From 0ffa860bd8eaa48dd6d8cbbc01699b30d12a9c4a Mon Sep 17 00:00:00 2001 From: Haitao Pan Date: Thu, 9 Mar 2023 11:04:12 +0800 Subject: [PATCH] update all images registry --- .github/workflows/alpine-awscli-python3.yaml | 2 +- .github/workflows/alpine-awscli.yaml | 2 +- .github/workflows/alpine-glibc.yaml | 2 +- .github/workflows/alpine-with-custom-ca.yaml | 2 +- .github/workflows/chart-builder-alpine.yaml | 2 +- .../{fluxcd => }/flux-cli-image.yaml | 2 +- .../flux-helm-controller-image.yaml | 2 +- .../flux-image-automation-controller.yaml | 2 +- .../flux-image-reflector-controller.yaml | 2 +- .../flux-kustomize-controller-image.yaml | 2 +- .../flux-notification-controller-image.yaml | 0 .../flux-source-controller-image.yaml | 0 ...-custom.yaml => terraform-aws-finops.yaml} | 14 +++--- .github/workflows/terraform-aws.yaml | 10 ++-- .../image-builder-alpine/Dockerfile | 5 +- .../flux-kustomize-controller.Dockerfile | 2 +- .../flux-notification-controller.Dockerfile | 2 +- oci/hugo/Dockerfile | 2 +- oci/iac-runner/pulumi-alicloud/Dockerfile | 2 +- oci/iac-runner/pulumi-aws/Dockerfile | 2 +- oci/iac-runner/terraform-alicloud/Dockerfile | 2 +- .../terraform-aws-custom/Dockerfile | 32 ------------- .../.terraformrc | 0 .../terraform-aws-finops/Dockerfile | 38 +++++++++++++++ .../Makefile | 0 .../main.tf | 0 .../repositories | 0 oci/iac-runner/terraform-aws/Dockerfile | 48 ++++++++----------- 28 files changed, 89 insertions(+), 90 deletions(-) rename .github/workflows/{fluxcd => }/flux-cli-image.yaml (94%) rename .github/workflows/{fluxcd => }/flux-helm-controller-image.yaml (93%) rename .github/workflows/{fluxcd => }/flux-image-automation-controller.yaml (92%) rename .github/workflows/{fluxcd => }/flux-image-reflector-controller.yaml (93%) rename .github/workflows/{fluxcd => }/flux-kustomize-controller-image.yaml (93%) rename .github/workflows/{fluxcd => }/flux-notification-controller-image.yaml (100%) rename .github/workflows/{fluxcd => }/flux-source-controller-image.yaml (100%) rename .github/workflows/{terraform-aws-custom.yaml => terraform-aws-finops.yaml} (53%) delete mode 100644 oci/iac-runner/terraform-aws-custom/Dockerfile rename oci/iac-runner/{terraform-aws => terraform-aws-finops}/.terraformrc (100%) create mode 100644 oci/iac-runner/terraform-aws-finops/Dockerfile rename oci/iac-runner/{terraform-aws => terraform-aws-finops}/Makefile (100%) rename oci/iac-runner/{terraform-aws => terraform-aws-finops}/main.tf (100%) rename oci/iac-runner/{terraform-aws => terraform-aws-finops}/repositories (100%) diff --git a/.github/workflows/alpine-awscli-python3.yaml b/.github/workflows/alpine-awscli-python3.yaml index 1836145..a02d79d 100644 --- a/.github/workflows/alpine-awscli-python3.yaml +++ b/.github/workflows/alpine-awscli-python3.yaml @@ -23,7 +23,7 @@ jobs: password: ${{ secrets.HELM_REPO_PASSWORD }} path: 'oci/base/alpine-awscli-python3' build_file: 'Dockerfile' - image: k8s/alpine-awscli-python3 + image: public/alpine-awscli-python3 tag: latest cache: true cache_registry: cache diff --git a/.github/workflows/alpine-awscli.yaml b/.github/workflows/alpine-awscli.yaml index 3595370..2a50776 100644 --- a/.github/workflows/alpine-awscli.yaml +++ b/.github/workflows/alpine-awscli.yaml @@ -23,7 +23,7 @@ jobs: password: ${{ secrets.HELM_REPO_PASSWORD }} path: 'oci/base/alpine-awscli' build_file: 'Dockerfile' - image: k8s/alpine-awscli + image: public/alpine-awscli tag: 2.6.1 cache: true cache_registry: cache diff --git a/.github/workflows/alpine-glibc.yaml b/.github/workflows/alpine-glibc.yaml index 311e2e0..88a3eb5 100644 --- a/.github/workflows/alpine-glibc.yaml +++ b/.github/workflows/alpine-glibc.yaml @@ -23,7 +23,7 @@ jobs: password: ${{ secrets.HELM_REPO_PASSWORD }} path: 'oci/base/alpine-glibc' build_file: 'Dockerfile' - image: k8s/alpine-glibc + image: public/alpine-glibc tag: 2.34 cache: true cache_registry: cache diff --git a/.github/workflows/alpine-with-custom-ca.yaml b/.github/workflows/alpine-with-custom-ca.yaml index ed3ce39..d568f3b 100644 --- a/.github/workflows/alpine-with-custom-ca.yaml +++ b/.github/workflows/alpine-with-custom-ca.yaml @@ -23,7 +23,7 @@ jobs: password: ${{ secrets.HELM_REPO_PASSWORD }} path: './oci/base/alpine' build_file: 'Dockerfile' - image: k8s/alpine-ca + image: public/alpine-ca tag: latest cache: true cache_registry: cache diff --git a/.github/workflows/chart-builder-alpine.yaml b/.github/workflows/chart-builder-alpine.yaml index 4e1c612..a729054 100644 --- a/.github/workflows/chart-builder-alpine.yaml +++ b/.github/workflows/chart-builder-alpine.yaml @@ -26,7 +26,7 @@ jobs: password: ${{ secrets.HELM_REPO_PASSWORD }} path: 'oci/app-runner/chart-builder-alpine/' build_file: 'Dockerfile' - image: devops/chart-builder-alpine + image: public/chart-builder-alpine tag: latest cache: false cache_registry: cache diff --git a/.github/workflows/fluxcd/flux-cli-image.yaml b/.github/workflows/flux-cli-image.yaml similarity index 94% rename from .github/workflows/fluxcd/flux-cli-image.yaml rename to .github/workflows/flux-cli-image.yaml index 5e839a6..a001ded 100644 --- a/.github/workflows/fluxcd/flux-cli-image.yaml +++ b/.github/workflows/flux-cli-image.yaml @@ -22,7 +22,7 @@ jobs: username: admin password: ${{ secrets.HELM_REPO_PASSWORD }} build_file: fluxcd/flux-cli.Dockerfile - image: k8s/fluxcd/flux-cli + image: public/fluxcd/flux-cli tag: v0.31.3 cache: true cache_registry: cache diff --git a/.github/workflows/fluxcd/flux-helm-controller-image.yaml b/.github/workflows/flux-helm-controller-image.yaml similarity index 93% rename from .github/workflows/fluxcd/flux-helm-controller-image.yaml rename to .github/workflows/flux-helm-controller-image.yaml index 7deb69f..713ff13 100644 --- a/.github/workflows/fluxcd/flux-helm-controller-image.yaml +++ b/.github/workflows/flux-helm-controller-image.yaml @@ -22,7 +22,7 @@ jobs: username: admin password: ${{ secrets.HELM_REPO_PASSWORD }} build_file: fluxcd/flux-helm-controller.Dockerfile - image: k8s/fluxcd/helm-controller + image: public/fluxcd/helm-controller tag: v0.22.1 cache: true cache_registry: cache diff --git a/.github/workflows/fluxcd/flux-image-automation-controller.yaml b/.github/workflows/flux-image-automation-controller.yaml similarity index 92% rename from .github/workflows/fluxcd/flux-image-automation-controller.yaml rename to .github/workflows/flux-image-automation-controller.yaml