diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..56ac42a --- /dev/null +++ b/.dockerignore @@ -0,0 +1,7 @@ +.github +README.md +LICENSE.md +Dockerfile +.editorconfig +.gitignore +testing.sh diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..3b08581 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,10 @@ +root = true + +[*] +charset = utf-8 +end_of_line = lf +indent_size = 2 +indent_style = space +insert_final_newline = true +max_line_length = 200 +tab_width = 2 diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml new file mode 100644 index 0000000..5747ae1 --- /dev/null +++ b/.github/workflows/container.yml @@ -0,0 +1,139 @@ +name: Container Image +on: + push: + branches: + - 'main' + tags: + - '**' + +env: + kubectl_version: 1.27.3 + helm_version: 3.12.1 + sentry_cli_version: 2.19.4 + aws_cli_version: 2.12.7 + +jobs: + build: + name: Build container image and push it to registry + runs-on: ubuntu-latest + timeout-minutes: 30 + permissions: + id-token: write + contents: read + packages: write + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Login to Docker Hub + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_PASSWORD }} + + - name: Login to GitHub Container Registry + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + role-to-assume: ${{ secrets.AWS_ROLE_ARN }} + aws-region: us-east-1 + + - name: Login to Amazon ECR Public + id: login-ecr-public + uses: aws-actions/amazon-ecr-login@v1 + with: + registry-type: public + + - name: Parse version + id: get-version + uses: battila7/get-version-action@v2 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Build and push - testing - slim + uses: docker/build-push-action@v3 + timeout-minutes: 15 + if: ${{ !steps.get-version.outputs.is-semver }} + with: + context: . + file: ./Dockerfile + platforms: linux/amd64,linux/arm64 + push: true + build-args: | + KUBECTL_VERSION=${{ env.kubectl_version }} + HELM_VERSION=${{ env.helm_version }} + SENTRY_CLI_VERSION=${{ env.sentry_cli_version }} + AWS_CLI_VERSION=${{ env.aws_cli_version }} + tags: | + cookielab/deployer:${{ github.ref_name }}-slim + public.ecr.aws/cookielab/deployer:${{ github.ref_name }}-slim + ghcr.io/${{ github.repository }}:${{ github.ref_name }}-slim + + - name: Build and push - pre-release - slim + uses: docker/build-push-action@v3 + timeout-minutes: 15 + if: ${{ steps.get-version.outputs.is-semver && steps.get-version.outputs.prerelease != '' }} + with: + context: . + file: ./Dockerfile + platforms: linux/amd64,linux/arm64 + push: true + build-args: | + KUBECTL_VERSION=${{ env.kubectl_version }} + HELM_VERSION=${{ env.helm_version }} + SENTRY_CLI_VERSION=${{ env.sentry_cli_version }} + AWS_CLI_VERSION=${{ env.aws_cli_version }} + tags: | + cookielab/deployer:${{ steps.get-version.outputs.version-without-v }}-slim + public.ecr.aws/cookielab/deployer:${{ steps.get-version.outputs.version-without-v }}-slim + ghcr.io/${{ github.repository }}:${{ steps.get-version.outputs.version-without-v }}-slim + + - name: Build and push - stable - slim + uses: docker/build-push-action@v3 + timeout-minutes: 15 + if: ${{ steps.get-version.outputs.is-semver && steps.get-version.outputs.prerelease == '' }} + with: + context: . + file: ./Dockerfile + platforms: linux/amd64,linux/arm64 + push: true + build-args: | + KUBECTL_VERSION=${{ env.kubectl_version }} + HELM_VERSION=${{ env.helm_version }} + SENTRY_CLI_VERSION=${{ env.sentry_cli_version }} + AWS_CLI_VERSION=${{ env.aws_cli_version }} + tags: | + cookielab/deployer:${{ steps.get-version.outputs.version-without-v }}-slim + cookielab/deployer:${{ steps.get-version.outputs.version-without-v }} + cookielab/deployer:${{ steps.get-version.outputs.major }}.