From 7533f75f693acfc39571be026831a3fbde3e5790 Mon Sep 17 00:00:00 2001 From: Robert Kaussow Date: Thu, 22 Dec 2022 12:14:19 +0100 Subject: [PATCH] initial commit --- .drone.yml | 160 ++++++++++++++++++++++++++++ .gitignore | 1 + .markdownlint.yml | 6 ++ .prettierignore | 3 + Dockerfile | 50 +++++++++ LICENSE | 21 ++++ README.md | 22 ++++ overlay/usr/local/bin/flux-validate | 70 ++++++++++++ renovate.json | 10 ++ 9 files changed, 343 insertions(+) create mode 100644 .drone.yml create mode 100644 .gitignore create mode 100644 .markdownlint.yml create mode 100644 .prettierignore create mode 100644 Dockerfile create mode 100644 LICENSE create mode 100644 README.md create mode 100755 overlay/usr/local/bin/flux-validate create mode 100644 renovate.json diff --git a/.drone.yml b/.drone.yml new file mode 100644 index 0000000..1c34b50 --- /dev/null +++ b/.drone.yml @@ -0,0 +1,160 @@ +--- +kind: pipeline +name: test + +platform: + os: linux + arch: amd64 + +steps: + - name: markdownlint + image: thegeeklab/markdownlint-cli + commands: + - markdownlint 'README.md' + +trigger: + ref: + - refs/heads/main + - refs/tags/** + - refs/pull/** + +--- +kind: pipeline +name: build-container + +platform: + os: linux + arch: amd64 + +steps: + - name: tags + image: thegeeklab/docker-autotag + environment: + DOCKER_AUTOTAG_FORCE_LATEST: True + DOCKER_AUTOTAG_IGNORE_PRERELEASE: True + DOCKER_AUTOTAG_OUTPUT_FILE: .tags + DOCKER_AUTOTAG_VERSION: ${DRONE_TAG} + + - name: dryrun + image: thegeeklab/drone-docker-buildx:20 + settings: + dockerfile: Dockerfile + dry_run: true + repo: thegeeklab/${DRONE_REPO_NAME} + when: + ref: + - refs/pull/** + depends_on: + - tags + + - name: publish-dockerhub + image: thegeeklab/drone-docker-buildx:20 + settings: + dockerfile: Dockerfile + password: + from_secret: docker_password + repo: thegeeklab/${DRONE_REPO_NAME} + username: + from_secret: docker_username + when: + ref: + - refs/heads/main + - refs/tags/** + depends_on: + - tags + + - name: publish-quay + image: thegeeklab/drone-docker-buildx:20 + settings: + dockerfile: Dockerfile + password: + from_secret: quay_password + registry: quay.io + repo: quay.io/thegeeklab/${DRONE_REPO_NAME} + username: + from_secret: quay_username + when: + ref: + - refs/heads/main + - refs/tags/** + depends_on: + - tags + +trigger: + ref: + - refs/heads/main + - refs/tags/** + - refs/pull/** + +depends_on: + - test + +--- +kind: pipeline +name: notifications + +platform: + os: linux + arch: amd64 + +steps: + - name: pushrm-dockerhub + pull: always + image: chko/docker-pushrm:1 + environment: + DOCKER_PASS: + from_secret: docker_password + DOCKER_USER: + from_secret: docker_username + PUSHRM_FILE: README.md + PUSHRM_SHORT: Custom Alpine image including a Kubernetes toolset + PUSHRM_TARGET: thegeeklab/${DRONE_REPO_NAME} + when: + status: + - success + + - name: pushrm-quay + pull: always + image: chko/docker-pushrm:1 + environment: + APIKEY__QUAY_IO: + from_secret: quay_token + PUSHRM_FILE: README.md + PUSHRM_TARGET: quay.io/thegeeklab/${DRONE_REPO_NAME} + when: + status: + - success + + - name: matrix + image: thegeeklab/drone-matrix + settings: + homeserver: + from_secret: matrix_homeserver + password: + from_secret: matrix_password + roomid: + from_secret: matrix_roomid + template: "Status: **{{ build.Status }}**
Build: [{{ repo.Owner }}/{{ repo.Name }}]({{ build.Link }}){{#if build.Branch}} ({{ build.Branch }}){{/if}} by {{ commit.Author }}
