initial commit

2022-12-22 12:14:19 +01:00 · 2022-12-22 12:14:19 +01:00 · 7533f75f69
commit 7533f75f69
9 changed files with 343 additions and 0 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -0,0 +1,160 @@
 ---
 kind: pipeline
 name: test
 platform:
  os: linux
  arch: amd64
 steps:
  - name: markdownlint
    image: thegeeklab/markdownlint-cli
    commands:
      - markdownlint 'README.md'
 trigger:
  ref:
    - refs/heads/main
    - refs/tags/**
    - refs/pull/**
 ---
 kind: pipeline
 name: build-container
 platform:
  os: linux
  arch: amd64
 steps:
  - name: tags
    image: thegeeklab/docker-autotag
    environment:
      DOCKER_AUTOTAG_FORCE_LATEST: True
      DOCKER_AUTOTAG_IGNORE_PRERELEASE: True
      DOCKER_AUTOTAG_OUTPUT_FILE: .tags
      DOCKER_AUTOTAG_VERSION: ${DRONE_TAG}
  - name: dryrun
    image: thegeeklab/drone-docker-buildx:20
    settings:
      dockerfile: Dockerfile
      dry_run: true
      repo: thegeeklab/${DRONE_REPO_NAME}
    when:
      ref:
        - refs/pull/**
    depends_on:
      - tags
  - name: publish-dockerhub
    image: thegeeklab/drone-docker-buildx:20
    settings:
      dockerfile: Dockerfile
      password:
        from_secret: docker_password
      repo: thegeeklab/${DRONE_REPO_NAME}
      username:
        from_secret: docker_username
    when:
      ref:
        - refs/heads/main
        - refs/tags/**
    depends_on:
      - tags
  - name: publish-quay
    image: thegeeklab/drone-docker-buildx:20
    settings:
      dockerfile: Dockerfile
      password:
        from_secret: quay_password
      registry: quay.io
      repo: quay.io/thegeeklab/${DRONE_REPO_NAME}
      username:
        from_secret: quay_username
    when:
      ref:
        - refs/heads/main
        - refs/tags/**
    depends_on:
      - tags
 trigger:
  ref:
    - refs/heads/main
    - refs/tags/**
    - refs/pull/**
 depends_on:
  - test
 ---
 kind: pipeline
 name: notifications
 platform:
  os: linux
  arch: amd64
 steps:
  - name: pushrm-dockerhub
    pull: always
    image: chko/docker-pushrm:1
    environment:
      DOCKER_PASS:
        from_secret: docker_password
      DOCKER_USER:
        from_secret: docker_username
      PUSHRM_FILE: README.md
      PUSHRM_SHORT: Custom Alpine image including a Kubernetes toolset
      PUSHRM_TARGET: thegeeklab/${DRONE_REPO_NAME}
    when:
      status:
        - success
  - name: pushrm-quay
    pull: always
    image: chko/docker-pushrm:1
    environment:
      APIKEY__QUAY_IO:
        from_secret: quay_token
      PUSHRM_FILE: README.md
      PUSHRM_TARGET: quay.io/thegeeklab/${DRONE_REPO_NAME}
    when:
      status:
        - success
  - name: matrix
    image: thegeeklab/drone-matrix
    settings:
      homeserver:
        from_secret: matrix_homeserver
      password:
        from_secret: matrix_password
      roomid:
        from_secret: matrix_roomid
      template: "Status: **{{ build.Status }}**<br/> Build: [{{ repo.Owner }}/{{ repo.Name }}]({{ build.Link }}){{#if build.Branch}} ({{ build.Branch }}){{/if}} by {{ commit.Author }}<br/> Message: {{ commit.Message.Title }}"
      username:
        from_secret: matrix_username
    when:
      status:
        - success
        - failure
 trigger:
  ref:
    - refs/heads/main
    - refs/tags/**
  status:
    - success
    - failure
 depends_on:
  - build-container
 ---
 kind: signature
 hmac: a2b36e194a5eaeb50151d20ef90bcfd12a643b7c6bbe3dc95595443ed2efcf19
 ...
