From 3175f2c96d10c7245eb41187dd303dba6d0d8576 Mon Sep 17 00:00:00 2001
From: Danny Grove <danny@dannygrove.com>
Date: Mon, 14 Jul 2025 23:21:11 -0700
Subject: [PATCH] Upgrade k8s CLIs, make alias functions the decrypt secerts on
 the fly

---
 .bashrc             |  3 +++
 Containerfile.tools | 27 +++++++++++++++++----------
 2 files changed, 20 insertions(+), 10 deletions(-)
 create mode 100644 .bashrc

diff --git a/.bashrc b/.bashrc
new file mode 100644
index 0000000..34a7aca
--- /dev/null
+++ b/.bashrc
@@ -0,0 +1,3 @@
+alias k9s='sops exec-file --no-fifo ~/stack/secrets/production.kubeconfig "KUBECONFIG={} /usr/bin/k9s"'
+alias kubectl='function _kubectl(){ sops exec-file --no-fifo ~/stack/secrets/production.kubeconfig "KUBECONFIG={} /usr/bin/kubectl $@"; };_kubectl'
+alias talosctl='function _talosctl(){ sops exec-file --no-fifo ~/stack/secrets/production.talosconfig "TALOSCONFIG={} /usr/bin/talosctl $@"; };_talosctl'
diff --git a/Containerfile.tools b/Containerfile.tools
index 28527d7..b4600c2 100644
--- a/Containerfile.tools
+++ b/Containerfile.tools
@@ -13,13 +13,15 @@ FROM stagex/user-libgcrypt@sha256:384f0e703afad6f8885ec77fb814ef182a08600a203218
 FROM stagex/user-opentofu@sha256:b5053a5966f7ec06ea894db315c4990b73e8bee69798889de747e9a99c32b041 AS user-opentofu
 FROM stagex/user-sops@sha256:72b09ff439f422889af815f19a223b48b3b3fd0701d312a413069cbabcad7a12 AS user-sops
 FROM stagex/user-talosctl@sha256:23ff2d686a0c251db4f8a8f07e9b18c81c64eaa07da97de5a75fccbea3e595c4 AS user-talosctl
-FROM stagex/user-kubectl@sha256:6df028ecb71097c182276cad295f7a68a28f2c8d7fc82ea47fb22a451b11a4ff AS user-kubectl
-FROM stagex/user-kustomize@sha256:9886d6c855f763398a8bf52cd16e07f78cb8dab75396903645612e9cd4094cfa AS user-kustomize
-FROM stagex/user-kustomize-sops@sha256:25040e0adf7dc6806da9996a252dbf7f8f5bb4f0b9a9dd1835035eeaea3861d9 AS user-kustomize-sops
+FROM drgrove/kubectl:1.33.2 AS user-kubectl
+FROM drgrove/kustomize:5.7.0 AS user-kustomize
+FROM drgrove/kustomize-sops:4.3.3 AS user-kustomize-sops
 FROM stagex/user-helm@sha256:e7d2e13db8483f5356b96337308edbd5a0e602cc76c4c5ea5ed730ae6d2b2dcc AS user-helm
-FROM stagex/user-k9s@sha256:eff325c4d000358b2f6ed0f63d61fcea8f98c081395437d0003e7429e0c334b4 AS user-k9s
+FROM drgrove/k9s:0.50.7 AS user-k9s
+FROM stagex/core-bash@sha256:a4601014df6ed004e0a81f65159b7f9dbdaec73db679ddef338b58ac4b85f0da AS core-bash
 
-FROM scratch
+FROM stagex/core-filesystem
+COPY --from=core-bash . /
 COPY --from=core-busybox . /
 COPY --from=core-musl . /
 COPY --from=core-ca-certificates . /
@@ -35,11 +37,16 @@ COPY --from=user-sops . /
 COPY --from=user-talosctl . /
 COPY --from=user-kubectl . /
 COPY --from=user-kustomize . /
-COPY --from=user-kustomize-sops . /
+COPY --from=user-kustomize-sops . / 
 COPY --from=user-sops . /
 COPY --from=user-helm . /
 COPY --from=user-k9s . /
-
-RUN mkdir -p /root/.gnupg
-RUN chmod 0700 /root/.gnupg
-
+USER 0
+RUN \
+	mkdir -p /run/user/1000/ \
+	&& chown 1000:1000 -R /run/user/1000/ \
+	&& chown 1000:1000 -R /home/user/
+USER 1000
+ENV PS1="[stack] $ "
+ENV KUSTOMIZE_PLUGIN_HOME=/usr/lib/kustomize/plugins/
+WORKDIR /home/user/