From a6fdf483db8fbf4c66cb6e1b697789fc182b4540 Mon Sep 17 00:00:00 2001 From: Scott Cotton Date: Wed, 13 Dec 2023 14:26:13 +0000 Subject: [PATCH 1/5] add devcontainer (from within devcontainer!) --- .devcontainer/Dockerfile | 39 +++++++++++++++++++++++++++++++++ .devcontainer/devcontainer.json | 20 +++++++++++++++++ .devcontainer/install-aws.sh | 8 +++++++ .devcontainer/install-go.sh | 5 +++++ 4 files changed, 72 insertions(+) create mode 100644 .devcontainer/Dockerfile create mode 100644 .devcontainer/devcontainer.json create mode 100755 .devcontainer/install-aws.sh create mode 100755 .devcontainer/install-go.sh diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile new file mode 100644 index 0000000..4cfcbc6 --- /dev/null +++ b/.devcontainer/Dockerfile @@ -0,0 +1,39 @@ +ARG USER=signadot +ARG GOARCH=amd64 +FROM ubuntu +ARG USER +ARG GOARCH + +RUN apt update +RUN apt upgrade -y +RUN apt-get install -y ca-certificates +RUN apt-get install -y iptables +RUN apt-get install -y sudo +RUN apt-get install -y curl +RUN apt-get install -y vim +RUN apt-get install -y git +RUN apt-get install -y python3 +RUN apt-get install -y python3.10-venv +RUN apt-get install -y unzip +RUN apt-get install -y wget + +COPY install-aws.sh /install-aws.sh +RUN /install-aws.sh +COPY install-go.sh /install-go.sh +RUN GOARCH=$GOARCH /install-go.sh +RUN /usr/local/go/bin/go install github.com/goreleaser/goreleaser@latest + +COPY signadot /usr/bin/signadot + + + +RUN adduser --disabled-password $USER +RUN adduser $USER sudo +RUN echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers + + +USER $USER +WORKDIR /home/$USER + +ENTRYPOINT ["/bin/bash"] + diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json new file mode 100644 index 0000000..5399a7d --- /dev/null +++ b/.devcontainer/devcontainer.json @@ -0,0 +1,20 @@ +{ + "name": "signadot-aws", + "build": { + "dockerfile": "Dockerfile", + "args": { + "USER": "${localEnv:USER}", + "GOARCH": "${localEnv:GOARCH}" + } + }, + "capAdd": ["NET_ADMIN"], + "remoteUser": "${localEnv:USER}", + "mounts": [ + {"source": "${localEnv:HOME}/.signadot", "target": "/home/${localEnv:USER}/.signadot", "type": "bind"}, + {"source": "${localEnv:HOME}/.kube", "target": "/home/${localEnv:USER}/.kube", "type": "bind"}, + {"source": "${localEnv:HOME}/.aws", "target": "/home/${localEnv:USER}/.aws", "type": "bind"} + ], + "features": { + "ghcr.io/brokeyourbike/devcontainer-features/staticcheck:0": {} + } +} diff --git a/.devcontainer/install-aws.sh b/.devcontainer/install-aws.sh new file mode 100755 index 0000000..32f6b31 --- /dev/null +++ b/.devcontainer/install-aws.sh @@ -0,0 +1,8 @@ +#!/bin/sh +# + +ln -s /usr/bin/python3 /usr/bin/python +curl https://s3.amazonaws.com/aws-cli/awscli-bundle.zip -o awscli-bundle.zip +unzip awscli-bundle.zip +./awscli-bundle/install -i /usr/local/aws -b /usr/local/bin/aws + diff --git a/.devcontainer/install-go.sh b/.devcontainer/install-go.sh new file mode 100755 index 0000000..9bd6a0b --- /dev/null +++ b/.devcontainer/install-go.sh @@ -0,0 +1,5 @@ +#!/bin/sh + +wget https://go.dev/dl/go1.21.5.linux-${GOARCH}.tar.gz +rm -rf /usr/local/go +tar -C /usr/local -xzf go1.21.5.linux-${GOARCH}.tar.gz From 730dd886007eab624bba188a76378ec80ebdce71 Mon Sep 17 00:00:00 2001 From: Scott Cotton Date: Wed, 13 Dec 2023 14:26:52 +0000 Subject: [PATCH 2/5] add make devcontainer target --- Makefile | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/Makefile b/Makefile index f371bd1..13c702d 100644 --- a/Makefile +++ b/Makefile @@ -15,3 +15,8 @@ build: release: SIGNADOT_IMAGE_SUFFIX='' goreleaser release --rm-dist + + +devcontainer: + go build -o .devcontainer/signadot ./cmd/signadot + GOARCH=$(go env GOARCH) devcontainer --workspace-folder . build From 589457c0cbb8a8ec8a01a4354505618d139220db Mon Sep 17 00:00:00 2001 From: Scott Cotton Date: Wed, 13 Dec 2023 23:20:07 +0100 Subject: [PATCH 3/5] some fixes around GOARCH and make devcontainer also add go to path of user --- .devcontainer/Dockerfile | 3 ++- .devcontainer/install-go.sh | 2 ++ Makefile | 4 ++-- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile index 4cfcbc6..614d99b 100644 --- a/.devcontainer/Dockerfile +++ b/.devcontainer/Dockerfile @@ -20,7 +20,7 @@ RUN apt-get install -y wget COPY install-aws.sh /install-aws.sh RUN /install-aws.sh COPY install-go.sh /install-go.sh -RUN GOARCH=$GOARCH /install-go.sh +RUN /install-go.sh $GOARCH RUN /usr/local/go/bin/go install github.com/goreleaser/goreleaser@latest COPY signadot /usr/bin/signadot @@ -34,6 +34,7 @@ RUN echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers USER $USER WORKDIR /home/$USER +RUN echo "PATH=\$PATH:/usr/local/go/bin" >> .profile ENTRYPOINT ["/bin/bash"] diff --git a/.devcontainer/install-go.sh b/.devcontainer/install-go.sh index 9bd6a0b..ff25e8e 100755 --- a/.devcontainer/install-go.sh +++ b/.devcontainer/install-go.sh @@ -1,5 +1,7 @@ #!/bin/sh +GOARCH=$1 + wget https://go.dev/dl/go1.21.5.linux-${GOARCH}.tar.gz rm -rf /usr/local/go tar -C /usr/local -xzf go1.21.5.linux-${GOARCH}.tar.gz diff --git a/Makefile b/Makefile index 13c702d..cf7adb0 100644 --- a/Makefile +++ b/Makefile @@ -18,5 +18,5 @@ release: devcontainer: - go build -o .devcontainer/signadot ./cmd/signadot - GOARCH=$(go env GOARCH) devcontainer --workspace-folder . build + GOOS=linux go build -o .devcontainer/signadot ./cmd/signadot + GOARCH=$(shell go env GOARCH) devcontainer --workspace-folder . build From 5b28b108e8b4c7527e5a1d4727fa9b1e23a3d0b6 Mon Sep 17 00:00:00 2001 From: Scott Cotton Date: Thu, 14 Dec 2023 14:00:00 +0100 Subject: [PATCH 4/5] some improvements - use features where we can - mount .signadot and .kube to -localhost variants - use post-create.sh to install .signadot/config.yaml --- .devcontainer/Dockerfile | 15 ++------------- .devcontainer/devcontainer.json | 15 ++++++++++++--- .devcontainer/install-aws.sh | 8 -------- .devcontainer/install-go.sh | 7 ------- .devcontainer/post-create.sh | 14 ++++++++++++++ 5 files changed, 28 insertions(+), 31 deletions(-) delete mode 100755 .devcontainer/install-aws.sh delete mode 100755 .devcontainer/install-go.sh create mode 100755 .devcontainer/post-create.sh diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile index 614d99b..2d1486e 100644 --- a/.devcontainer/Dockerfile +++ b/.devcontainer/Dockerfile @@ -12,21 +12,10 @@ RUN apt-get install -y sudo RUN apt-get install -y curl RUN apt-get install -y vim RUN apt-get install -y git -RUN apt-get install -y python3 -RUN apt-get install -y python3.10-venv -RUN apt-get install -y unzip -RUN apt-get install -y wget - -COPY install-aws.sh /install-aws.sh -RUN /install-aws.sh -COPY install-go.sh /install-go.sh -RUN /install-go.sh $GOARCH -RUN /usr/local/go/bin/go install github.com/goreleaser/goreleaser@latest +RUN apt-get install -y protobuf-compiler COPY signadot /usr/bin/signadot - - RUN adduser --disabled-password $USER RUN adduser $USER sudo RUN echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers @@ -34,7 +23,7 @@ RUN echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers USER $USER WORKDIR /home/$USER -RUN echo "PATH=\$PATH:/usr/local/go/bin" >> .profile +CMD ["/bin/bash"] ENTRYPOINT ["/bin/bash"] diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index 5399a7d..3cad8da 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -10,11 +10,20 @@ "capAdd": ["NET_ADMIN"], "remoteUser": "${localEnv:USER}", "mounts": [ - {"source": "${localEnv:HOME}/.signadot", "target": "/home/${localEnv:USER}/.signadot", "type": "bind"}, - {"source": "${localEnv:HOME}/.kube", "target": "/home/${localEnv:USER}/.kube", "type": "bind"}, + {"source": "${localEnv:HOME}/.signadot", "target": "/home/${localEnv:USER}/.signadot-localhost", "type": "bind"}, + {"source": "${localEnv:HOME}/.kube", "target": "/home/${localEnv:USER}/.kube-localhost", "type": "bind"}, {"source": "${localEnv:HOME}/.aws", "target": "/home/${localEnv:USER}/.aws", "type": "bind"} ], + + "postCreateCommand": "sh .devcontainer/post-create.sh", + "features": { - "ghcr.io/brokeyourbike/devcontainer-features/staticcheck:0": {} + "ghcr.io/devcontainers/features/git:1": {}, + "ghcr.io/devcontainers/features/go:1": {}, + "ghcr.io/brokeyourbike/devcontainer-features/staticcheck:0": {}, + "ghcr.io/guiyomh/features/vim": {}, + "ghcr.io/guiyomh/features/goreleaser:0": {}, + "ghcr.io/eitsupi/devcontainer-features/jq-likes:2": {}, + "ghcr.io/devcontainers/features/aws-cli:1": {} } } diff --git a/.devcontainer/install-aws.sh b/.devcontainer/install-aws.sh deleted file mode 100755 index 32f6b31..0000000 --- a/.devcontainer/install-aws.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -# - -ln -s /usr/bin/python3 /usr/bin/python -curl https://s3.amazonaws.com/aws-cli/awscli-bundle.zip -o awscli-bundle.zip -unzip awscli-bundle.zip -./awscli-bundle/install -i /usr/local/aws -b /usr/local/bin/aws - diff --git a/.devcontainer/install-go.sh b/.devcontainer/install-go.sh deleted file mode 100755 index ff25e8e..0000000 --- a/.devcontainer/install-go.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh - -GOARCH=$1 - -wget https://go.dev/dl/go1.21.5.linux-${GOARCH}.tar.gz -rm -rf /usr/local/go -tar -C /usr/local -xzf go1.21.5.linux-${GOARCH}.tar.gz diff --git a/.devcontainer/post-create.sh b/.devcontainer/post-create.sh new file mode 100755 index 0000000..329d12d --- /dev/null +++ b/.devcontainer/post-create.sh @@ -0,0 +1,14 @@ +#!/bin/sh + +if [ -d $HOME/.signadot ]; then + true; +else + mkdir $HOME/.signadot +fi + +if [ -f $HOME/.signadot/config.yaml ]; then + true; +else + cp $HOME/.signadot-localhost/config.yaml $HOME/.signadot/config.yaml +fi + From d1a11f89d323a09b4ae67732438a87c6a243749c Mon Sep 17 00:00:00 2001 From: Scott Cotton Date: Thu, 14 Dec 2023 18:45:29 +0100 Subject: [PATCH 5/5] checkpoint - attempt to munge kubeconfig - install kubectl doesn't work yet w/ minikube b/c of certs thinking of adding a tcp proxy from localhost to host.docker.internal for ports in kube-config cluster servers --- .devcontainer/Dockerfile | 3 ++ .devcontainer/devcontainer.json | 6 ++- .devcontainer/install-kubectl.sh | 15 ++++++ .devcontainer/post-create.sh | 13 ++++++ .devcontainer/rewrite_kubeconfig/main.go | 58 ++++++++++++++++++++++++ 5 files changed, 94 insertions(+), 1 deletion(-) create mode 100755 .devcontainer/install-kubectl.sh create mode 100644 .devcontainer/rewrite_kubeconfig/main.go diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile index 2d1486e..c0e1530 100644 --- a/.devcontainer/Dockerfile +++ b/.devcontainer/Dockerfile @@ -13,6 +13,8 @@ RUN apt-get install -y curl RUN apt-get install -y vim RUN apt-get install -y git RUN apt-get install -y protobuf-compiler +COPY install-kubectl.sh /install-kubectl.sh +RUN /install-kubectl.sh COPY signadot /usr/bin/signadot @@ -24,6 +26,7 @@ RUN echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers USER $USER WORKDIR /home/$USER + CMD ["/bin/bash"] ENTRYPOINT ["/bin/bash"] diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index 3cad8da..c1ae403 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -9,10 +9,14 @@ }, "capAdd": ["NET_ADMIN"], "remoteUser": "${localEnv:USER}", + "containerEnv": { + "LOCALHOST_HOME": "${localEnv:HOME}" + }, "mounts": [ {"source": "${localEnv:HOME}/.signadot", "target": "/home/${localEnv:USER}/.signadot-localhost", "type": "bind"}, {"source": "${localEnv:HOME}/.kube", "target": "/home/${localEnv:USER}/.kube-localhost", "type": "bind"}, - {"source": "${localEnv:HOME}/.aws", "target": "/home/${localEnv:USER}/.aws", "type": "bind"} + {"source": "${localEnv:HOME}/.aws", "target": "/home/${localEnv:USER}/.aws", "type": "bind"}, + {"source": "${localEnv:HOME}/.minikube", "target": "/home/${localEnv:USER}/.minikube-localhost", "type": "bind"} ], "postCreateCommand": "sh .devcontainer/post-create.sh", diff --git a/.devcontainer/install-kubectl.sh b/.devcontainer/install-kubectl.sh new file mode 100755 index 0000000..db31ff0 --- /dev/null +++ b/.devcontainer/install-kubectl.sh @@ -0,0 +1,15 @@ +#!/bin/sh + +set -e +arch="$(uname -m)" +case $arch in + x86_64) arch="amd64";; + aarch64 | armv8*) arch="arm64";; + aarch32 | armv7* | armvhf*) arch="arm";; + i?86) arch="386";; + *) echo "(!) Architecture $arch unsupported"; exit 1 ;; +esac + +version="$(curl -sSL https://dl.k8s.io/release/stable.txt)" +curl -LO https://dl.k8s.io/release/${version}/bin/linux/${arch}/kubectl +install -o root -g root kubectl /usr/local/bin/kubectl diff --git a/.devcontainer/post-create.sh b/.devcontainer/post-create.sh index 329d12d..607080b 100755 --- a/.devcontainer/post-create.sh +++ b/.devcontainer/post-create.sh @@ -1,5 +1,10 @@ #!/bin/sh +set -e + +# +# copy signadot config from mount +# if [ -d $HOME/.signadot ]; then true; else @@ -12,3 +17,11 @@ else cp $HOME/.signadot-localhost/config.yaml $HOME/.signadot/config.yaml fi +# +# rewrite kubeconfig +# +if [ -d $HOME/.kube ]; then + true; +else + go run /workspaces/cli/.devcontainer/rewrite_kubeconfig +fi diff --git a/.devcontainer/rewrite_kubeconfig/main.go b/.devcontainer/rewrite_kubeconfig/main.go new file mode 100644 index 0000000..24c632a --- /dev/null +++ b/.devcontainer/rewrite_kubeconfig/main.go @@ -0,0 +1,58 @@ +package main + +import ( + "flag" + "log" + "os" + "path/filepath" + "strings" + + "k8s.io/client-go/tools/clientcmd" +) + +var ( + in, out, localhostHome string +) + +func main() { + flag.StringVar(&in, "in", os.ExpandEnv("$HOME/.kube-localhost/config"), "input kube config file") + flag.StringVar(&out, "out", os.ExpandEnv("$HOME/.kube/config"), "output kube config file") + log.Printf("running with in=%q out=%q and $LOCALHOST_HOME=%q", in, out, os.Getenv("LOCALHOST_HOME")) + flag.Parse() + + cfg, err := clientcmd.LoadFromFile(in) + if err != nil { + log.Fatal(err) + } + d, _ := filepath.Split(out) + if err := os.MkdirAll(d, 0755); err != nil { + log.Fatal(err) + } + for _, cluster := range cfg.Clusters { + if cluster.ProxyURL != "" { + cluster.ProxyURL = rewriteHost(cluster.ProxyURL) + continue + } + cluster.Server = rewriteHost(cluster.Server) + cluster.CertificateAuthority = rewriteHome(cluster.CertificateAuthority) + } + for _, user := range cfg.AuthInfos { + user.ClientCertificate = rewriteHome(user.ClientCertificate) + user.ClientKey = rewriteHome(user.ClientKey) + } + if err := clientcmd.WriteToFile(*cfg, out); err != nil { + log.Fatal(err) + } +} + +func rewriteHost(s string) string { + s = strings.ReplaceAll(s, "127.0.0.1", "host.docker.internal") + s = strings.ReplaceAll(s, "localhost", "host.docker.internal") + return s +} + +func rewriteHome(s string) string { + s = strings.ReplaceAll(s, os.ExpandEnv("$LOCALHOST_HOME"), os.ExpandEnv("$HOME")) + s = strings.ReplaceAll(s, ".minikube", ".minikube-localhost") + return s +}