index f6c3173..e62cf1b 100644 --- a/.github/workflows/fluxcd/flux-image-automation-controller.yaml +++ b/.github/workflows/flux-image-automation-controller.yaml @@ -22,7 +22,7 @@ jobs: username: admin password: ${{ secrets.HELM_REPO_PASSWORD }} build_file: fluxcd/flux-image-automation-controller.Dockerfile - image: k8s/fluxcd/image-automation-controller + image: public/fluxcd/image-automation-controller tag: v0.23.4 cache: true cache_registry: cache diff --git a/.github/workflows/fluxcd/flux-image-reflector-controller.yaml b/.github/workflows/flux-image-reflector-controller.yaml similarity index 93% rename from .github/workflows/fluxcd/flux-image-reflector-controller.yaml rename to .github/workflows/flux-image-reflector-controller.yaml index 82438ba..e1784e9 100644 --- a/.github/workflows/fluxcd/flux-image-reflector-controller.yaml +++ b/.github/workflows/flux-image-reflector-controller.yaml @@ -22,7 +22,7 @@ jobs: username: admin password: ${{ secrets.HELM_REPO_PASSWORD }} build_file: fluxcd/flux-image-reflector-controller.Dockerfile - image: k8s/fluxcd/image-reflector-controller + image: public/fluxcd/image-reflector-controller tag: v0.19.2 cache: true cache_registry: cache diff --git a/.github/workflows/fluxcd/flux-kustomize-controller-image.yaml b/.github/workflows/flux-kustomize-controller-image.yaml similarity index 93% rename from .github/workflows/fluxcd/flux-kustomize-controller-image.yaml rename to .github/workflows/flux-kustomize-controller-image.yaml index 155f40d..e51362e 100644 --- a/.github/workflows/fluxcd/flux-kustomize-controller-image.yaml +++ b/.github/workflows/flux-kustomize-controller-image.yaml @@ -22,7 +22,7 @@ jobs: username: admin password: ${{ secrets.HELM_REPO_PASSWORD }} build_file: fluxcd/flux-kustomize-controller.Dockerfile - image: k8s/fluxcd/kustomize-controller + image: public/fluxcd/kustomize-controller tag: v0.26.2 cache: true cache_registry: cache diff --git a/.github/workflows/fluxcd/flux-notification-controller-image.yaml b/.github/workflows/flux-notification-controller-image.yaml similarity index 100% rename from .github/workflows/fluxcd/flux-notification-controller-image.yaml rename to .github/workflows/flux-notification-controller-image.yaml diff --git a/.github/workflows/fluxcd/flux-source-controller-image.yaml b/.github/workflows/flux-source-controller-image.yaml similarity index 100% rename from .github/workflows/fluxcd/flux-source-controller-image.yaml rename to .github/workflows/flux-source-controller-image.yaml diff --git a/.github/workflows/terraform-aws-custom.yaml b/.github/workflows/terraform-aws-finops.yaml similarity index 53% rename from .github/workflows/terraform-aws-custom.yaml rename to .github/workflows/terraform-aws-finops.yaml index 3304797..124c430 100644 --- a/.github/workflows/terraform-aws-custom.yaml +++ b/.github/workflows/terraform-aws-finops.yaml @@ -1,10 +1,12 @@ -name: Build & push ci runner terraform for aws custom image +name: Build & push ci runner terraform for aws image on: pull_request: push: paths: - - '.github/workflows/terraform-aws-custom.yaml' - - 'oci/iac-runner/terraform-aws-custom/Dockerfile' + - 'oci/iac-runner/terraform-aws-finops/main.tf' + - 'oci/iac-runner/terraform-aws-finops/Dockerfile' + - 'oci/iac-runner/terraform-aws-finops/.terraformrc' + - '.github/workflows/terraform-aws-finops.yaml' branches: - main @@ -15,15 +17,15 @@ jobs: steps: - uses: actions/checkout@master - - name: 'Artifact: build && push terraform for aws custom image' + - name: 'Artifact: build && push terraform for aws image' uses: aevea/action-kaniko@master with: registry: artifact.onwalk.net username: admin password: ${{ secrets.HELM_REPO_PASSWORD }} - path: 'oci/iac-runner/terraform-aws-custom/' + path: 'oci/iac-runner/terraform-aws-finops/' build_file: 'Dockerfile' - image: devops/terraform-aws + image: public/terraform-aws tag: latest cache: true cache_registry: cache diff --git a/.github/workflows/terraform-aws.yaml b/.github/workflows/terraform-aws.yaml index 02ed766..e5fa055 100644 --- a/.github/workflows/terraform-aws.yaml +++ b/.github/workflows/terraform-aws.yaml @@ -1,12 +1,10 @@ -name: Build & push ci runner terraform for aws image +name: Build & push ci runner terraform for aws custom image on: pull_request: push: paths: - - 'oci/iac-runner/terraform-aws/main.tf' - - 'oci/iac-runner/terraform-aws/Dockerfile' - - 'oci/iac-runner/terraform-aws/.terraformrc' - '.github/workflows/terraform-aws.yaml' + - 'oci/iac-runner/terraform-aws/Dockerfile' branches: - main @@ -17,7 +15,7 @@ jobs: steps: - uses: actions/checkout@master - - name: 'Artifact: build && push terraform for aws image' + - name: 'Artifact: build && push terraform for aws custom image' uses: aevea/action-kaniko@master with: registry: artifact.onwalk.net @@ -25,7 +23,7 @@ jobs: password: ${{ secrets.HELM_REPO_PASSWORD }} path: 'oci/iac-runner/terraform-aws/' build_file: 'Dockerfile' - image: devops/terraform-aws + image: public/terraform-aws tag: latest cache: true cache_registry: cache diff --git a/oci/app-runner/image-builder-alpine/Dockerfile b/oci/app-runner/image-builder-alpine/Dockerfile index 17f94ee..0e0aa7c 100644 --- a/oci/app-runner/image-builder-alpine/Dockerfile +++ b/oci/app-runner/image-builder-alpine/Dockerfile @@ -1,6 +1,5 @@ FROM gcr.io/kaniko-project/executor:debug AS kaniko FROM artifact.onwalk.net/k8s/alpine-glibc:2.34 AS prod -MAINTAINER shenlan xz@onwalk.net ENV PATH $PATH:/usr/local/bin:/kaniko ENV DOCKER_CONFIG /kaniko/.docker/ @@ -16,8 +15,8 @@ RUN apk --update add \ COPY --from=kaniko /etc/nsswitch.conf /etc/nsswitch.conf COPY --from=kaniko /kaniko/executor /kaniko/executor - # add jfrog cli -RUN curl -Lo /usr/bin/jf https://mirrors.onwalk.net/tools/linux-amd64/jf && chmod +x /usr/bin/jf +RUN curl -Lo /usr/bin/jf https://mirrors.onwalk.net/tools/linux-amd64/jf +RUN chmod +x /usr/bin/jf CMD ["/bin/sh"] diff --git a/oci/fluxcd/flux-kustomize-controller.Dockerfile b/oci/fluxcd/flux-kustomize-controller.Dockerfile index 2a4cee5..ba1a80d 100644 --- a/oci/fluxcd/flux-kustomize-controller.Dockerfile +++ b/oci/fluxcd/flux-kustomize-controller.Dockerfile @@ -1,6 +1,6 @@ FROM ghcr.io/fluxcd/kustomize-controller:v0.26.2 as build -FROM artifact.onwalk.net/k8s/alpine-ca:3.13 as prod +FROM artifact.onwalk.net/public/alpine-ca:3.13 as prod RUN apk add --no-cache ca-certificates tini git openssh-client && apk add --no-cache gnupg --repository=https://dl-cdn.alpinelinux.org/alpine/edge/main diff --git a/oci/fluxcd/flux-notification-controller.Dockerfile b/oci/fluxcd/flux-notification-controller.Dockerfile index 86b94ff..0a928d6 100644 --- a/oci/fluxcd/flux-notification-controller.Dockerfile +++ b/oci/fluxcd/flux-notification-controller.Dockerfile @@ -1,6 +1,6 @@ FROM ghcr.io/fluxcd/notification-controller:v0.24.0 as build -FROM artifact.onwalk.net/k8s/alpine-ca:3.13 as prod +FROM artifact.onwalk.net/public/alpine-ca:3.13 as prod LABEL org.opencontainers.image.source="https://github.com/fluxcd/notification-controller" RUN apk add --no-cache ca-certificates tini diff --git a/oci/hugo/Dockerfile b/oci/hugo/Dockerfile index e783efd..b3a01e8 100644 --- a/oci/hugo/Dockerfile +++ b/oci/hugo/Dockerfile @@ -1,4 +1,4 @@ -FROM artifact.onwalk.net/k8s/alpine-glibc:2.34 as prod +FROM artifact.onwalk.net/public/alpine-glibc:2.34 as prod ENV HUGO_VERSION 0.59.1 ENV HUGO_BINARY hugo_extended_${HUGO_VERSION}_Linux-64bit.tar.gz diff --git a/oci/iac-runner/pulumi-alicloud/Dockerfile b/oci/iac-runner/pulumi-alicloud/Dockerfile index 4d0f406..5a47eb2 100644 --- a/oci/iac-runner/pulumi-alicloud/Dockerfile +++ b/oci/iac-runner/pulumi-alicloud/Dockerfile @@ -3,7 +3,7 @@ FROM infracost/infracost:latest as finops FROM hashicorp/terraform:latest as builder # Build IAC Runner -FROM artifact.onwalk.net/k8s/alpine-glibc:2.34 as prod +FROM artifact.onwalk.net/public/alpine-glibc:2.34 as prod LABEL maintainer="Haitao Pan " ARG AWSCLI_VERSION=2.6.1 diff --git a/oci/iac-runner/pulumi-aws/Dockerfile b/oci/iac-runner/pulumi-aws/Dockerfile index a09210b..667ec98 100644 --- a/oci/iac-runner/pulumi-aws/Dockerfile +++ b/oci/iac-runner/pulumi-aws/Dockerfile @@ -11,7 +11,7 @@ RUN apt-get update -y && \ RUN curl -fsSL https://get.pulumi.com/ | bash -s -- --version $PULUMI_VERSION -FROM artifact.onwalk.net/k8s/alpine-glibc:2.34 as prod +FROM artifact.onwalk.net/public/alpine-glibc:2.34 as prod LABEL maintainer="Haitao Pan " ENV PATH "/pulumi/bin:${PATH}" diff --git a/oci/iac-runner/terraform-alicloud/Dockerfile b/oci/iac-runner/terraform-alicloud/Dockerfile index 0c22a8e..1f96761 100644 --- a/oci/iac-runner/terraform-alicloud/Dockerfile +++ b/oci/iac-runner/terraform-alicloud/Dockerfile @@ -2,7 +2,7 @@ FROM hashicorp/terraform:latest as builder FROM infracost/infracost:latest as finops # Build IAC Runner -FROM artifact.onwalk.net/k8s/alpine-glibc-awscli:2.6.1 as prod +FROM artifact.onwalk.net/public/alpine-glibc-awscli:2.6.1 as prod LABEL maintainer="Haitao Pan " ARG AWSCLI_VERSION=2.6.1 diff --git a/oci/iac-runner/terraform-aws-custom/Dockerfile b/oci/iac-runner/terraform-aws-custom/Dockerfile deleted file mode 100644 index dea05fa..0000000 --- a/oci/iac-runner/terraform-aws-custom/Dockerfile +++ /dev/null @@ -1,32 +0,0 @@ -#FROM infracost/infracost:latest as finops -FROM artifact.onwalk.net/devops/terraform:latest as builder - -# Build IAC Runner -FROM artifact.onwalk.net/k8s/alpine-awscli-python3:latest as prod - -ENV KUBECTL_VERSION=1.19.3 - -COPY --from=builder /bin/terraform /bin/ - -# install kubectl in apline -RUN wget -O /usr/local/bin/kubectl