64/helm ./ \
&& rm -rf ./linux-amd64 \
&& rm -f $HELM_FILENAME \
&& chmod +x ./helm \
&& helm completion bash > /etc/bash_completion.d/helm
# Install terraform
# From https://www.terraform.io/downloads.html
ENV TERRAFORM_VERSION 1.14.7
ENV TERRAFORM_URL https://releases.hashicorp.com/terraform/$TERRAFORM_VERSION
ENV TERRAFORM_FILENAME terraform_${TERRAFORM_VERSION}_linux_amd64.zip
ENV TERRAFORM_SHA256 e8bbcefea8015156e04e2a325cde37a0b2fb761728bda548e2fe3b8ad7c18c96
RUN wget $TERRAFORM_URL/$TERRAFORM_FILENAME \
&& echo "$TERRAFORM_SHA256 ./$TERRAFORM_FILENAME" | sha256sum -c - \
&& unzip ./$TERRAFORM_FILENAME \
&& rm ./$TERRAFORM_FILENAME \
&& chmod +x ./terraform
# Install terragrunt
# From https://github.com/gruntwork-io/terragrunt/releases
ENV TERRAGRUNT_VERSION 0.99.4
ENV TERRAGRUNT_URL https://github.com/gruntwork-io/terragrunt/releases/download/v$TERRAGRUNT_VERSION
ENV TERRAGRUNT_FILENAME terragrunt_linux_amd64
ENV TERRAGRUNT_SHA256 97d2c54a657f8a3afcf96f4dd5d9d3b9a0df1fe28a95345289e45eb340e93856
RUN wget $TERRAGRUNT_URL/$TERRAGRUNT_FILENAME \
&& echo "$TERRAGRUNT_SHA256 ./$TERRAGRUNT_FILENAME" | sha256sum -c - \
&& mv ./$TERRAGRUNT_FILENAME ./terragrunt \
&& chmod +x ./terragrunt
# Install packer
# From https://www.packer.io/downloads.html
ENV PACKER_VERSION 1.15.0
ENV PACKER_URL https://releases.hashicorp.com/packer/$PACKER_VERSION
ENV PACKER_FILENAME packer_${PACKER_VERSION}_linux_amd64.zip
ENV PACKER_SHA256 2fd1149c5c6c7604ced64d7b56638af05f6b7ed3f6835182bc913ddaba1f16b8
RUN wget $PACKER_URL/$PACKER_FILENAME \
&& echo "$PACKER_SHA256 ./$PACKER_FILENAME" | sha256sum -c - \
&& unzip -o ./$PACKER_FILENAME \
&& rm ./$PACKER_FILENAME \
&& chmod +x ./packer
# Install aws-iam-authenticator
# From https://docs.aws.amazon.com/eks/latest/userguide/install-aws-iam-authenticator.html
# https://github.com/kubernetes-sigs/aws-iam-authenticator/releases
ENV AWS_IAM_AUTH_VERSION 0.7.12
ENV AWS_IAM_AUTH_URL https://github.com/kubernetes-sigs/aws-iam-authenticator/releases/download/v${AWS_IAM_AUTH_VERSION}
ENV AWS_IAM_AUTH_FILENAME aws-iam-authenticator_${AWS_IAM_AUTH_VERSION}_linux_amd64
ENV AWS_IAM_AUTH_SHA256 73cca6175225ac72f4e0b8b23ca214043a98097ce6047d159b1bb3abde1bfce5
RUN wget $AWS_IAM_AUTH_URL/$AWS_IAM_AUTH_FILENAME \
&& echo "$AWS_IAM_AUTH_SHA256 ./$AWS_IAM_AUTH_FILENAME" | sha256sum -c - \
&& chmod +x ./${AWS_IAM_AUTH_FILENAME} \
&& mv ./${AWS_IAM_AUTH_FILENAME} ./aws-iam-authenticator
# Install Kubectx
# From https://github.com/ahmetb/kubectx/releases
ENV KUBECTX_VERSION 0.10.0
ENV KUBECTX_URL https://github.com/ahmetb/kubectx/archive
ENV KUBECTX_FILENAME v${KUBECTX_VERSION}.tar.gz
ENV KUBECTX_SHA256 efcedc14a1cb7e4d0c9b0e8b50fbecf5a24b337f8df7b018fb70a50420fcd27a