${{ steps.get-version.outputs.minor }}.${{ steps.get-version.outputs.patch }}-slim + cookielab/deployer:${{ steps.get-version.outputs.major }}.${{ steps.get-version.outputs.minor }}.${{ steps.get-version.outputs.patch }} + cookielab/deployer:${{ steps.get-version.outputs.major }}.${{ steps.get-version.outputs.minor }}-slim + cookielab/deployer:${{ steps.get-version.outputs.major }}.${{ steps.get-version.outputs.minor }} + cookielab/deployer:${{ steps.get-version.outputs.major }}-slim + cookielab/deployer:${{ steps.get-version.outputs.major }} + public.ecr.aws/cookielab/deployer:${{ steps.get-version.outputs.version-without-v }}-slim + public.ecr.aws/cookielab/deployer:${{ steps.get-version.outputs.version-without-v }} + public.ecr.aws/cookielab/deployer:${{ steps.get-version.outputs.major }}.${{ steps.get-version.outputs.minor }}.${{ steps.get-version.outputs.patch }}-slim + public.ecr.aws/cookielab/deployer:${{ steps.get-version.outputs.major }}.${{ steps.get-version.outputs.minor }}.${{ steps.get-version.outputs.patch }} + public.ecr.aws/cookielab/deployer:${{ steps.get-version.outputs.major }}.${{ steps.get-version.outputs.minor }}-slim + public.ecr.aws/cookielab/deployer:${{ steps.get-version.outputs.major }}.${{ steps.get-version.outputs.minor }} + public.ecr.aws/cookielab/deployer:${{ steps.get-version.outputs.major }}-slim + public.ecr.aws/cookielab/deployer:${{ steps.get-version.outputs.major }} + ghcr.io/${{ github.repository }}:${{ steps.get-version.outputs.version-without-v }}-slim + ghcr.io/${{ github.repository }}:${{ steps.get-version.outputs.version-without-v }} + ghcr.io/${{ github.repository }}:${{ steps.get-version.outputs.major }}.${{ steps.get-version.outputs.minor }}.${{ steps.get-version.outputs.patch }}-slim + ghcr.io/${{ github.repository }}:${{ steps.get-version.outputs.major }}.${{ steps.get-version.outputs.minor }}.${{ steps.get-version.outputs.patch }} + ghcr.io/${{ github.repository }}:${{ steps.get-version.outputs.major }}.${{ steps.get-version.outputs.minor }}-slim + ghcr.io/${{ github.repository }}:${{ steps.get-version.outputs.major }}.${{ steps.get-version.outputs.minor }} + ghcr.io/${{ github.repository }}:${{ steps.get-version.outputs.major }}-slim + ghcr.io/${{ github.repository }}:${{ steps.get-version.outputs.major }} diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..2abb8d1 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +testing.sh \ No newline at end of file diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml deleted file mode 100644 index c63ec47..0000000 --- a/.gitlab-ci.yml +++ /dev/null @@ -1,34 +0,0 @@ -build: - image: - name: gcr.io/kaniko-project/executor:v1.7.0-debug - entrypoint: [""] - variables: - DOCKER_CONFIG: /root - DOCKER_IMAGE: cookielab/deployer - DOCKER_IMAGE_VERSION_REVISION: $CI_COMMIT_TAG - KUBERNETES_VERSION: 1.22.4 - HELM_VERSION: 3.7.2 - SENTRY_CLI_VERSION: 1.71.0 - KUBEDOG_VERSION: 0.6.1 - KAIL_VERSION: 0.15.0 - before_script: - - mkdir -p $DOCKER_CONFIG - - echo "{\"auths\":{\"https://index.docker.io/v1/\":{\"username\":\"clbbot\",\"password\":\"$DOCKER_HUB_PASSWORD\"}}}" > $DOCKER_CONFIG/config.json - script: - - export DOCKER_IMAGE_VERSION_PATCH=`echo -n $DOCKER_IMAGE_VERSION_REVISION | sed -n -E 's/([0-9]+)\.