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
 CHANGELOG.md
--- a/.markdownlint.yml
+++ b/.markdownlint.yml
@ -0,0 +1,6 @@
 ---
 default: True
 MD013: False
 MD041: False
 MD004:
  style: dash
--- a/.prettierignore
+++ b/.prettierignore
@ -0,0 +1,3 @@
 .drone.yml
 *.tpl.md
 LICENSE
--- a/50
+++ b/50
@ -0,0 +1,50 @@
 FROM alpine:3.17@sha256:8914eb54f968791faf6a8638949e480fef81e697984fba772b3976835194c6d4
 LABEL maintainer="Robert Kaussow <mail@thegeeklab.de>"
 LABEL org.opencontainers.image.authors="Robert Kaussow <mail@thegeeklab.de>"
 LABEL org.opencontainers.image.title="kube-tools"
 LABEL org.opencontainers.image.url="https://gitea.rknet.org/docker/kube-tools"
 LABEL org.opencontainers.image.source="https://gitea.rknet.org/docker/kube-tools"
 LABEL org.opencontainers.image.documentation="https://gitea.rknet.org/docker/kube-tools"
 ARG KUBECTL_VERSION
 ARG YQ_VERSION
 ARG HELM_VERSION
 ARG KUSTOMIZE_VERSION
 ARG KUBECONFORM_VERSION
 # renovate: datasource=github-releases depName=kubernetes/kubernetes
 ENV KUBECTL_VERSION="${KUBECTL_VERSION:-v1.25.3}"
 # renovate: datasource=github-releases depName=mikefarah/yq
 ENV YQ_VERSION="${YQ_VERSION:-v4.30.4}"
 # renovate: datasource=github-releases depName=helm/helm
 ENV HELM_VERSION="${HELM_VERSION:-v3.10.1}"
 # renovate: datasource=github-releases depName=kubernetes-sigs/kustomize
 ENV KUSTOMIZE_VERSION="${KUSTOMIZE_VERSION:-v4.1.2}"
 # renovate: datasource=github-releases depName=yannh/kubeconform
 ENV KUBECONFORM_VERSION="${KUBECONFORM_VERSION:-v0.4.14}"
 RUN apk --update add curl make tar git && \
    curl -SsfL -o /usr/local/bin/kubectl "https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl" && \
    curl -SsfL -o /usr/local/bin/kubectl-convert "https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl-convert" && \
    curl -SsfL -o /usr/local/bin/yq "https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_amd64" && \
    curl -SsfL "https://get.helm.sh/helm-${HELM_VERSION}-linux-amd64.tar.gz" \
        | tar xz --strip-components=1 -C /usr/local/bin linux-amd64/helm && \
    curl -SsfL "https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2F${KUSTOMIZE_VERSION}/kustomize_${KUSTOMIZE_VERSION}_linux_amd64.tar.gz" \
        | tar xz -C /usr/local/bin kustomize && \
    curl -SsfL "https://github.com/yannh/kubeconform/releases/download/${KUBECONFORM_VERSION}/kubeconform-linux-amd64.tar.gz" \
        | tar xz -C /usr/local/bin kubeconform && \
    chmod 755 /usr/local/bin/kubectl && \
    chmod 755 /usr/local/bin/kubectl-convert && \
    chmod 755 /usr/local/bin/yq && \
    chmod 755 /usr/local/bin/helm && \
    chmod 755 /usr/local/bin/kustomize && \
    chmod 755 /usr/local/bin/kubeconform && \
    rm -rf /var/cache/apk/* && \
    rm -rf /tmp/*
 ADD overlay/ /
 STOPSIGNAL SIGTERM
 CMD []
--- a/21
+++ b/21
@ -0,0 +1,21 @@
 MIT License
 Copyright (c) 2022 Robert Kaussow <mail@thegeeklab.de>
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
 in the Software without restriction, including without limitation the rights
 to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 copies of the Software, and to permit persons to whom the Software is furnished
 to do so, subject to the following conditions:
 The above copyright notice and this permission notice (including the next
 paragraph) shall be included in all copies or substantial portions of the
 Software.