RUN wget $KUBECTX_URL/$KUBECTX_FILENAME \
&& echo "$KUBECTX_SHA256 ./$KUBECTX_FILENAME" | sha256sum -c - \
&& tar -xzf ./$KUBECTX_FILENAME \
&& rm ./$KUBECTX_FILENAME \
&& cp ./kubectx-${KUBECTX_VERSION}/completion/kubectx.bash /etc/bash_completion.d/kubectx \
&& cp ./kubectx-${KUBECTX_VERSION}/completion/kubens.bash /etc/bash_completion.d/kubens \
&& cp ./kubectx-${KUBECTX_VERSION}/kubectx . \
&& cp ./kubectx-${KUBECTX_VERSION}/kubens . \
&& rm -rf ./kubectx-${KUBECTX_VERSION} \
&& chmod +x ./kubectx \
&& chmod +x ./kubens
# Install kompose
# From https://github.com/kubernetes/kompose/releases
ENV KOMPOSE_VERSION 1.38.0
ENV KOMPOSE_URL https://github.com/kubernetes/kompose/releases/download/v${KOMPOSE_VERSION}
ENV KOMPOSE_FILENAME kompose-linux-amd64
ENV KOMPOSE_SHA256 65a6a720605bead3964e8b22d423a0763de451a236fe03de902e366cf3d9c147
RUN wget $KOMPOSE_URL/$KOMPOSE_FILENAME \
&& echo "$KOMPOSE_SHA256 ./$KOMPOSE_FILENAME" | sha256sum -c - \
&& chmod +x ./${KOMPOSE_FILENAME} \
&& mv ./${KOMPOSE_FILENAME} ./kompose \
&& kompose completion bash > /etc/bash_completion.d/kompose
# Install k9s
# From https://github.com/derailed/k9s/releases
ENV K9S_VERSION 0.50.18
ENV K9S_URL https://github.com/derailed/k9s/releases/download/v${K9S_VERSION}
ENV K9S_FILENAME k9s_Linux_amd64.tar.gz
ENV K9S_SHA256 0b697ed4aa80997f7de4deeed6f1fba73df191b28bf691b1f28d2f45fa2a9e9b
RUN wget $K9S_URL/$K9S_FILENAME \
&& echo "$K9S_SHA256 ./$K9S_FILENAME" | sha256sum -c - \
&& tar -xzf ./${K9S_FILENAME} \
&& chmod +x ./k9s \
&& rm -f LICENSE \
&& rm -f README.md \
&& rm -f ./${K9S_FILENAME}
# Install flux2
# From https://github.com/fluxcd/flux2/releases
ENV FLUX2_VERSION 2.8.3
ENV FLUX2_URL https://github.com/fluxcd/flux2/releases/download/v${FLUX2_VERSION}
ENV FLUX2_FILENAME flux_${FLUX2_VERSION}_linux_amd64.tar.gz
ENV FLUX2_SHA256 e8b3f87ae73f37656af087cec1bd82ce9034860c2a5d427042d2ee9135fcc8bc
RUN wget $FLUX2_URL/$FLUX2_FILENAME \
&& echo "$FLUX2_SHA256 ./$FLUX2_FILENAME" | sha256sum -c - \
&& tar -xzf ./${FLUX2_FILENAME} \
&& chmod +x ./flux \
&& rm -f ./${FLUX2_FILENAME}
# Install kubespy
# From https://github.com/pulumi/kubespy/releases
ENV KUBESPY_VERSION 0.6.3
ENV KUBESPY_URL https://github.com/pulumi/kubespy/releases/download/v${KUBESPY_VERSION}
ENV KUBESPY_FILENAME kubespy-v${KUBESPY_VERSION}-linux-amd64.tar.gz
ENV KUBESPY_SHA256 a1e9a38fd9afddeaec6c5c992aee8cb9ddaeabf9d6f122241754426a79d9b86e
RUN wget $KUBESPY_URL/$KUBESPY_FILENAME \
&& echo "$KUBESPY_SHA256 ./$KUBESPY_FILENAME" | sha256sum -c - \
&& tar -xzf ./${KUBESPY_FILENAME} \
&& chmod +x ./kubespy \
&& rm -f ./${KUBESPY_FILENAME} ./LICENSE ./README.md
# Install eksctl
# From https://github.com/eksctl-io/eksctl/releases
ENV EKSCTL_VERSION 0.224.0
ENV EKSCTL_URL https://github.com/eksctl-io/eksctl/releases/download/v${EKSCTL_VERSION}
ENV EKSCTL_FILENAME eksctl_Linux_amd64.tar.gz
ENV EKSCTL_SHA256 70078b3b31f2812aa6849b016a9c97f37810481114635a59437beab2836f08d0
RUN wget $EKSCTL_URL/$EKSCTL_FILENAME \
&& echo "$EKSCTL_SHA256 ./$EKSCTL_FILENAME" | sha256sum -c - \
&& tar -xzf ./${EKSCTL_FILENAME} \
&& chmod +x ./eksctl \
&& rm -f ./${EKSCTL_FILENAME} \
&& eksctl completion bash > /etc/bash_completion.d/eksctl
# Install the AWS session manager plugin
ENV AWSSMP_VERSION 1.2.536.0
ENV AWSSMP_URL https://s3.amazonaws.com/session-manager-downloads/plugin/${AWSSMP_VERSION}/ubuntu_64bit
ENV AWSSMP_FILENAME session-manager-plugin.deb
ENV AWSSMP_SHA256 c49839338045e4ef4e44c3aec7574919add1c45c4b0b979e9c84ea53fb75553b
RUN wget $AWSSMP_URL/$AWSSMP_FILENAME \
&& echo "$AWSSMP_SHA256 ./$AWSSMP_FILENAME" | sha256sum -c - \
&& dpkg -i ./${AWSSMP_FILENAME} \
&& rm ./$AWSSMP_FILENAME
# Install cloud-nuke
ENV CLOUD_NUKE_VERSION 0.46.0
ENV CLOUD_NUKE_URL https://github.com/gruntwork-io/cloud-nuke/releases/download/v${CLOUD_NUKE_VERSION}
ENV CLOUD_NUKE_FILENAME cloud-nuke_linux_amd64
ENV CLOUD_NUKE_SHA256 6d2c12f2c4ee8da489425a6229a288f807b75af374a5608ba3fa7f2997a05548
ENV DISABLE_TELEMETRY TRUE
RUN wget $CLOUD_NUKE_URL/$CLOUD_NUKE_FILENAME \
&& echo "$CLOUD_NUKE_SHA256 ./$CLOUD_NUKE_FILENAME" | sha256sum -c - \
&& chmod +x ./${CLOUD_NUKE_FILENAME} \
&& mv ./${CLOUD_NUKE_FILENAME} ./cloud-nuke
# Install confd
ENV CONFD_VERSION 0.16.0
ENV CONFD_URL https://github.com/kelseyhightower/confd/releases/download/v$CONFD_VERSION
ENV CONFD_FILENAME confd-$CONFD_VERSION-linux-amd64
ENV CONFD_SHA256 255d2559f3824dd64df059bdc533fd6b697c070db603c76aaf8d1d5e6b0cc334
RUN wget $CONFD_URL/$CONFD_FILENAME \
&& echo "$CONFD_SHA256 ./$CONFD_FILENAME" | sha256sum -c - \
&& mv ./$CONFD_FILENAME /usr/bin/confd \
&& chmod +x /usr/bin/confd \
&& mkdir -p /etc/confd/conf.d \
&& mkdir -p /etc/confd/templates
# Install terraform-docs
ENV TERRAFORM_DOCS_VERSION 0.21.0
ENV TERRAFORM_DOCS_URL https://github.com/terraform-docs/terraform-docs/releases/download/v$TERRAFORM_DOCS_VERSION
ENV TERRAFORM_DOCS_FILENAME terraform-docs-v${TERRAFORM_DOCS_VERSION}-linux-amd64.tar.gz
ENV TERRAFORM_DOCS_SHA256 2fdd81b8d21ff1498cd559af0dcc5d155835f84600db06d3923e217124fc735a
RUN wget $TERRAFORM_DOCS_URL/$TERRAFORM_DOCS_FILENAME \
&& echo "$TERRAFORM_DOCS_SHA256 ./$TERRAFORM_DOCS_FILENAME" | sha256sum -c - \
&& tar -xzf ./$TERRAFORM_DOCS_FILENAME \
&& chmod +x /usr/bin/terraform-docs \
&& /usr/bin/terraform-docs completion bash > /etc/bash_completion.d/terraform-docs \