([0-9]+)\.([0-9]+)(-([0-9]+))?/\1.\2.\3/p'` - - export DOCKER_IMAGE_VERSION_MINOR=`echo -n $DOCKER_IMAGE_VERSION_REVISION | sed -n -E 's/([0-9]+)\.([0-9]+)\.([0-9]+)(-([0-9]+))?/\1.\2/p'` - - | - /kaniko/executor \ - --single-snapshot \ - --context $CI_PROJECT_DIR \ - --dockerfile $CI_PROJECT_DIR/Dockerfile \ - --build-arg KUBE_VERSION="${KUBERNETES_VERSION}" \ - --build-arg HELM_VERSION="${HELM_VERSION}" \ - --build-arg SENTRY_CLI_VERSION="${SENTRY_CLI_VERSION}" \ - --build-arg KUBEDOG_VERSION="${KUBEDOG_VERSION}" \ - --build-arg KAIL_VERSION="${KAIL_VERSION}" \ - --destination $DOCKER_IMAGE:$DOCKER_IMAGE_VERSION_REVISION \ - --destination $DOCKER_IMAGE:$DOCKER_IMAGE_VERSION_PATCH \ - --destination $DOCKER_IMAGE:$DOCKER_IMAGE_VERSION_MINOR - only: - - tags diff --git a/Dockerfile b/Dockerfile index ba59cf2..a7b9f6b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,38 +1,41 @@ -FROM cookielab/alpine:3.13 +FROM cookielab/slim:12.0 AS build + +ARG TARGETARCH +WORKDIR /tmp + +RUN apt update && apt install -y curl zip + +ARG KUBECTL_VERSION +RUN curl -L "https://dl.k8s.io/release/v${KUBECTL_VERSION}/bin/linux/${TARGETARCH}/kubectl" -o /usr/local/kubectl +RUN chmod +x /usr/local/kubectl -ARG KUBE_VERSION ARG HELM_VERSION -ARG SENTRY_CLI_VERSION -ARG KUBEDOG_VERSION -ARG KAIL_VERSION - -ADD kube-connect /usr/local/bin/kube-connect - -RUN apk --update --no-cache add ca-certificates openssh bash curl gzip unzip git jq gettext -RUN chmod +x /usr/local/bin/kube-connect -RUN curl -L https://storage.googleapis.com/kubernetes-release/release/v${KUBE_VERSION}/bin/linux/amd64/kubectl -o /usr/local/bin/kubectl -RUN chmod +x /usr/local/bin/kubectl -RUN curl -L https://get.helm.sh/helm-v${HELM_VERSION}-linux-amd64.tar.gz -o ./helm.tar.gz -RUN tar -xzf ./helm.tar.gz -RUN rm ./helm.tar.gz -RUN mv ./linux-amd64/helm /usr/local/bin/helm +RUN curl -L "https://get.helm.sh/helm-v${HELM_VERSION}-linux-${TARGETARCH}.tar.gz" -o /tmp/helm.tar.gz +RUN tar -xzf /tmp/helm.tar.gz +RUN rm /tmp/helm.tar.gz +RUN mv /tmp/linux-${TARGETARCH}/helm /usr/local/bin/helm RUN chmod +x /usr/local/bin/helm -RUN rm -rf ./linux-amd64 -RUN curl -L https://downloads.sentry-cdn.com/sentry-cli/${SENTRY_CLI_VERSION}/sentry-cli-Linux-x86_64 -o ./sentry-cli -RUN mv ./sentry-cli /usr/local/bin/sentry-cli -RUN chmod +x /usr/local/bin/sentry-cli -RUN curl -L https://tuf.kubedog.werf.io/targets/releases/${KUBEDOG_VERSION}/linux-amd64/bin/kubedog -o /usr/local/bin/kubedog -RUN chmod +x /usr/local/bin/kubedog -RUN curl -L https://github.com/boz/kail/releases/download/v${KAIL_VERSION}/kail_${KAIL_VERSION}_linux_amd64.tar.gz -o /tmp/kail.tar.gz && \ - tar xvzf /tmp/kail.tar.gz && \ - mv kail /usr/local/bin/ && \ - rm -rf /tmp/* -RUN chmod +x /usr/local/bin/kail -USER 1987 +ARG SENTRY_CLI_VERSION +RUN curl -sL https://sentry.io/get-cli/ | INSTALL_DIR="/usr/local/bin" sh + +ARG AWS_CLI_VERSION +COPY download-aws-cli.sh /tmp/download-aws-cli.sh +RUN /tmp/download-aws-cli.sh -RUN mkdir -p -m 0700 /container/.ssh -RUN touch /container/.ssh/known_hosts -RUN chmod 0644 /container/.ssh/known_hosts +FROM cookielab/slim:12.0 + +RUN apt update && apt install -y curl jq \ + && apt-get clean && rm -rf /var/lib/apt/lists/* + +COPY --from=build /usr/local/bin /usr/local/bin + +COPY --from=build /tmp/aws /tmp/aws +RUN /tmp/aws/install +RUN rm -rf /tmp/aws + +ARG GITHUB_TOKEN + +USER 1987 ONBUILD USER root diff --git a/README.md b/README.md index bbb13e6..5e3fbd0 100644 --- a/README.md +++ b/README.md @@ -1,33 +1,3 @@ -# Cookielab - Deployer image +# cookielab/deployer -This image is based on [our Alpine Linux image](https://cloud.docker.com/u/cookielab/repository/docker/cookielab/alpine). - -We make this image for deploying our applications from Gitlab to Kubernetes. - -This image contains [`kubectl`](https://kubernetes.io/docs/reference/kubectl/overview/), [`terraform`](https://terraform.io), [`helm`](https://helm.sh/), [`sentry-cli`](https://docs.sentry.io/cli/) and [`kubeless`](https://kubeless.io/). -It also contains `kube-connect` script with will connect to your kubernetes cluser via env variables (standard one in Gitlab CI). - -## Usage - -```bash -# kubectl -docker run --rm cookielab/deployer:0.11 -> kube-connect -> kubectl version - -# terraform -docker run --rm cookielab/deployer:0.11 terraform version - -# helm -docker run --rm cookielab/deployer:0.11 -> kube-connect -> helm version - -# sentry-cli -docker run --rm cookielab/deployer:0.11 sentry-cli --version - -# kubeless -docker run --rm cookielab/deployer:0.11 -> kube-connect -> kubeless version -``` +@todo diff --git a/UPDATING.md b/UPDATING.md deleted file mode 100644 index be7439c..0000000 --- a/UPDATING.md +++ /dev/null @@ -1,9 +0,0 @@ -# How to update this image? - -1. check https://cloud.docker.com/u/cookielab/repository/docker/cookielab/alpine/tags if there is new version of base image -2. check https://github.com/kubernetes/kubernetes/releases if there is new version of kubectl and update it in `.gitlab-ci.yml` -3. check https://github.com/hashicorp/terraform/releases if there is new version of terraform and update it in `.gitlab-ci.yml` -4. check https://github.com/helm/helm/releases if there is new version of helm and update it in `.gitlab-ci.yml` -5. check https://github.com/kubeless/kubeless/releases if there is new version of kubeless and update it in `.gitlab-ci.yml` -6. update version in `README.md` if necessary and commit this change -7. make new tag with new version and push it to GitLab diff --git a/download-aws-cli.sh b/download-aws-cli.sh new file mode 100755 index 0000000..e122b27 --- /dev/null +++ b/download-aws-cli.sh @@ -0,0 +1,8 @@ +#!/bin/sh + +set -xe + +TARGETARCH_ALT=$(echo "${TARGETARCH}" | sed s/arm64/aarch64/ | sed s/amd64/x86_64/) + +curl -L "https://awscli.amazonaws.com/awscli-exe-linux-${TARGETARCH_ALT}-${AWS_CLI_VERSION}.zip" -o /tmp/awscliv2.zip +unzip /tmp/awscliv2.zip diff --git a/kube-connect b/kube-connect deleted file mode 100644 index a66a6fc..0000000 --- a/kube-connect +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh - -kubectl config set-cluster default-cluster --server=$KUBE_URL --certificate-authority="$KUBE_CA_PEM_FILE" -kubectl config set-credentials default-admin --token=$KUBE_TOKEN -kubectl config set-context default-system --cluster=default-cluster --user=default-admin --namespace $KUBE_NAMESPACE -kubectl config use-context default-system