From a7a2ffaf4b29dbbf8d42fcc47711b81550f53f02 Mon Sep 17 00:00:00 2001 From: hedge-sparrow Date: Thu, 1 May 2025 17:50:24 +0100 Subject: [PATCH 1/5] split build for toolbox container --- applications/wg-easy/container/Containerfile | 84 ++++++------------- applications/wg-easy/container/entrypoint.sh | 10 --- .../wg-easy/container/tool-completions.sh | 21 ----- 3 files changed, 26 insertions(+), 89 deletions(-) delete mode 100644 applications/wg-easy/container/entrypoint.sh delete mode 100644 applications/wg-easy/container/tool-completions.sh diff --git a/applications/wg-easy/container/Containerfile b/applications/wg-easy/container/Containerfile index ccde16dc..1f64611b 100644 --- a/applications/wg-easy/container/Containerfile +++ b/applications/wg-easy/container/Containerfile @@ -1,6 +1,7 @@ # Base image for all shared Containerfiles for taskfiles # Use this image as base image for app specific container files -FROM --platform=$BUILDPLATFORM ubuntu:24.04 +# this first container is only used to fetch deps and build tools +FROM --platform=$BUILDPLATFORM ubuntu:24.04 as build ARG TARGETOS ARG TARGETARCH @@ -10,69 +11,36 @@ WORKDIR /tools # Set environment variables ENV DEBIAN_FRONTEND=noninteractive \ HOME=/home/devuser \ - SHELL=/bin/bash + SHELL=/bin/bash \ + GOBIN=/tools # Install debian packages -RUN apt-get update && apt-get install -y \ - curl \ - jq \ - less \ - yq \ - gnupg \ - bash-completion \ - - # Install Google Cloud CLI - && echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" | tee -a /etc/apt/sources.list.d/google-cloud-sdk.list \ - && curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | gpg --dearmor -o /usr/share/keyrings/cloud.google.gpg \ - && apt-get update \ - && apt-get install google-cloud-cli -y \ +RUN apt-get update && apt-get install -y ca-certificates curl golang git make - # Clean up - && apt-get purge -y gnupg \ - && rm -rf /var/lib/apt/lists/* +# Install kubectl +run curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/${TARGETARCH}/kubectl" && chmod +x kubectl # Install helm -RUN curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash \ - - # Install kubectl - && curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/${TARGETARCH}/kubectl" \ - && chmod +x kubectl \ - && mv kubectl /usr/local/bin/ \ - - # Install Task - && sh -c "$(curl --location https://taskfile.dev/install.sh)" -- -d -b /usr/local/bin \ - - # Install Helmfile - && curl -Ls $(curl -s https://api.github.com/repos/helmfile/helmfile/releases/latest \ - | grep "browser_download_url.*linux_${TARGETARCH}.tar.gz" \ - | cut -d : -f 2,3 \ - | tr -d \") -o helmfile.tar.gz \ - && tar xf helmfile.tar.gz helmfile && rm helmfile.tar.gz \ - && mv helmfile /usr/local/bin/helmfile \ +RUN curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash - # Install Replicated CLI - && curl -Ls $(curl -s https://api.github.com/repos/replicatedhq/replicated/releases/latest \ - | grep "browser_download_url.*linux_amd64.tar.gz" \ - | cut -d : -f 2,3 \ - | tr -d \") -o replicated.tar.gz \ - && tar xf replicated.tar.gz replicated && rm replicated.tar.gz \ - && mv replicated /usr/local/bin/replicated +# Install Task +run go install github.com/go-task/task/v3/cmd/task@latest -# Create a non-root user for better security -RUN groupadd -r devuser && useradd -r -g devuser -m -s /bin/bash devuser +# Install Helmfile +run go install github.com/helmfile/helmfile@latest -# Copy shell completion scripts -COPY container/tool-completions.sh tool-completions.sh +# Install Replicated CLI +# TODO: we should look at why we can't use go install on our own cli +run git clone https://github.com/replicatedhq/replicated.git +run make -C replicated build -# Copy entrypoint script -COPY container/entrypoint.sh entrypoint.sh -RUN chmod +x entrypoint.sh - -# Set working directory -WORKDIR /workspace - -# Switch to non-root user -USER devuser - -# Set entrypoint -ENTRYPOINT ["/tools/entrypoint.sh", "-l"] +# this container is what will actually be committed +FROM --platform=$BUILDPLATFORM ubuntu:24.04 +RUN apt-get update && apt-get install -y curl jq less yq + +# copy other tools +copy --from=build /usr/local/bin/helm /usr/bin/helm +copy --from=build /tools/task /usr/bin/task +copy --from=build /tools/helmfile /usr/bin/helmfile +copy --from=build /tools/kubectl /usr/bin/kubectl +copy --from=build /tools/replicated/bin/replicated /usr/bin/replicated diff --git a/applications/wg-easy/container/entrypoint.sh b/applications/wg-easy/container/entrypoint.sh deleted file mode 100644 index 7f4e98c3..00000000 --- a/applications/wg-easy/container/entrypoint.