This repository contains the needed requirements to build a Docker image that provides a version consistent toolset.
This container does not have any sensitive information embedded such as Kubernetes kubeconfig file, or AGE keys. These need to be mounted in order for utilities such as Helm and Kubectl to provide credentials for access to resources.
| Tool | Version |
|---|---|
| kubectl | v1.28.2 |
| oc | 4.13.13 |
| Kubevirt (virtctl) | v1.0.0 |
| GCloud SDK / gke-gcloud-auth-plugin | 427.0.0 |
| kubectl-kubesec | v1.1.0 |
| kubesec | v2.13.0 |
| kubeshark | 50.4 |
| helm | v3.12.3 |
| Helm Push (Plugin) | v0.10.4 |
| Helm Secrets (Plugin) | v4.5.1 |
| Helm Diff (Plugin) | v3.8.1 |
| Helm mapkubeapis (Plugin) | v0.4.1 |
| sops | v3.8.0 |
| age | v1.1.1 |
| stern | v2.6.1 |
| k9s | v0.27.4 |
| nova | v3.7.0 |
| pluto | v5.18.4 |
| jq | jq-1.7 |
| yq | v4.35.1 |
| docker | v24.0.6 |
In addition to the utilities bundled in the container the docker-entrypoint.sh script will perform the following actions
If an age key file is passphrase-protected using age it can be decrypted by setting the environment variables AGE_KEY and AGE_KEY_PASSPHRASE.
AGE_KEY: The full path of the key file mounted within the containerAGE_KEY_PASSPHRASE: The passphrase used to decrypt theAGE_KEYfile.
The AGE_KEY is decrypted to $HOME/.config/sops/age/keys.txt, the default location SOPS will look for a corresponding identity
docker run -it --rm --hostname k8s-cloud-shell k8s-cloud-shellA directory containing a kubeconfig can be mounted as a volume within the container for the root user to allow the included utilities to access resources
docker run -it --rm --hostname k8s-cloud-shell -v ${HOME}/.kube:/root/.kube k8s-cloud-shellIn addition to getting shell access into the container commands can be passed for the container to run. Any command after container name will be passed into the container to be run
docker run -it --rm --hostname k8s-cloud-shell -v ${HOME}/.kube:/root/.kube k8s-cloud-shell lsYou can leverage the Docker --env-file option to load multiple environment variables into the container. The env-file can also be sourced before calling docker run to assit in mounting the needed volumes.
$ cat ${HOME}/.k8s-cloud-shell/localk3s
HELM_VAR_REPO="<HELM-REPO FULL REPO PATH>"
# Relative path to age keypair file
AGE_KEY="<AGE .KEY FILE FULL REPO PATH>"
# The age keyfile passphrase for the localci environment
AGE_KEY_PASSPHRASE="<AGE environment key passphrase>"
# The kubeconfig file environment/cluster to allow access
KUBECONFIG_FILE="${HOME}/.kube/<CLUSTER KUBECONFIG FILE>"myenv="${HOME}/.k8s-cloud-shell/myClusterConfig" &&\
source "$myenv" &&\
docker run -it --rm --hostname arin-cloud-shell --env-file "$myenv" -v "${HELM_VAR_REPO}":/helm-vars \
-v "${KUBECONFIG_FILE}":/root/.kube/config:ro k8s-cloud-shellSee the Docker documentation for tag details.
- Build the Docker image:
TAG=$(cat VERSION) &&
docker build --progress=plain -t k8s-cloud-shell:"${TAG}" .