From 3175f2c96d10c7245eb41187dd303dba6d0d8576 Mon Sep 17 00:00:00 2001 From: Danny Grove Date: Mon, 14 Jul 2025 23:21:11 -0700 Subject: [PATCH] Upgrade k8s CLIs, make alias functions the decrypt secerts on the fly --- .bashrc | 3 +++ Containerfile.tools | 27 +++++++++++++++++---------- 2 files changed, 20 insertions(+), 10 deletions(-) create mode 100644 .bashrc diff --git a/.bashrc b/.bashrc new file mode 100644 index 0000000..34a7aca --- /dev/null +++ b/.bashrc @@ -0,0 +1,3 @@ +alias k9s='sops exec-file --no-fifo ~/stack/secrets/production.kubeconfig "KUBECONFIG={} /usr/bin/k9s"' +alias kubectl='function _kubectl(){ sops exec-file --no-fifo ~/stack/secrets/production.kubeconfig "KUBECONFIG={} /usr/bin/kubectl $@"; };_kubectl' +alias talosctl='function _talosctl(){ sops exec-file --no-fifo ~/stack/secrets/production.talosconfig "TALOSCONFIG={} /usr/bin/talosctl $@"; };_talosctl' diff --git a/Containerfile.tools b/Containerfile.tools index 28527d7..b4600c2 100644 --- a/Containerfile.tools +++ b/Containerfile.tools @@ -13,13 +13,15 @@ FROM stagex/user-libgcrypt@sha256:384f0e703afad6f8885ec77fb814ef182a08600a203218 FROM stagex/user-opentofu@sha256:b5053a5966f7ec06ea894db315c4990b73e8bee69798889de747e9a99c32b041 AS user-opentofu FROM stagex/user-sops@sha256:72b09ff439f422889af815f19a223b48b3b3fd0701d312a413069cbabcad7a12 AS user-sops FROM stagex/user-talosctl@sha256:23ff2d686a0c251db4f8a8f07e9b18c81c64eaa07da97de5a75fccbea3e595c4 AS user-talosctl -FROM stagex/user-kubectl@sha256:6df028ecb71097c182276cad295f7a68a28f2c8d7fc82ea47fb22a451b11a4ff AS user-kubectl -FROM stagex/user-kustomize@sha256:9886d6c855f763398a8bf52cd16e07f78cb8dab75396903645612e9cd4094cfa AS user-kustomize -FROM stagex/user-kustomize-sops@sha256:25040e0adf7dc6806da9996a252dbf7f8f5bb4f0b9a9dd1835035eeaea3861d9 AS user-kustomize-sops +FROM drgrove/kubectl:1.33.2 AS user-kubectl +FROM drgrove/kustomize:5.7.0 AS user-kustomize +FROM drgrove/kustomize-sops:4.3.3 AS user-kustomize-sops FROM stagex/user-helm@sha256:e7d2e13db8483f5356b96337308edbd5a0e602cc76c4c5ea5ed730ae6d2b2dcc AS user-helm -FROM stagex/user-k9s@sha256:eff325c4d000358b2f6ed0f63d61fcea8f98c081395437d0003e7429e0c334b4 AS user-k9s +FROM drgrove/k9s:0.50.7 AS user-k9s +FROM stagex/core-bash@sha256:a4601014df6ed004e0a81f65159b7f9dbdaec73db679ddef338b58ac4b85f0da AS core-bash -FROM scratch +FROM stagex/core-filesystem +COPY --from=core-bash . / COPY --from=core-busybox . / COPY --from=core-musl . / COPY --from=core-ca-certificates . / @@ -35,11 +37,16 @@ COPY --from=user-sops . / COPY --from=user-talosctl . / COPY --from=user-kubectl . / COPY --from=user-kustomize . / -COPY --from=user-kustomize-sops . / +COPY --from=user-kustomize-sops . / COPY --from=user-sops . / COPY --from=user-helm . / COPY --from=user-k9s . / - -RUN mkdir -p /root/.gnupg -RUN chmod 0700 /root/.gnupg - +USER 0 +RUN \ + mkdir -p /run/user/1000/ \ + && chown 1000:1000 -R /run/user/1000/ \ + && chown 1000:1000 -R /home/user/ +USER 1000 +ENV PS1="[stack] $ " +ENV KUSTOMIZE_PLUGIN_HOME=/usr/lib/kustomize/plugins/ +WORKDIR /home/user/