This is now working very well for me locally, using hetzner/k8s and

local/k3d.

-These docs are very basic right now.
+Steps to work with this:
 
 
-This image only works if $UID = 1000, which is obviously a bug.
-
-docker build --tag brainfood-tools --progress=plain .
-
-docker run --rm -ti -v $KUBECONFIG:/home/tool/.kube/config -v $PWD:/srv/app -v $SSH_AUTH_SOCK:$SSH_AUTH_SOCK -e SSH_AUTH_SOCK=$SSH_AUTH_SOCK -e SSH_KNOWN_HOSTS="gitlab.brainfood.com" -w /srv/app -u tool brainfood-tools
+* Check out this repo
+* run build.sh
+* Then from your working folder, directly run wrapper.sh.
 
 

+#!/bin/sh
+
+set -e
+docker build --tag brainfood-tools --progress=plain .

 #!/bin/bash
 #!/bin/bash
 
 
-set -ex
+set -e
 
 
-configure_ssh_known_hosts() {
-	if [[ -z $SSH_KNOWN_HOSTS ]]; then return; fi
-	for host in $SSH_KNOWN_HOSTS; do
-		ssh-keyscan $host 2>/dev/null
-	done > "/home/tool/.ssh/known_hosts"
-	chown tool:tool "/home/tool/.ssh/known_hosts"
+tool_uid="$(id -u tool)"
+tool_gid="$(id -g tool)"
+
+adjust_tool_uid_gid() {
+	declare usermod_args=()
+	declare -a new_groups=()
+
+	if [[ $MAP_UID ]]; then
+		[[ $(id -u tool) -ne $MAP_UID ]] && usermod_args+=(-u $MAP_UID)
+	fi
+	if [[ $MAP_GROUPS ]]; then
+		set -- $MAP_GROUPS
+		[[ $(id -g tool) -ne $1 ]] && usermod_args+=(-g $1)
+		shift
+		for group in "$@"; do
+			groupadd -g $group -o tool_$group
+			new_groups+=(tool_$group)
+		done
+		IFS=,
+		if [[ ${#new_groups[*]} -gt 0 ]]; then
+			usermod_args+=(-aG "${new_groups[*]}")
+		fi
+	fi
+	if [[ ${#usermod_args[*]} ]]; then
+		usermod "${usermod_args[@]}" tool
+	fi
 }
 }
 
 
-configure_ssh_config() {
+configure_ssh() {
+	if [[ ! -d /home/tool/.ssh ]]; then
+		mkdir /home/tool/.ssh
+		chmod 700 /home/tool/.ssh
+	fi
+	if [[ ! -d $run_state/ssh_known_hosts ]]; then
+		touch "$run_state/ssh_known_hosts"
+	fi
+	known_hosts_file="/home/tool/.ssh/known_hosts"
+	ssh_config_file="/home/tool/.ssh/config"
+	ln -sf "$run_state/ssh_known_hosts" "$known_hosts_file"
+	if [[ $SSH_KNOWN_HOSTS ]]; then
+		# If known_hosts was kept between runs, this loop would be faster.
+		for host in $SSH_KNOWN_HOSTS; do
+			ssh-keygen -q -F $host -f "$known_hosts_file" 1>/dev/null || ssh-keyscan $host >> ""$known_hosts_file"" 2>/dev/null
+		done
+	fi
 	{
 	{
 		echo "Host *"
 		echo "Host *"
 		echo " PubkeyAcceptedAlgorithms +ssh-rsa"
 		echo " PubkeyAcceptedAlgorithms +ssh-rsa"
+		echo " StrictHostKeyChecking accept-new"
 	} > "/home/tool/.ssh/config"
 	} > "/home/tool/.ssh/config"
-	chown tool:tool "/home/tool/.ssh/config"
+	chown tool:tool -R "/home/tool/.ssh"
 }
 }
 
 
-configure_ssh_known_hosts
-configure_ssh_config
+configure_bash() {
+	if [[ ! -e $run_state/bash_history ]]; then
+		touch "$run_state/bash_history"
+	fi
+	ln -sf "$run_state/bash_history" "/home/tool/.bash_history"
+	chown -h tool:tool "/home/tool/.bash_history"
+}
+
+configure_cache() {
+	if [[ ! -d $run_state/cache ]]; then
+		mkdir "$run_state/cache"
+	fi
+	ln -sf "$run_state/cache" /home/tool/.cache
+	chown -h tool:tool "/home/tool/.cache"
+}
+
+# TODO: Save /run/user between calls
+mkdir -p /run/user/$tool_uid
+
+adjust_tool_uid_gid
+
+tool_uid="$(id -u tool)"
+tool_gid="$(id -g tool)"
+run_state="/run/user/$tool_uid/inkluster-dev"
+
+if [[ ! -d $run_state ]]; then
+	mkdir -p "$run_state"
+fi
+configure_ssh
+configure_bash
+configure_cache
+
+chown -R tool:tool /run/user/$tool_uid
 
 
 [[ $# -eq 0 ]] && set -- "bash"
 [[ $# -eq 0 ]] && set -- "bash"
-exec "$@"
+cmd="$(which "$1")"
+shift
+
+start-stop-daemon --chuid tool:tool --start -d $PWD -u tool --exec "$cmd" "$@"

+#!/usr/bin/env bash
+
+set -e
+
+declare -a docker_args=(--rm -i)
+
+[[ -t 0 ]] && docker_args+=(-t)
+
+docker_args+=(--network host)
+docker_args+=(-v /:/srv/host-root)
+docker_args+=(-w /srv/host-root/$PWD)
+[[ $SSH_AUTH_SOCK ]] && docker_args+=(-v "$SSH_AUTH_SOCK:$SSH_AUTH_SOCK" -e "SSH_AUTH_SOCK=$SSH_AUTH_SOCK")
+if [[ $KUBECONFIG ]]; then
+	docker_args+=(-v "$KUBECONFIG:/srv/host-root/$KUBECONFIG" -e "KUBECONFIG=/srv/host-root/$KUBECONFIG")
+elif [[ $HOME/.kube/config ]]; then
+	docker_args+=(-e "KUBECONFIG=/srv/host-root/$HOME/.kube/config")
+fi
+
+docker_args+=(-e MAP_UID="$(id -u)" -e MAP_GROUPS="$(id -G)")
+
+docker run "${docker_args[@]}" brainfood-tools
+