&& rm -f ./$TERRAFORM_DOCS_FILENAME
# Install aws-connect
ENV AWS_CONNECT_VERSION 1.0.11
ENV AWS_CONNECT_URL https://github.com/rewindio/aws-connect/archive
ENV AWS_CONNECT_FILENAME v${AWS_CONNECT_VERSION}.tar.gz
ENV AWS_CONNECT_SHA256 56d9ae4695302ca93c4020bf634d5f09eb772dfde7be2db02035266b7d3d44a2
RUN wget $AWS_CONNECT_URL/$AWS_CONNECT_FILENAME \
&& echo "$AWS_CONNECT_SHA256 ./$AWS_CONNECT_FILENAME" | sha256sum -c - \
&& tar -xzf ./${AWS_CONNECT_FILENAME} \
&& mv ./aws-connect-${AWS_CONNECT_VERSION}/aws-connect /usr/local/bin/aws-connect \
&& chmod +x /usr/local/bin/aws-connect \
&& rm -f ./${AWS_CONNECT_FILENAME} \
&& rm -rf ./aws-connect-${AWS_CONNECT_VERSION}
# Install AWS CLI v2
ENV AWS_CLI_VERSION 2.34.14
ENV AWS_CLI_URL https://awscli.amazonaws.com
ENV AWS_CLI_FILENAME awscli-exe-linux-x86_64-${AWS_CLI_VERSION}.zip
ENV AWS_CLI_SHA256 05f820e8df6bdc2b1c296afd1b63d3fecd39ac0725fd823004f110191c8180dd
RUN wget $AWS_CLI_URL/$AWS_CLI_FILENAME \
&& echo "$AWS_CLI_SHA256 ./$AWS_CLI_FILENAME" | sha256sum -c - \
&& unzip ./$AWS_CLI_FILENAME \
&& rm -f ./$AWS_CLI_FILENAME \
&& ./aws/install \
&& rm -rf ./aws
WORKDIR /opt
COPY docker-entrypoint.sh /docker-entrypoint.sh
COPY clearokta /usr/bin/clearokta
# Set up bashrc and scripts
RUN echo "# Added at containter build-time" >> /etc/ssh/ssh_config \
&& echo " Host *" >> /etc/ssh/ssh_config \
&& echo "ServerAliveInterval 30" >> /etc/ssh/ssh_config \
&& echo "ServerAliveCountMax 3" >> /etc/ssh/ssh_config \
&& chmod +x /docker-entrypoint.sh \
&& chmod +x /usr/bin/clearokta
# Install latest su-exec
RUN curl -o /usr/local/bin/su-exec.c https://raw.githubusercontent.com/ncopa/su-exec/master/su-exec.c \
&& fetch_deps='gcc libc-dev' \
&& apt-get install -y --no-install-recommends $fetch_deps \
&& rm -rf /var/lib/apt/lists/* \
&& gcc -Wall /usr/local/bin/su-exec.c -o/usr/local/bin/su-exec \
&& chown root:root /usr/local/bin/su-exec \
&& chmod 0755 /usr/local/bin/su-exec \
&& rm /usr/local/bin/su-exec.c \
&& apt-get purge -y --auto-remove $fetch_deps
RUN echo "Test Layer" \
&& aws --version \
&& aws_okta_keyman --help \
&& aws-connect -v \
&& aws-export-credentials --help \
&& aws-iam-authenticator \
&& cloud-nuke \
&& confd -version \
&& cookiecutter -h \
&& eksctl \
&& flux \
&& helm \
&& kompose -h \
&& kubectl \
&& kubectx --help \
&& kubens --help \
&& kubespy \
&& mssh --help \
&& okta-awscli --help \
&& sam --help \
&& session-manager-plugin --version \
&& terraform -h \
&& terraform-docs \
&& terragrunt -h
COPY bashrc /etc/bashrc
ENV SSH_AUTH_SOCK /tmp/agent.sock
EXPOSE 5555
ENTRYPOINT ["/docker-entrypoint.sh"]
CMD ["ssh-agent", "-d", "-s", "-a", "/tmp/agent.sock"]