diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile new file mode 100644 index 0000000..c0e1530 --- /dev/null +++ b/.devcontainer/Dockerfile @@ -0,0 +1,32 @@ +ARG USER=signadot +ARG GOARCH=amd64 +FROM ubuntu +ARG USER +ARG GOARCH + +RUN apt update +RUN apt upgrade -y +RUN apt-get install -y ca-certificates +RUN apt-get install -y iptables +RUN apt-get install -y sudo +RUN apt-get install -y curl +RUN apt-get install -y vim +RUN apt-get install -y git +RUN apt-get install -y protobuf-compiler +COPY install-kubectl.sh /install-kubectl.sh +RUN /install-kubectl.sh + +COPY signadot /usr/bin/signadot + +RUN adduser --disabled-password $USER +RUN adduser $USER sudo +RUN echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers + + +USER $USER +WORKDIR /home/$USER + + +CMD ["/bin/bash"] +ENTRYPOINT ["/bin/bash"] + diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json new file mode 100644 index 0000000..c1ae403 --- /dev/null +++ b/.devcontainer/devcontainer.json @@ -0,0 +1,33 @@ +{ + "name": "signadot-aws", + "build": { + "dockerfile": "Dockerfile", + "args": { + "USER": "${localEnv:USER}", + "GOARCH": "${localEnv:GOARCH}" + } + }, + "capAdd": ["NET_ADMIN"], + "remoteUser": "${localEnv:USER}", + "containerEnv": { + "LOCALHOST_HOME": "${localEnv:HOME}" + }, + "mounts": [ + {"source": "${localEnv:HOME}/.signadot", "target": "/home/${localEnv:USER}/.signadot-localhost", "type": "bind"}, + {"source": "${localEnv:HOME}/.kube", "target": "/home/${localEnv:USER}/.kube-localhost", "type": "bind"}, + {"source": "${localEnv:HOME}/.aws", "target": "/home/${localEnv:USER}/.aws", "type": "bind"}, + {"source": "${localEnv:HOME}/.minikube", "target": "/home/${localEnv:USER}/.minikube-localhost", "type": "bind"} + ], + + "postCreateCommand": "sh .devcontainer/post-create.sh", + + "features": { + "ghcr.io/devcontainers/features/git:1": {}, + "ghcr.io/devcontainers/features/go:1": {}, + "ghcr.io/brokeyourbike/devcontainer-features/staticcheck:0": {}, + "ghcr.io/guiyomh/features/vim": {}, + "ghcr.io/guiyomh/features/goreleaser:0": {}, + "ghcr.io/eitsupi/devcontainer-features/jq-likes:2": {}, + "ghcr.io/devcontainers/features/aws-cli:1": {} + } +} diff --git a/.devcontainer/install-kubectl.sh b/.devcontainer/install-kubectl.sh new file mode 100755 index 0000000..db31ff0 --- /dev/null +++ b/.devcontainer/install-kubectl.sh @@ -0,0 +1,15 @@ +#!/bin/sh + +set -e +arch="$(uname -m)" +case $arch in + x86_64) arch="amd64";; + aarch64 | armv8*) arch="arm64";; + aarch32 | armv7* | armvhf*) arch="arm";; + i?86) arch="386";; + *) echo "(!) Architecture $arch unsupported"; exit 1 ;; +esac + +version="$(curl -sSL https://dl.k8s.io/release/stable.txt)" +curl -LO https://dl.k8s.io/release/${version}/bin/linux/${arch}/kubectl +install -o root -g root kubectl /usr/local/bin/kubectl diff --git a/.devcontainer/post-create.sh b/.devcontainer/post-create.sh new file mode 100755 index 0000000..607080b --- /dev/null +++ b/.devcontainer/post-create.sh @@ -0,0 +1,27 @@ +#!/bin/sh + +set -e + +# +# copy signadot config from mount +# +if [ -d $HOME/.signadot ]; then + true; +else + mkdir $HOME/.signadot +fi + +if [ -f $HOME/.signadot/config.yaml ]; then + true; +else + cp $HOME/.signadot-localhost/config.yaml $HOME/.signadot/config.yaml +fi + +# +# rewrite kubeconfig +# +if [ -d $HOME/.kube ]; then + true; +else + go run /workspaces/cli/.devcontainer/rewrite_kubeconfig +fi diff --git a/.devcontainer/rewrite_kubeconfig/main.go b/.devcontainer/rewrite_kubeconfig/main.go new file mode 100644 index 0000000..24c632a --- /dev/null +++ b/.devcontainer/rewrite_kubeconfig/main.go @@ -0,0 +1,58 @@ +package main + +import ( + "flag" + "log" + "os" + "path/filepath" + "strings" + + "k8s.io/client-go/tools/clientcmd" +) + +var ( + in, out, localhostHome string +) + +func main() { + flag.StringVar(&in, "in", os.ExpandEnv("$HOME/.kube-localhost/config"), "input kube config file") + flag.StringVar(&out, "out", os.ExpandEnv("$HOME/.kube/config"), "output kube config file") + log.Printf("running with in=%q out=%q and $LOCALHOST_HOME=%q", in, out, os.Getenv("LOCALHOST_HOME")) + flag.Parse() + + cfg, err := clientcmd.LoadFromFile(in) + if err != nil { + log.Fatal(err) + } + d, _ := filepath.Split(out) + if err := os.MkdirAll(d, 0755); err != nil { + log.Fatal(err) + } + for _, cluster := range cfg.Clusters { + if cluster.ProxyURL != "" { + cluster.ProxyURL = rewriteHost(cluster.ProxyURL) + continue + } + cluster.Server = rewriteHost(cluster.Server) + cluster.CertificateAuthority = rewriteHome(cluster.CertificateAuthority) + } + for _, user := range cfg.AuthInfos { + user.ClientCertificate = rewriteHome(user.ClientCertificate) + user.ClientKey = rewriteHome(user.ClientKey) + } + if err := clientcmd.WriteToFile(*cfg, out); err != nil { + log.Fatal(err) + } +} + +func rewriteHost(s string) string { + s = strings.ReplaceAll(s, "127.0.0.1", "host.docker.internal") + s = strings.ReplaceAll(s, "localhost", "host.docker.internal") + return s +} + +func rewriteHome(s string) string { + s = strings.ReplaceAll(s, os.ExpandEnv("$LOCALHOST_HOME"), os.ExpandEnv("$HOME")) + s = strings.ReplaceAll(s, ".minikube", ".minikube-localhost") + return s +} diff --git a/Makefile b/Makefile index f371bd1..cf7adb0 100644 --- a/Makefile +++ b/Makefile @@ -15,3 +15,8 @@ build: release: SIGNADOT_IMAGE_SUFFIX='' goreleaser release --rm-dist + + +devcontainer: + GOOS=linux go build -o .devcontainer/signadot ./cmd/signadot + GOARCH=$(shell go env GOARCH) devcontainer --workspace-folder . build