commit 7533f75f693acfc39571be026831a3fbde3e5790 Author: Robert Kaussow Date: Thu Dec 22 12:14:19 2022 +0100 initial commit diff --git a/.drone.yml b/.drone.yml new file mode 100644 index 0000000..1c34b50 --- /dev/null +++ b/.drone.yml @@ -0,0 +1,160 @@ +--- +kind: pipeline +name: test + +platform: + os: linux + arch: amd64 + +steps: + - name: markdownlint + image: thegeeklab/markdownlint-cli + commands: + - markdownlint 'README.md' + +trigger: + ref: + - refs/heads/main + - refs/tags/** + - refs/pull/** + +--- +kind: pipeline +name: build-container + +platform: + os: linux + arch: amd64 + +steps: + - name: tags + image: thegeeklab/docker-autotag + environment: + DOCKER_AUTOTAG_FORCE_LATEST: True + DOCKER_AUTOTAG_IGNORE_PRERELEASE: True + DOCKER_AUTOTAG_OUTPUT_FILE: .tags + DOCKER_AUTOTAG_VERSION: ${DRONE_TAG} + + - name: dryrun + image: thegeeklab/drone-docker-buildx:20 + settings: + dockerfile: Dockerfile + dry_run: true + repo: thegeeklab/${DRONE_REPO_NAME} + when: + ref: + - refs/pull/** + depends_on: + - tags + + - name: publish-dockerhub + image: thegeeklab/drone-docker-buildx:20 + settings: + dockerfile: Dockerfile + password: + from_secret: docker_password + repo: thegeeklab/${DRONE_REPO_NAME} + username: + from_secret: docker_username + when: + ref: + - refs/heads/main + - refs/tags/** + depends_on: + - tags + + - name: publish-quay + image: thegeeklab/drone-docker-buildx:20 + settings: + dockerfile: Dockerfile + password: + from_secret: quay_password + registry: quay.io + repo: quay.io/thegeeklab/${DRONE_REPO_NAME} + username: + from_secret: quay_username + when: + ref: + - refs/heads/main + - refs/tags/** + depends_on: + - tags + +trigger: + ref: + - refs/heads/main + - refs/tags/** + - refs/pull/** + +depends_on: + - test + +--- +kind: pipeline +name: notifications + +platform: + os: linux + arch: amd64 + +steps: + - name: pushrm-dockerhub + pull: always + image: chko/docker-pushrm:1 + environment: + DOCKER_PASS: + from_secret: docker_password + DOCKER_USER: + from_secret: docker_username + PUSHRM_FILE: README.md + PUSHRM_SHORT: Custom Alpine image including a Kubernetes toolset + PUSHRM_TARGET: thegeeklab/${DRONE_REPO_NAME} + when: + status: + - success + + - name: pushrm-quay + pull: always + image: chko/docker-pushrm:1 + environment: + APIKEY__QUAY_IO: + from_secret: quay_token + PUSHRM_FILE: README.md + PUSHRM_TARGET: quay.io/thegeeklab/${DRONE_REPO_NAME} + when: + status: + - success + + - name: matrix + image: thegeeklab/drone-matrix + settings: + homeserver: + from_secret: matrix_homeserver + password: + from_secret: matrix_password + roomid: + from_secret: matrix_roomid + template: "Status: **{{ build.Status }}**
Build: [{{ repo.Owner }}/{{ repo.Name }}]({{ build.Link }}){{#if build.Branch}} ({{ build.Branch }}){{/if}} by {{ commit.Author }}
Message: {{ commit.Message.Title }}" + username: + from_secret: matrix_username + when: + status: + - success + - failure + +trigger: + ref: + - refs/heads/main + - refs/tags/** + status: + - success + - failure + +depends_on: + - build-container + +--- +kind: signature +hmac: a2b36e194a5eaeb50151d20ef90bcfd12a643b7c6bbe3dc95595443ed2efcf19 + +... diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..1b763b1 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +CHANGELOG.md diff --git a/.markdownlint.yml b/.markdownlint.yml new file mode 100644 index 0000000..b59a114 --- /dev/null +++ b/.markdownlint.yml @@ -0,0 +1,6 @@ +--- +default: True +MD013: False +MD041: False +MD004: + style: dash diff --git a/.prettierignore b/.prettierignore new file mode 100644 index 