https://storage.googleapis.com/kubernetes-release/release/v${KUBECTL_VERSION}/bin/linux/amd64/kubectl && chmod +x /usr/local/bin/kubectl - -# make terraform plugin cache -RUN mkdir -p $HOME/.terraform.d/plugins -RUN echo $'\ -provider "aws" {} \n\ -provider "tls" {}\n\ -provider "null" {}\n\ -provider "template" {}' >> /tmp/provider-cache.tf -RUN cd /tmp && terraform init && mv .terraform/providers/* $HOME/.terraform.d/plugins && rm -rf .terraform && rm -rf provider-cache.tf -# config terraform cli -# ENV TF_CLI_ARGS_init="-plugin-dir=$HOME/.terraform.d/plugins" - -# install python3 -# RUN apk --no-cache add python3 py3-pip - -# packages for eks-environment/kubernetes/addon.sh -RUN pip install --upgrade pip --user && \ - pip install pyyaml - -ENTRYPOINT ["/bin/sh", "-c"] diff --git a/oci/iac-runner/terraform-aws/.terraformrc b/oci/iac-runner/terraform-aws-finops/.terraformrc similarity index 100% rename from oci/iac-runner/terraform-aws/.terraformrc rename to oci/iac-runner/terraform-aws-finops/.terraformrc diff --git a/oci/iac-runner/terraform-aws-finops/Dockerfile b/oci/iac-runner/terraform-aws-finops/Dockerfile new file mode 100644 index 0000000..ec9c695 --- /dev/null +++ b/oci/iac-runner/terraform-aws-finops/Dockerfile @@ -0,0 +1,38 @@ +FROM hashicorp/terraform:latest as builder +FROM infracost/infracost:latest as finops + +# Build IAC Runner +FROM artifact.onwalk.net/public/alpine-awscli:2.6.1 as prod +LABEL maintainer="Haitao Pan " + +ENV KUBECTL_VERSION=1.19.3 + +RUN apk add --update --no-cache ca-certificates openssl openssh-client git bash wget make curl jq unzip zip python3 py3-pip && \ + pip3 install --upgrade pip --user && \ + pip3 install jinja2 hvac python-hcl2 pyyaml && \ + wget https://mirrors.onwalk.net/tools/linux-amd64/gauth.tar.gz && tar -xvpf gauth.tar.gz -C /usr/bin/ && chmod 755 /usr/bin/gauth && \ + wget -O /usr/bin/kubectl https://storage.googleapis.com/kubernetes-release/release/v${KUBECTL_VERSION}/bin/linux/amd64/kubectl & chmod +x /usr/bin/kubectl && \ + wget https://mirrors.onwalk.net/tools/linux-amd64/gitleaks_8.8.5_linux_x64.tar.gz && tar -xvpf gitleaks_8.8.5_linux_x64.tar.gz && cp gitleaks /usr/bin/ && chmod 755 /usr/bin/gitleaks && \ + apk --no-cache del binutils make && \ + rm -rf /var/cache/apk/* + mkdir -pv /root/.terraform.d/plugin-cache && \ + +# add iac tools +COPY --from=builder /bin/terraform /bin/ + +# add pre-cost tools +COPY --from=finops /usr/bin/terragrunt /usr/bin/ +COPY --from=finops /usr/bin/infracost /usr/bin/ + +# config pre-cost tools +RUN mkdir -pv /root/.config/infracost/ +COPY credentials.yml /root/.config/infracost/ +RUN infracost configure get api_key + +# init terraform provider cache +COPY main.tf . +RUN mkdir -pv /data/terraform/ +RUN terraform providers mirror /data/terraform/ && rm -f main.tf .terraform.lock.hcl +COPY .terraformrc /root/ + +ENTRYPOINT ["/bin/sh", "-c"] diff --git a/oci/iac-runner/terraform-aws/Makefile b/oci/iac-runner/terraform-aws-finops/Makefile similarity index 100% rename from oci/iac-runner/terraform-aws/Makefile rename to oci/iac-runner/terraform-aws-finops/Makefile diff --git a/oci/iac-runner/terraform-aws/main.tf b/oci/iac-runner/terraform-aws-finops/main.tf