Compare commits
2 Commits
32697576a0
...
3175f2c96d
| Author | SHA1 | Date |
|---|---|---|
 Danny Grove
|
3175f2c96d
|
|
|
Danny Grove
|
6c19aed9aa
|
|
|
@ -0,0 +1,3 @@
|
||||||
|
alias k9s='sops exec-file --no-fifo ~/stack/secrets/production.kubeconfig "KUBECONFIG={} /usr/bin/k9s"'
|
||||||
|
alias kubectl='function _kubectl(){ sops exec-file --no-fifo ~/stack/secrets/production.kubeconfig "KUBECONFIG={} /usr/bin/kubectl $@"; };_kubectl'
|
||||||
|
alias talosctl='function _talosctl(){ sops exec-file --no-fifo ~/stack/secrets/production.talosconfig "TALOSCONFIG={} /usr/bin/talosctl $@"; };_talosctl'
|
||||||
|
|
@ -13,13 +13,15 @@ FROM stagex/user-libgcrypt@sha256:384f0e703afad6f8885ec77fb814ef182a08600a203218
|
||||||
FROM stagex/user-opentofu@sha256:b5053a5966f7ec06ea894db315c4990b73e8bee69798889de747e9a99c32b041 AS user-opentofu
|
FROM stagex/user-opentofu@sha256:b5053a5966f7ec06ea894db315c4990b73e8bee69798889de747e9a99c32b041 AS user-opentofu
|
||||||
FROM stagex/user-sops@sha256:72b09ff439f422889af815f19a223b48b3b3fd0701d312a413069cbabcad7a12 AS user-sops
|
FROM stagex/user-sops@sha256:72b09ff439f422889af815f19a223b48b3b3fd0701d312a413069cbabcad7a12 AS user-sops
|
||||||
FROM stagex/user-talosctl@sha256:23ff2d686a0c251db4f8a8f07e9b18c81c64eaa07da97de5a75fccbea3e595c4 AS user-talosctl
|
FROM stagex/user-talosctl@sha256:23ff2d686a0c251db4f8a8f07e9b18c81c64eaa07da97de5a75fccbea3e595c4 AS user-talosctl
|
||||||
FROM stagex/user-kubectl@sha256:6df028ecb71097c182276cad295f7a68a28f2c8d7fc82ea47fb22a451b11a4ff AS user-kubectl
|
FROM drgrove/kubectl:1.33.2 AS user-kubectl
|
||||||
FROM stagex/user-kustomize@sha256:9886d6c855f763398a8bf52cd16e07f78cb8dab75396903645612e9cd4094cfa AS user-kustomize
|
FROM drgrove/kustomize:5.7.0 AS user-kustomize
|
||||||
FROM stagex/user-kustomize-sops@sha256:25040e0adf7dc6806da9996a252dbf7f8f5bb4f0b9a9dd1835035eeaea3861d9 AS user-kustomize-sops
|
FROM drgrove/kustomize-sops:4.3.3 AS user-kustomize-sops
|
||||||
FROM stagex/user-helm@sha256:e7d2e13db8483f5356b96337308edbd5a0e602cc76c4c5ea5ed730ae6d2b2dcc AS user-helm
|
FROM stagex/user-helm@sha256:e7d2e13db8483f5356b96337308edbd5a0e602cc76c4c5ea5ed730ae6d2b2dcc AS user-helm
|
||||||
FROM stagex/user-k9s@sha256:eff325c4d000358b2f6ed0f63d61fcea8f98c081395437d0003e7429e0c334b4 AS user-k9s
|
FROM drgrove/k9s:0.50.7 AS user-k9s
|
||||||
|
FROM stagex/core-bash@sha256:a4601014df6ed004e0a81f65159b7f9dbdaec73db679ddef338b58ac4b85f0da AS core-bash
|
||||||
|
|
||||||
FROM scratch
|
FROM stagex/core-filesystem
|
||||||
|
COPY --from=core-bash . /
|
||||||
COPY --from=core-busybox . /
|
COPY --from=core-busybox . /
|
||||||
COPY --from=core-musl . /
|
COPY --from=core-musl . /
|
||||||
COPY --from=core-ca-certificates . /
|
COPY --from=core-ca-certificates . /