0000000..23a4f05 --- /dev/null +++ b/.prettierignore @@ -0,0 +1,3 @@ +.drone.yml +*.tpl.md +LICENSE diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..4bf6fcb --- /dev/null +++ b/Dockerfile @@ -0,0 +1,50 @@ +FROM alpine:3.17@sha256:8914eb54f968791faf6a8638949e480fef81e697984fba772b3976835194c6d4 + +LABEL maintainer="Robert Kaussow " +LABEL org.opencontainers.image.authors="Robert Kaussow " +LABEL org.opencontainers.image.title="kube-tools" +LABEL org.opencontainers.image.url="https://gitea.rknet.org/docker/kube-tools" +LABEL org.opencontainers.image.source="https://gitea.rknet.org/docker/kube-tools" +LABEL org.opencontainers.image.documentation="https://gitea.rknet.org/docker/kube-tools" + +ARG KUBECTL_VERSION +ARG YQ_VERSION +ARG HELM_VERSION +ARG KUSTOMIZE_VERSION +ARG KUBECONFORM_VERSION + +# renovate: datasource=github-releases depName=kubernetes/kubernetes +ENV KUBECTL_VERSION="${KUBECTL_VERSION:-v1.25.3}" +# renovate: datasource=github-releases depName=mikefarah/yq +ENV YQ_VERSION="${YQ_VERSION:-v4.30.4}" +# renovate: datasource=github-releases depName=helm/helm +ENV HELM_VERSION="${HELM_VERSION:-v3.10.1}" +# renovate: datasource=github-releases depName=kubernetes-sigs/kustomize +ENV KUSTOMIZE_VERSION="${KUSTOMIZE_VERSION:-v4.1.2}" +# renovate: datasource=github-releases depName=yannh/kubeconform +ENV KUBECONFORM_VERSION="${KUBECONFORM_VERSION:-v0.4.14}" + +RUN apk --update add curl make tar git && \ + curl -SsfL -o /usr/local/bin/kubectl "https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl" && \ + curl -SsfL -o /usr/local/bin/kubectl-convert "https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl-convert" && \ + curl -SsfL -o /usr/local/bin/yq "https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_amd64" && \ + curl -SsfL "https://get.helm.sh/helm-${HELM_VERSION}-linux-amd64.tar.gz" \ + | tar xz --strip-components=1 -C /usr/local/bin linux-amd64/helm && \ + curl -SsfL "https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2F${KUSTOMIZE_VERSION}/kustomize_${KUSTOMIZE_VERSION}_linux_amd64.tar.gz" \ + | tar xz -C /usr/local/bin kustomize && \ + curl -SsfL "https://github.com/yannh/kubeconform/releases/download/${KUBECONFORM_VERSION}/kubeconform-linux-amd64.tar.gz" \ + | tar xz -C /usr/local/bin kubeconform && \ + chmod 755 /usr/local/bin/kubectl && \ + chmod 755 /usr/local/bin/kubectl-convert && \ + chmod 755 /usr/local/bin/yq && \ + chmod 755 /usr/local/bin/helm && \ + chmod 755 /usr/local/bin/kustomize && \ + chmod 755 /usr/local/bin/kubeconform && \ + rm -rf /var/cache/apk/* && \ + rm -rf /tmp/* + +ADD overlay/ / + +STOPSIGNAL SIGTERM + +CMD [] diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..3812eb4 --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2022 Robert Kaussow + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is furnished +to do so, subject to the following conditions: + +The above copyright notice and this permission notice (including the next +paragraph) shall be included in all copies or substantial portions of the +Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS +FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS +OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, +WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF +OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/README.md b/README.md new file mode 100644 index 0000000..f348e24 --- /dev/null +++ b/README.md @@ -0,0 +1,22 @@ +# alpine + +Custom Alpine image including a Kubernetes toolset + +[![Build Status](https://img.shields.io/drone/build/docker/kube-tools?logo=drone&server=https%3A%2F%2Fdrone.rknet.org)](https://drone.rknet.org/docker/kube-tools) +[![Docker