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -# Uncomment force_color_prompt in bashrc -sed -i 's/#force_color_prompt=yes/force_color_prompt=yes/' $HOME/.bashrc - -# Source the tool completions -echo "source /tools/tool-completions.sh" >> $HOME/.bashrc - -# Execute the passed command or default to bash -exec "$@" diff --git a/applications/wg-easy/container/tool-completions.sh b/applications/wg-easy/container/tool-completions.sh deleted file mode 100644 index 50edb3a1..00000000 --- a/applications/wg-easy/container/tool-completions.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash - -# kubectl completion -source <(kubectl completion bash) -alias k=kubectl -complete -o default -F __start_kubectl k - -# helm completion -source <(helm completion bash) - -# task completion -source <(task --completion bash) - -# helmfile completion -source <(helmfile completion bash) - -# replicated completion -source <(replicated completion bash) - -# gcloud completion -source /usr/share/google-cloud-sdk/completion.bash.inc From 35c5c9c0792ee0057aa2f31ee0d450aa74d6290c Mon Sep 17 00:00:00 2001 From: hedge-sparrow Date: Fri, 2 May 2025 13:22:26 +0100 Subject: [PATCH 2/5] gcloud --- applications/wg-easy/container/Containerfile | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/applications/wg-easy/container/Containerfile b/applications/wg-easy/container/Containerfile index 1f64611b..c29a3720 100644 --- a/applications/wg-easy/container/Containerfile +++ b/applications/wg-easy/container/Containerfile @@ -15,7 +15,7 @@ ENV DEBIAN_FRONTEND=noninteractive \ GOBIN=/tools # Install debian packages -RUN apt-get update && apt-get install -y ca-certificates curl golang git make +RUN apt-get update && apt-get install -y ca-certificates curl golang git make gnupg # Install kubectl run curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/${TARGETARCH}/kubectl" && chmod +x kubectl @@ -34,9 +34,18 @@ run go install github.com/helmfile/helmfile@latest run git clone https://github.com/replicatedhq/replicated.git run make -C replicated build +# fetch gcloud keyring +run curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | gpg --dearmor -o cloud.google.gpg + # this container is what will actually be committed FROM --platform=$BUILDPLATFORM ubuntu:24.04 -RUN apt-get update && apt-get install -y curl jq less yq + +RUN apt-get update && apt-get install -y curl jq yq less +copy --from=build /tools/cloud.google.gpg /usr/share/keyrings/cloud.google.gpg +run echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" \ + | tee -a /etc/apt/sources.list.d/google-cloud-sdk.list \ + && apt-get update \ + && apt-get install -y google-cloud-sdk # copy other tools copy --from=build /usr/local/bin/helm /usr/bin/helm From 86b4ef8776cecb484f1acca30c19046a38072571 Mon Sep 17 00:00:00 2001 From: hedge-sparrow Date: Fri, 2 May 2025 15:32:05 +0100 Subject: [PATCH 3/5] alpine --- applications/wg-easy/container/Containerfile | 73 ++++++------------- .../wg-easy/container/Containerfile.old | 52 +++++++++++++ .../wg-easy/container/install-gcloud.sh | 14 ++++ 3 files changed, 87 insertions(+), 52 deletions(-) create mode 100644 applications/wg-easy/container/Containerfile.old create mode 100644 applications/wg-easy/container/install-gcloud.sh diff --git a/applications/wg-easy/container/Containerfile b/applications/wg-easy/container/Containerfile index c29a3720..4d9e98f1 100644 --- a/applications/wg-easy/container/Containerfile +++ b/applications/wg-easy/container/Containerfile @@ -1,55 +1,24 @@ -# Base image for all shared Containerfiles for taskfiles -# Use this image as base image for app specific container files -# this first container is only used to fetch deps and build tools -FROM --platform=$BUILDPLATFORM ubuntu:24.04 as build - -ARG TARGETOS -ARG TARGETARCH - -WORKDIR /tools - -# Set environment variables -ENV DEBIAN_FRONTEND=noninteractive \ - HOME=/home/devuser \ - SHELL=/bin/bash \ - GOBIN=/tools - -# Install debian packages -RUN apt-get update && apt-get install -y ca-certificates curl golang git make gnupg - -# Install kubectl -run curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/${TARGETARCH}/kubectl" && chmod +x kubectl - -# Install helm -RUN curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash - -# Install Task -run go install github.com/go-task/task/v3/cmd/task@latest - -# Install Helmfile -run go install github.com/helmfile/helmfile@latest - -# Install Replicated CLI -# TODO: we should look at why we can't use go install on our own cli -run git clone https://github.com/replicatedhq/replicated.git +# initial stage container used just for fetching things +from --platform=$BUILDPLATFORM alpine:latest as build +arg TARGETOS +arg TARGETARCH +workdir /src +run apk add curl jq go git make + +# fetch Helmfile +run curl -Ls $(curl -s https://api.github.com/repos/helmfile/helmfile/releases/latest \ + | jq -r --arg arch ".+linux_$TARGETARCH.+" '.assets[] | select (.browser_download_url | test ($arch) ) |.browser_download_url ') \ + | tar xz helmfile + +# fetch Replicated CLI +# We don't release arm64 so to keep this image +# multi-arch friendly we'll build replicated cli ourselves +run git clone https://github.com/replicatedhq/replicated run make -C replicated build -# fetch gcloud keyring -run curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | gpg --dearmor -o cloud.google.gpg - -# this container is what will actually be committed -FROM --platform=$BUILDPLATFORM ubuntu:24.04 - -RUN apt-get update && apt-get install -y curl jq yq less -copy --from=build /tools/cloud.google.gpg /usr/share/keyrings/cloud.google.gpg -run echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" \ - | tee -a /etc/apt/sources.list.d/google-cloud-sdk.list \ - && apt-get update \ - && apt-get install -y google-cloud-sdk -# copy other tools -copy --from=build /usr/local/bin/helm /usr/bin/helm -copy --from=build /tools/task /usr/bin/task -copy --from=build /tools/helmfile /usr/bin/helmfile -copy --from=build /tools/kubectl /usr/bin/kubectl -copy --from=build /tools/replicated/bin/replicated /usr/bin/replicated +# final stage container should have minimal layers and only stuff we want at runtime +from --platform=$BUILDPLATFORM alpine:latest +copy container/install-gcloud.sh / +copy --from=build /src/helmfile /src/replicated/bin/replicated /usr/bin/ +run apk add curl python3 helm go-task kubectl jq yq && sh install-gcloud.sh diff --git a/applications/wg-easy/container/Containerfile.old b/applications/wg-easy/container/Containerfile.old new file mode 100644 index 00000000..c44bd277 --- /dev/null +++ b/applications/wg-easy/container/Containerfile.old @@ -0,0 +1,52 @@ +# Base image for all shared Containerfiles for taskfiles +# Use this image as base image for app specific container files +# this first container is only used to fetch deps and build tools +FROM --platform=$BUILDPLATFORM ubuntu:24.04 as build + +ARG TARGETOS +ARG TARGETARCH + +WORKDIR /tools + +# Set environment variables +ENV DEBIAN_FRONTEND=noninteractive \ + HOME=/home/devuser \ + SHELL=/bin/bash + +# Install debian packages +RUN apt-get update && apt-get install -y curl gnupg + +# fetch kubectl +run curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/${TARGETARCH}/kubectl" && chmod +x kubectl + +# fetch helm +RUN curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash + +# fetch Task +run sh -c "$(curl --location https://taskfile.dev/install.sh)" -- -d -b /usr/local/bin + +# fetch Helmfile +run curl -Ls $(curl -s https://api.github.com/repos/helmfile/helmfile/releases/latest \ + | grep "browser_download_url.*linux_${TARGETARCH}.tar.gz" \ + | cut -d : -f 2,3 \ + | tr -d \") \ + | tar xz helmfile + +# fetch Replicated CLI +run curl -Ls $(curl -s https://api.github.com/repos/replicatedhq/replicated/releases/latest \ + | grep "browser_download_url.