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
 FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS
 OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
 WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF
 OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
--- a/README.md
+++ b/README.md
@ -0,0 +1,22 @@
 # alpine
 Custom Alpine image including a Kubernetes toolset
 [![Build Status](https://img.shields.io/drone/build/docker/kube-tools?logo=drone&server=https%3A%2F%2Fdrone.rknet.org)](https://drone.rknet.org/docker/kube-tools)
 [![Docker Hub](https://img.shields.io/badge/dockerhub-latest-blue.svg?logo=docker&logoColor=white)](https://hub.docker.com/r/thegeeklab/alpine)
 [![Quay.io](https://img.shields.io/badge/quay-latest-blue.svg?logo=docker&logoColor=white)](https://quay.io/repository/thegeeklab/alpine)
 [![Source: Gitea](https://img.shields.io/badge/source-gitea-blue.svg?logo=gitea&logoColor=white)](https://gitea.rknet.org/docker/kube-tools)
 [![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](https://gitea.rknet.org/docker/kube-tools/src/branch/main/LICENSE)
 Custom Alpine image including a Kubernetes toolset.
 **Included software:**
 - helm
 - kustomize
 - yq
 - kubeconform
 ## License
 This project is licensed under the MIT License - see the [LICENSE](https://gitea.rknet.org/docker/kube-tools/src/branch/main/LICENSE) file for details.
--- a/overlay/usr/local/bin/flux-validate
+++ b/overlay/usr/local/bin/flux-validate
@ -0,0 +1,70 @@
 #!/usr/bin/env bash
 # This script downloads the Flux OpenAPI schemas, then it validates the
 # Flux custom resources and the kustomize overlays using kubeconform.
 # This script is meant to be run locally and in CI before the changes
 # are merged on the main branch that's synced by Flux.
 # Copyright 2020 The Flux authors. All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # This script is meant to be run locally and in CI to validate the Kubernetes
 # manifests (including Flux custom resources) before changes are merged into
 # the branch synced by Flux in-cluster.
 set -o errexit
 KUSTOMIZE_FLAGS=("--load-restrictor=LoadRestrictionsNone")
 KUSTOMIZE_CONFIG="kustomization.yaml"
 FLUX_PATH="${1:-.}"
 printf "INFO - Downloading Flux OpenAPI schemas\n"
 mkdir -p /tmp/flux-crd-schemas/master-standalone-strict
 curl -sL https://github.com/fluxcd/flux2/releases/latest/download/crd-schemas.tar.gz | tar zxf - -C /tmp/flux-crd-schemas/master-standalone-strict
 find "${FLUX_PATH%/}" -type f -name '*.yaml' -print0 | while IFS= read -r -d $'\0' file; do
    printf "INFO - Validating %s\n" "$file"
    yq e 'true' "$file" >/dev/null
 done
 kubeconform_config=(
    "-strict"
    "-ignore-missing-schemas"
    "-schema-location" "default"
    "-schema-location" "/tmp/flux-crd-schemas"
    "-exit-on-error"
    "-summary"
    "-skip" "Secret"
 )
 printf "\nINFO - Validating clusters\n"
 find "${FLUX_PATH%/}/clusters" -maxdepth 2 -type f -name '*.yaml' -print0 | while IFS= read -r -d $'\0' file; do
    printf "INFO - Validating cluster file %s\n" "${file}"
    kubeconform "${kubeconform_config[@]}" "${file}"
    if [[ ${PIPESTATUS[0]} != 0 ]]; then
        exit 1
    fi
 done
 printf "\nINFO - Validating kustomize overlays\n"
 find "${FLUX_PATH%/}" -type f -name $KUSTOMIZE_CONFIG -print0 | while IFS= read -r -d $'\0' file; do
    printf "INFO - Validating kustomization %s\n" "${file/%$KUSTOMIZE_CONFIG/}"
    kustomize build "${file/%$KUSTOMIZE_CONFIG/}" "${KUSTOMIZE_FLAGS[@]}" |
        kubeconform "${kubeconform_config[@]}"
    echo
    if [[ ${PIPESTATUS[0]} != 0 ]]; then
        exit 1
    fi
 done
--- a/renovate.json
+++ b/renovate.json
@ -0,0 +1,10 @@
 {
  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
  "extends": ["github>thegeeklab/renovate-presets:docker"],
  "packageRules": [
    {
      "packageNames": ["kubernetes-sigs/kustomize"],
      "extractVersion": "^kustomize\\/(?<version>v\\d+\\.\\d+\\.\\d+)$"
    }
  ]
 }