Hub](https://img.shields.io/badge/dockerhub-latest-blue.svg?logo=docker&logoColor=white)](https://hub.docker.com/r/thegeeklab/alpine) +[![Quay.io](https://img.shields.io/badge/quay-latest-blue.svg?logo=docker&logoColor=white)](https://quay.io/repository/thegeeklab/alpine) +[![Source: Gitea](https://img.shields.io/badge/source-gitea-blue.svg?logo=gitea&logoColor=white)](https://gitea.rknet.org/docker/kube-tools) +[![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](https://gitea.rknet.org/docker/kube-tools/src/branch/main/LICENSE) + +Custom Alpine image including a Kubernetes toolset. + +**Included software:** + +- helm +- kustomize +- yq +- kubeconform + +## License + +This project is licensed under the MIT License - see the [LICENSE](https://gitea.rknet.org/docker/kube-tools/src/branch/main/LICENSE) file for details. diff --git a/overlay/usr/local/bin/flux-validate b/overlay/usr/local/bin/flux-validate new file mode 100755 index 0000000..529febf --- /dev/null +++ b/overlay/usr/local/bin/flux-validate @@ -0,0 +1,70 @@ +#!/usr/bin/env bash + +# This script downloads the Flux OpenAPI schemas, then it validates the +# Flux custom resources and the kustomize overlays using kubeconform. +# This script is meant to be run locally and in CI before the changes +# are merged on the main branch that's synced by Flux. + +# Copyright 2020 The Flux authors. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This script is meant to be run locally and in CI to validate the Kubernetes +# manifests (including Flux custom resources) before changes are merged into +# the branch synced by Flux in-cluster. + +set -o errexit + +KUSTOMIZE_FLAGS=("--load-restrictor=LoadRestrictionsNone") +KUSTOMIZE_CONFIG="kustomization.yaml" + +FLUX_PATH="${1:-.}" + +printf "INFO - Downloading Flux OpenAPI schemas\n" +mkdir -p /tmp/flux-crd-schemas/master-standalone-strict +curl -sL https://github.com/fluxcd/flux2/releases/latest/download/crd-schemas.tar.gz | tar zxf - -C /tmp/flux-crd-schemas/master-standalone-strict + +find "${FLUX_PATH%/}" -type f -name '*.yaml' -print0 | while IFS= read -r -d $'\0' file; do + printf "INFO - Validating %s\n" "$file" + yq e 'true' "$file" >/dev/null +done + +kubeconform_config=( + "-strict" + "-ignore-missing-schemas" + "-schema-location" "default" + "-schema-location" "/tmp/flux-crd-schemas" + "-exit-on-error" + "-summary" + "-skip" "Secret" +) + +printf "\nINFO - Validating clusters\n" +find "${FLUX_PATH%/}/clusters" -maxdepth 2 -type f -name '*.yaml' -print0 | while IFS= read -r -d $'\0' file; do + printf "INFO - Validating cluster file %s\n" "${file}" + kubeconform "${kubeconform_config[@]}" "${file}" + if [[ ${PIPESTATUS[0]} != 0 ]]; then + exit 1 + fi +done + +printf "\nINFO - Validating kustomize overlays\n" +find "${FLUX_PATH%/}" -type f -name $KUSTOMIZE_CONFIG -print0 | while IFS= read -r -d $'\0' file; do + printf "INFO - Validating kustomization %s\n" "${file/%$KUSTOMIZE_CONFIG/}" + kustomize build "${file/%$KUSTOMIZE_CONFIG/}" "${KUSTOMIZE_FLAGS[@]}" | + kubeconform "${kubeconform_config[@]}" + echo + if [[ ${PIPESTATUS[0]} != 0 ]]; then + exit 1 + fi +done diff --git a/renovate.json b/renovate.json new file mode 100644 index 0000000..854e237 --- /dev/null +++ b/renovate.json @@ -0,0 +1,10 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": ["github>thegeeklab/renovate-presets:docker"], + "packageRules": [ + { + "packageNames": ["kubernetes-sigs/kustomize"], + "extractVersion": "^kustomize\\/(?v\\d+\\.\\d+\\.\\d+)$" + } + ] +}