*linux_amd64.tar.gz" \ + | cut -d : -f 2,3 \ + | tr -d \") \ + | tar xz replicated + +# fetch gcloud keyring +run curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | gpg --dearmor -o cloud.google.gpg + +# this container is what will actually be committed +from --platform=$BUILDPLATFORM ubuntu:24.04 +copy --from=build /tools/cloud.google.gpg /usr/share/keyrings/cloud.google.gpg +copy --from=build ["/usr/local/bin/helm","/usr/local/bin/task","/tools/helmfile","/tools/kubectl","/tools/kubectl","/tools/replicated","/usr/bin/"] +run apt-get update && apt-get install -y curl jq yq less \ + && echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" \ + | tee -a /etc/apt/sources.list.d/google-cloud-sdk.list \ + && apt-get update && apt-get install -y google-cloud-sdk diff --git a/applications/wg-easy/container/install-gcloud.sh b/applications/wg-easy/container/install-gcloud.sh new file mode 100644 index 00000000..1c020226 --- /dev/null +++ b/applications/wg-easy/container/install-gcloud.sh @@ -0,0 +1,14 @@ +case $(uname -m) in + aarch64|arm64) + export ARCH="arm";; + x86_64) + export ARCH="x86_64";; + *) + echo "unsupported arch"; exit 1;; +esac + +curl https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-cli-linux-$ARCH.tar.gz | tar xz + +./google-cloud-sdk/install.sh -q + +find /google-cloud-sdk/bin -mindepth 1 -maxdepth 1 -type f -exec ln -s {} /usr/bin \; From f2078588605bb835931802a855657d64c6fbc999 Mon Sep 17 00:00:00 2001 From: hedge-sparrow Date: Wed, 7 May 2025 11:44:55 +0100 Subject: [PATCH 4/5] clean up --- .../wg-easy/container/Containerfile.old | 52 ------------------- 1 file changed, 52 deletions(-) delete mode 100644 applications/wg-easy/container/Containerfile.old diff --git a/applications/wg-easy/container/Containerfile.old b/applications/wg-easy/container/Containerfile.old deleted file mode 100644 index c44bd277..00000000 --- a/applications/wg-easy/container/Containerfile.old +++ /dev/null @@ -1,52 +0,0 @@ -# Base image for all shared Containerfiles for taskfiles -# Use this image as base image for app specific container files -# this first container is only used to fetch deps and build tools -FROM --platform=$BUILDPLATFORM ubuntu:24.04 as build - -ARG TARGETOS -ARG TARGETARCH - -WORKDIR /tools - -# Set environment variables -ENV DEBIAN_FRONTEND=noninteractive \ - HOME=/home/devuser \ - SHELL=/bin/bash - -# Install debian packages -RUN apt-get update && apt-get install -y curl gnupg - -# fetch kubectl -run curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/${TARGETARCH}/kubectl" && chmod +x kubectl - -# fetch helm -RUN curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash - -# fetch Task -run sh -c "$(curl --location https://taskfile.dev/install.sh)" -- -d -b /usr/local/bin - -# fetch Helmfile -run curl -Ls $(curl -s https://api.github.com/repos/helmfile/helmfile/releases/latest \ - | grep "browser_download_url.*linux_${TARGETARCH}.tar.gz" \ - | cut -d : -f 2,3 \ - | tr -d \") \ - | tar xz helmfile - -# fetch Replicated CLI -run curl -Ls $(curl -s https://api.github.com/repos/replicatedhq/replicated/releases/latest \ - | grep "browser_download_url.*linux_amd64.tar.gz" \ - | cut -d : -f 2,3 \ - | tr -d \") \ - | tar xz replicated - -# fetch gcloud keyring -run curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | gpg --dearmor -o cloud.google.gpg - -# this container is what will actually be committed -from --platform=$BUILDPLATFORM ubuntu:24.04 -copy --from=build /tools/cloud.google.gpg /usr/share/keyrings/cloud.google.gpg -copy --from=build ["/usr/local/bin/helm","/usr/local/bin/task","/tools/helmfile","/tools/kubectl","/tools/kubectl","/tools/replicated","/usr/bin/"] -run apt-get update && apt-get install -y curl jq yq less \ - && echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" \ - | tee -a /etc/apt/sources.list.d/google-cloud-sdk.list \ - && apt-get update && apt-get install -y google-cloud-sdk From 063b90b261fd0b6351784f999d227c1cd61a8178 Mon Sep 17 00:00:00 2001 From: hedge-sparrow Date: Wed, 7 May 2025 12:10:40 +0100 Subject: [PATCH 5/5] add bash --- applications/wg-easy/container/Containerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/applications/wg-easy/container/Containerfile b/applications/wg-easy/container/Containerfile index 4d9e98f1..3933e578 100644 --- a/applications/wg-easy/container/Containerfile +++ b/applications/wg-easy/container/Containerfile @@ -21,4 +21,5 @@ run make -C replicated build from --platform=$BUILDPLATFORM alpine:latest copy container/install-gcloud.sh / copy --from=build /src/helmfile /src/replicated/bin/replicated /usr/bin/ -run apk add curl python3 helm go-task kubectl jq yq && sh install-gcloud.sh +run apk add curl bash python3 helm go-task kubectl jq yq && sh /install-gcloud.sh +workdir /workspace