Message: {{ commit.Message.Title }}" + username: + from_secret: matrix_username + when: + status: + - success + - failure + +trigger: + ref: + - refs/heads/main + - refs/tags/** + status: + - success + - failure + +depends_on: + - build-container + +--- +kind: signature +hmac: a2b36e194a5eaeb50151d20ef90bcfd12a643b7c6bbe3dc95595443ed2efcf19 + +... diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..1b763b1 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +CHANGELOG.md diff --git a/.markdownlint.yml b/.markdownlint.yml new file mode 100644 index 0000000..b59a114 --- /dev/null +++ b/.markdownlint.yml @@ -0,0 +1,6 @@ +--- +default: True +MD013: False +MD041: False +MD004: + style: dash diff --git a/.prettierignore b/.prettierignore new file mode 100644 index 0000000..23a4f05 --- /dev/null +++ b/.prettierignore @@ -0,0 +1,3 @@ +.drone.yml +*.tpl.md +LICENSE diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..4bf6fcb --- /dev/null +++ b/Dockerfile @@ -0,0 +1,50 @@ +FROM alpine:3.17@sha256:8914eb54f968791faf6a8638949e480fef81e697984fba772b3976835194c6d4 + +LABEL maintainer="Robert Kaussow " +LABEL org.opencontainers.image.authors="Robert Kaussow " +LABEL org.opencontainers.image.title="kube-tools" +LABEL org.opencontainers.image.url="https://gitea.rknet.org/docker/kube-tools" +LABEL org.opencontainers.image.source="https://gitea.rknet.org/docker/kube-tools" +LABEL org.opencontainers.image.documentation="https://gitea.rknet.org/docker/kube-tools" + +ARG KUBECTL_VERSION +ARG YQ_VERSION +ARG HELM_VERSION +ARG KUSTOMIZE_VERSION +ARG KUBECONFORM_VERSION + +# renovate: datasource=github-releases depName=kubernetes/kubernetes +ENV KUBECTL_VERSION="${KUBECTL_VERSION:-v1.25.3}" +# renovate: datasource=github-releases depName=mikefarah/yq +ENV YQ_VERSION="${YQ_VERSION:-v4.30.4}" +# renovate: datasource=github-releases depName=helm/helm +ENV HELM_VERSION="${HELM_VERSION:-v3.10.1}" +# renovate: datasource=github-releases depName=kubernetes-sigs/kustomize +ENV KUSTOMIZE_VERSION="${KUSTOMIZE_VERSION:-v4.1.2}" +# renovate: datasource=github-releases depName=yannh/kubeconform +ENV KUBECONFORM_VERSION="${KUBECONFORM_VERSION:-v0.4.14}" + +RUN apk --update add curl make tar git && \ + curl -SsfL -o /usr/local/bin/kubectl "https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl" && \ + curl -SsfL -o /usr/local/bin/kubectl-convert "https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl-convert" && \ + curl -SsfL -o /usr/local/bin/yq "https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_amd64" && \ + curl -SsfL "https://get.helm.sh/helm-${HELM_VERSION}-linux-amd64.tar.gz" \ + | tar xz --strip-components=1 -C /usr/local/bin linux-amd64/helm && \ + curl -SsfL "https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2F${KUSTOMIZE_VERSION}/kustomize_${KUSTOMIZE_VERSION}_linux_amd64.tar.gz" \ + | tar xz -C /usr/local/bin kustomize && \ + curl -SsfL "https://github.com/yannh/kubeconform/releases/download/${KUBECONFORM_VERSION}/kubeconform-linux-amd64.tar.gz" \ + | tar xz -C /usr/local/bin kubeconform && \ + chmod 755 /usr/local/bin/kubectl && \ + chmod 755 /usr/local/bin/kubectl-convert && \ + chmod 755 /usr/local/bin/yq && \ + chmod 755 /usr/local/bin/helm && \ + chmod 755 /usr/local/bin/kustomize && \ + chmod 755 /usr/local/bin/kubeconform && \ + rm -rf /var/cache/apk/* && \ + rm -rf /tmp/* + +ADD overlay/ / + +STOPSIGNAL SIGTERM + +CMD [] diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..3812eb4 --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2022 Robert Kaussow + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is furnished +to do so, subject to the following conditions: + +The above copyright notice and this permission notice (including the next +paragraph) shall be included in all copies or substantial portions of the +Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS +FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS +OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, +WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF +OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/README.md b/README.md new file mode 100644 index 0000000..f348e24 --- /dev/null +++ b/README.md @@ -0,0 +1,22 @@ +# alpine + +Custom Alpine image including a Kubernetes toolset + +[![Build Status](https://img.shields.io/drone/build/docker/kube-tools?logo=drone&server=https%3A%2F%2Fdrone.rknet.org)](https://drone.rknet.org/docker/kube-tools) +[![Docker Hub](https://img.shields.io/badge/dockerhub-latest-blue.svg?logo=docker&logoColor=white)](https://hub.docker.com/r/thegeeklab/alpine) +[![Quay.io](https://img.shields.io/badge/quay-latest-blue.svg?logo=docker&logoColor=white)](https://quay.io/repository/thegeeklab/alpine) +[![Source: Gitea](https://img.shields.io/badge/source-gitea-blue.svg?logo=gitea&logoColor=white)](https://gitea.rknet.org/docker/kube-tools) +[![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](https://gitea.rknet.org/docker/kube-tools/src/branch/main/LICENSE) + +Custom Alpine image including a Kubernetes toolset. + +**Included software:** + +- helm +- kustomize +- yq +- kubeconform + +## License + +This project is licensed under the MIT License - see the [LICENSE](https://gitea.rknet.org/docker/kube-tools/src/branch/main/LICENSE) file for details. diff --git a/overlay/usr/local/bin/flux-validate b/overlay/usr/local/bin/flux-validate new file mode 100755 index 0000000..529febf --- /dev/null +++ b/overlay/usr/local/bin/flux-validate @@ -0,0 +1,70 @@ +#!/usr/bin/env bash + +# This script downloads the Flux OpenAPI schemas, then it validates the +# Flux custom resources and the kustomize overlays using kubeconform. +# This script is meant to be run locally and in CI before the changes +# are merged on the main branch that's synced by Flux. + +# Copyright 2020 The Flux authors. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This script is meant to be run locally and in CI to validate the Kubernetes +# manifests (including Flux custom resources) before changes are merged into +# the branch synced by Flux in-cluster. + +set -o errexit + +KUSTOMIZE_FLAGS=("--load-restrictor=LoadRestrictionsNone") +KUSTOMIZE_CONFIG="kustomization.yaml" + +FLUX_PATH="${1:-.}" + +printf "INFO - Downloading Flux OpenAPI schemas\n" +mkdir -p /tmp/flux-crd-schemas/master-standalone-strict +curl -sL https://github.com/fluxcd/flux2/releases/latest/download/crd-schemas.tar.gz | tar zxf - -C /tmp/flux-crd-schemas/master-standalone-strict + +find "${FLUX_PATH%/}" -type f -name '*.yaml' -print0 | while IFS= read -r -d $'\0' file; do + printf "INFO - Validating %s\n" "$file" + yq e 'true' "$file" >/dev/null +done + +kubeconform_config=( + "-strict" + "-ignore-missing-schemas" + "-schema-location" "default" + "-schema-location" "/tmp/flux-crd-schemas" + "-exit-on-error" + "-summary" + "-skip" "Secret" +) + +printf "\nINFO - Validating clusters\n" +find "${FLUX_PATH%/}/clusters" -maxdepth 2 -type f -name '*.yaml' -print0 | while IFS= read -r -d $'\0' file; do + printf "INFO - Validating cluster file %s\n" "${file}" + kubeconform "${kubeconform_config[@]}" "${file}" + if [[ ${PIPESTATUS[0]} != 0 ]]; then + exit 1 + fi +done + +printf "\nINFO - Validating kustomize overlays\n" +find "${FLUX_PATH%/}" -type f -name $KUSTOMIZE_CONFIG -print0 | while IFS= read -r -d $'\0' file; do + printf "INFO - Validating kustomization %s\n" "${file/%$KUSTOMIZE_CONFIG/}" + kustomize build "${file/%$KUSTOMIZE_CONFIG/}" "${KUSTOMIZE_FLAGS[@]}" | + kubeconform "${kubeconform_config[@]}" + echo + if [[ ${PIPESTATUS[0]} != 0 ]]; then + exit 1 + fi +done diff --git a/renovate.json b/renovate.json new file mode 100644 index 0000000..854e237 --- /dev/null +++ b/renovate.json @@ -0,0 +1,10 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": ["github>thegeeklab/renovate-presets:docker"], + "packageRules": [ + { + "packageNames": ["kubernetes-sigs/kustomize"], + "extractVersion": "^kustomize\\/(?v\\d+\\.\\d+\\.\\d+)$" + } + ] +}