similarity index 100% rename from oci/iac-runner/terraform-aws/main.tf rename to oci/iac-runner/terraform-aws-finops/main.tf diff --git a/oci/iac-runner/terraform-aws/repositories b/oci/iac-runner/terraform-aws-finops/repositories similarity index 100% rename from oci/iac-runner/terraform-aws/repositories rename to oci/iac-runner/terraform-aws-finops/repositories diff --git a/oci/iac-runner/terraform-aws/Dockerfile b/oci/iac-runner/terraform-aws/Dockerfile index fcc321f..8abf47b 100644 --- a/oci/iac-runner/terraform-aws/Dockerfile +++ b/oci/iac-runner/terraform-aws/Dockerfile @@ -1,38 +1,32 @@ -FROM hashicorp/terraform:latest as builder -FROM infracost/infracost:latest as finops +#FROM infracost/infracost:latest as finops +FROM artifact.onwalk.net/public/terraform:latest as builder # Build IAC Runner -FROM artifact.onwalk.net/k8s/alpine-awscli:2.6.1 as prod -LABEL maintainer="Haitao Pan " +ROM artifact.onwalk.net/public/alpine-awscli-python3:latest as prod ENV KUBECTL_VERSION=1.19.3 -RUN apk add --update --no-cache ca-certificates openssl openssh-client git bash wget make curl jq unzip zip python3 py3-pip && \ - pip3 install --upgrade pip --user && \ - pip3 install jinja2 hvac python-hcl2 pyyaml && \ - wget https://mirrors.onwalk.net/tools/linux-amd64/gauth.tar.gz && tar -xvpf gauth.tar.gz -C /usr/bin/ && chmod 755 /usr/bin/gauth && \ - wget -O /usr/bin/kubectl https://storage.googleapis.com/kubernetes-release/release/v${KUBECTL_VERSION}/bin/linux/amd64/kubectl & chmod +x /usr/bin/kubectl && \ - wget https://mirrors.onwalk.net/tools/linux-amd64/gitleaks_8.8.5_linux_x64.tar.gz && tar -xvpf gitleaks_8.8.5_linux_x64.tar.gz && cp gitleaks /usr/bin/ && chmod 755 /usr/bin/gitleaks && \ - apk --no-cache del binutils make && \ - rm -rf /var/cache/apk/* - mkdir -pv /root/.terraform.d/plugin-cache && \ - -# add iac tools COPY --from=builder /bin/terraform /bin/ -# add pre-cost tools -COPY --from=finops /usr/bin/terragrunt /usr/bin/ -COPY --from=finops /usr/bin/infracost /usr/bin/ +# install kubectl in apline +RUN wget -O /usr/local/bin/kubectl https://storage.googleapis.com/kubernetes-release/release/v${KUBECTL_VERSION}/bin/linux/amd64/kubectl && chmod +x /usr/local/bin/kubectl -# config pre-cost tools -RUN mkdir -pv /root/.config/infracost/ -COPY credentials.yml /root/.config/infracost/ -RUN infracost configure get api_key +# make terraform plugin cache +RUN mkdir -p $HOME/.terraform.d/plugins +RUN echo $'\ +provider "aws" {} \n\ +provider "tls" {}\n\ +provider "null" {}\n\ +provider "template" {}' >> /tmp/provider-cache.tf +RUN cd /tmp && terraform init && mv .terraform/providers/* $HOME/.terraform.d/plugins && rm -rf .terraform && rm -rf provider-cache.tf +# config terraform cli +# ENV TF_CLI_ARGS_init="-plugin-dir=$HOME/.terraform.d/plugins" -# init terraform provider cache -COPY main.tf . -RUN mkdir -pv /data/terraform/ -RUN terraform providers mirror /data/terraform/ && rm -f main.tf .terraform.lock.hcl -COPY .terraformrc /root/ +# install python3 +# RUN apk --no-cache add python3 py3-pip + +# packages for eks-environment/kubernetes/addon.sh +RUN pip install --upgrade pip --user && \ + pip install pyyaml ENTRYPOINT ["/bin/sh", "-c"]