|
||||||
|
|
@ -35,11 +37,16 @@ COPY --from=user-sops . /
|
||||||
COPY --from=user-talosctl . /
|
COPY --from=user-talosctl . /
|
||||||
COPY --from=user-kubectl . /
|
COPY --from=user-kubectl . /
|
||||||
COPY --from=user-kustomize . /
|
COPY --from=user-kustomize . /
|
||||||
COPY --from=user-kustomize-sops . /
|
COPY --from=user-kustomize-sops . /
|
||||||
COPY --from=user-sops . /
|
COPY --from=user-sops . /
|
||||||
COPY --from=user-helm . /
|
COPY --from=user-helm . /
|
||||||
COPY --from=user-k9s . /
|
COPY --from=user-k9s . /
|
||||||
|
USER 0
|
||||||
RUN mkdir -p /root/.gnupg
|
RUN \
|
||||||
RUN chmod 0700 /root/.gnupg
|
mkdir -p /run/user/1000/ \
|
||||||
|
&& chown 1000:1000 -R /run/user/1000/ \
|
||||||
|
&& chown 1000:1000 -R /home/user/
|
||||||
|
USER 1000
|
||||||
|
ENV PS1="[stack] $ "
|
||||||
|
ENV KUSTOMIZE_PLUGIN_HOME=/usr/lib/kustomize/plugins/
|
||||||
|
WORKDIR /home/user/
|
||||||
|
|
|
||||||
17
Makefile
17
Makefile
|
|
@ -20,7 +20,6 @@ EXTRA_ARGS :=
|
||||||
.DEFAULT_GOAL :=
|
.DEFAULT_GOAL :=
|
||||||
.PHONY: default
|
.PHONY: default
|
||||||
default: \
|
default: \
|
||||||
toolchain \
|
|
||||||
tools \
|
tools \
|
||||||
apply
|
apply
|
||||||
|
|
||||||
|
|
@ -28,13 +27,16 @@ default: \
|
||||||
clean:
|
clean:
|
||||||
rm -rf $(CACHE_DIR)
|
rm -rf $(CACHE_DIR)
|
||||||
|
|
||||||
|
out:
|
||||||
|
mkdir out
|
||||||
|
|
||||||
.PHONY: update-tools
|
.PHONY: update-tools
|
||||||
update-tools:
|
update-tools:
|
||||||
./src/make/update.sh
|
./src/make/update.sh
|
||||||
|
|
||||||
.PHONY: shell
|
.PHONY: shell
|
||||||
shell: out/tools-image.digest
|
shell: out/tools-image.digest
|
||||||
$(call run-container, -v ./secrets:/secrets, $(shell cat $<), bin/sh)
|
$(call run-container, -v $${PWD}:/home/user/stack:rw, $(shell cat $<), /bin/bash)
|
||||||
|
|
||||||
.PHONY: credentials
|
.PHONY: credentials
|
||||||
credentials: \
|
credentials: \
|
||||||
|
|
@ -137,11 +139,12 @@ GPG_TTY ?= $(shell tty)
|
||||||
|
|
||||||
define run-container
|
define run-container
|
||||||
docker run -it $(1) \
|
docker run -it $(1) \
|
||||||
-e GPG_TTY="$(GPG_TTY)" \
|
-v $$PWD/.bashrc:/home/user/.bashrc:ro \
|
||||||
-v $(shell gpgconf --list-dirs agent-socket):/root/.gnupg/S.gpg-agent:ro \
|
-v $(shell gpgconf --list-dirs socketdir)/:/run/user/1000/gnupg/:ro \
|
||||||
-v $(shell gpgconf --list-dirs homedir):/root/.gnupg:rw \
|
-v $(shell gpgconf --list-dirs homedir):/home/user/.gnupg:rw \
|
||||||
$(2) \
|
-e SSH_AUTH_SOCK=/run/user/1000/gnupg/$(shell basename $(shell gpgconf --list-dirs agent-ssh-socket)) \
|
||||||
$(3)
|
--entrypoint $(3) \
|
||||||
|
$(2)
|
||||||
endef
|
endef
|
||||||
|
|
||||||
.PHONY: plan
|
.PHONY: plan
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue