Skip to content

brainfood / inkluster-dev

Go to a project
Toggle navigation
Toggle navigation pinning
a4276ebd by Adam Heath
Options

This is now working very well for me locally, using hetzner/k8s and 

local/k3d.
1 parent 82f28354
Inline Side-by-side
Showing 4 changed files with 114 additions and 19 deletions
These docs are very basic right now.
Steps to work with this:
This image only works if $UID = 1000, which is obviously a bug.
docker build --tag brainfood-tools --progress=plain .
docker run --rm -ti -v $KUBECONFIG:/home/tool/.kube/config -v $PWD:/srv/app -v $SSH_AUTH_SOCK:$SSH_AUTH_SOCK -e SSH_AUTH_SOCK=$SSH_AUTH_SOCK -e SSH_KNOWN_HOSTS="gitlab.brainfood.com" -w /srv/app -u tool brainfood-tools
* Check out this repo
* run build.sh
* Then from your working folder, directly run wrapper.sh.
......
#!/bin/sh
set -e
docker build --tag brainfood-tools --progress=plain .
#!/bin/bash
set -ex
configure_ssh_known_hosts() {
if [[ -z $SSH_KNOWN_HOSTS ]]; then return; fi
for host in $SSH_KNOWN_HOSTS; do
ssh-keyscan $host 2>/dev/null
done > "/home/tool/.ssh/known_hosts"
chown tool:tool "/home/tool/.ssh/known_hosts"
set -e
tool_uid="$(id -u tool)"
tool_gid="$(id -g tool)"
adjust_tool_uid_gid() {
declare usermod_args=()
declare -a new_groups=()
if [[ $MAP_UID ]]; then
[[ $(id -u tool) -ne $MAP_UID ]] && usermod_args+=(-u $MAP_UID)
fi
if [[ $MAP_GROUPS ]]; then
set -- $MAP_GROUPS
[[ $(id -g tool) -ne $1 ]] && usermod_args+=(-g $1)
shift
for group in "$@"; do
groupadd -g $group -o tool_$group
new_groups+=(tool_$group)
done
IFS=,
if [[ ${#new_groups[*]} -gt 0 ]]; then
usermod_args+=(-aG "${new_groups[*]}")
fi
fi
if [[ ${#usermod_args[*]} ]]; then
usermod "${usermod_args[@]}" tool
fi
}
configure_ssh_config() {
configure_ssh() {
if [[ ! -d /home/tool/.ssh ]]; then
mkdir /home/tool/.ssh
chmod 700 /home/tool/.ssh
fi
if [[ ! -d $run_state/ssh_known_hosts ]]; then
touch "$run_state/ssh_known_hosts"
fi
known_hosts_file="/home/tool/.ssh/known_hosts"
ssh_config_file="/home/tool/.ssh/config"
ln -sf "$run_state/ssh_known_hosts" "$known_hosts_file"
if [[ $SSH_KNOWN_HOSTS ]]; then
# If known_hosts was kept between runs, this loop would be faster.
for host in $SSH_KNOWN_HOSTS; do
ssh-keygen -q -F $host -f "$known_hosts_file" 1>/dev/null || ssh-keyscan $host >> ""$known_hosts_file"" 2>/dev/null
done
fi
{
echo "Host *"
echo " PubkeyAcceptedAlgorithms +ssh-rsa"
echo " StrictHostKeyChecking accept-new"
} > "/home/tool/.ssh/config"
chown tool:tool "/home/tool/.ssh/config"
chown tool:tool -R "/home/tool/.ssh"
}
configure_bash() {
if [[ ! -e $run_state/bash_history ]]; then
touch "$run_state/bash_history"
fi
ln -sf "$run_state/bash_history" "/home/tool/.bash_history"
chown -h tool:tool "/home/tool/.bash_history"
}
configure_cache() {
if [[ ! -d $run_state/cache ]]; then
mkdir "$run_state/cache"
fi
ln -sf "$run_state/cache" /home/tool/.cache
chown -h tool:tool "/home/tool/.cache"
}
configure_ssh_known_hosts
configure_ssh_config
# TODO: Save /run/user between calls
mkdir -p /run/user/$tool_uid
adjust_tool_uid_gid
tool_uid="$(id -u tool)"
tool_gid="$(id -g tool)"
run_state="/run/user/$tool_uid/inkluster-dev"
if [[ ! -d $run_state ]]; then
mkdir -p "$run_state"
fi
configure_ssh
configure_bash
configure_cache
chown -R tool:tool /run/user/$tool_uid
[[ $# -eq 0 ]] && set -- "bash"
exec "$@"
cmd="$(which "$1")"
shift
start-stop-daemon --chuid tool:tool --start -d $PWD -u tool --exec "$cmd" "$@"
......
#!/usr/bin/env bash
set -e
declare -a docker_args=(--rm -i)
[[ -t 0 ]] && docker_args+=(-t)
docker_args+=(--network host)
docker_args+=(-v /:/srv/host-root)
docker_args+=(-w /srv/host-root/$PWD)
[[ $SSH_AUTH_SOCK ]] && docker_args+=(-v "$SSH_AUTH_SOCK:$SSH_AUTH_SOCK" -e "SSH_AUTH_SOCK=$SSH_AUTH_SOCK")
if [[ $KUBECONFIG ]]; then
docker_args+=(-v "$KUBECONFIG:/srv/host-root/$KUBECONFIG" -e "KUBECONFIG=/srv/host-root/$KUBECONFIG")
elif [[ $HOME/.kube/config ]]; then
docker_args+=(-e "KUBECONFIG=/srv/host-root/$HOME/.kube/config")
fi
docker_args+=(-e MAP_UID="$(id -u)" -e MAP_GROUPS="$(id -G)")
docker run "${docker_args[@]}" brainfood-tools