signadot · scott-cotton · Dec 13, 2023 · Dec 13, 2023 · Dec 13, 2023 · Dec 14, 2023
diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile
@@ -0,0 +1,32 @@
+ARG USER=signadot
+ARG GOARCH=amd64
+FROM ubuntu
+ARG USER
+ARG GOARCH
+
+RUN apt update
+RUN apt upgrade -y
+RUN apt-get install -y ca-certificates
+RUN apt-get install -y iptables
+RUN apt-get install -y sudo
+RUN apt-get install -y curl
+RUN apt-get install -y vim
+RUN apt-get install -y git
+RUN apt-get install -y protobuf-compiler
+COPY install-kubectl.sh /install-kubectl.sh
+RUN /install-kubectl.sh
+
+COPY signadot /usr/bin/signadot
+
+RUN adduser --disabled-password $USER
+RUN adduser $USER sudo
+RUN echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
+
+
+USER $USER
+WORKDIR /home/$USER
+
+
+CMD ["/bin/bash"]
+ENTRYPOINT ["/bin/bash"]
+
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -0,0 +1,33 @@
+{
+	"name": "signadot-aws",
+	"build": {
+		"dockerfile": "Dockerfile",
+		"args": {
+			"USER": "${localEnv:USER}",
+			"GOARCH": "${localEnv:GOARCH}"
+		}
+	},
+	"capAdd": ["NET_ADMIN"],
+	"remoteUser": "${localEnv:USER}",
+	"containerEnv": {
+		"LOCALHOST_HOME": "${localEnv:HOME}"
+	},
+	"mounts": [
+		{"source": "${localEnv:HOME}/.signadot", "target": "/home/${localEnv:USER}/.signadot-localhost", "type": "bind"},
+		{"source": "${localEnv:HOME}/.kube", "target": "/home/${localEnv:USER}/.kube-localhost", "type": "bind"},
+		{"source": "${localEnv:HOME}/.aws", "target": "/home/${localEnv:USER}/.aws", "type": "bind"},
+		{"source": "${localEnv:HOME}/.minikube", "target": "/home/${localEnv:USER}/.minikube-localhost", "type": "bind"}
+	],
+
+	"postCreateCommand": "sh .devcontainer/post-create.sh",
+
+	"features": {
+		"ghcr.io/devcontainers/features/git:1": {},
+		"ghcr.io/devcontainers/features/go:1": {},
+		"ghcr.io/brokeyourbike/devcontainer-features/staticcheck:0": {},
+		"ghcr.io/guiyomh/features/vim": {},
+		"ghcr.io/guiyomh/features/goreleaser:0": {},
+		"ghcr.io/eitsupi/devcontainer-features/jq-likes:2": {},
+		"ghcr.io/devcontainers/features/aws-cli:1": {}
+	}
+}
diff --git a/.devcontainer/install-kubectl.sh b/.devcontainer/install-kubectl.sh
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+set -e
+arch="$(uname -m)"
+case $arch in 
+	x86_64) arch="amd64";;
+	aarch64 | armv8*) arch="arm64";;
+	aarch32 | armv7* | armvhf*) arch="arm";;
+	i?86) arch="386";;
+	*) echo "(!) Architecture $arch unsupported"; exit 1 ;;
+esac
+
+version="$(curl -sSL https://dl.k8s.io/release/stable.txt)"
+curl -LO https://dl.k8s.io/release/${version}/bin/linux/${arch}/kubectl
+install -o root -g root kubectl /usr/local/bin/kubectl
diff --git a/.devcontainer/post-create.sh b/.devcontainer/post-create.sh
@@ -0,0 +1,27 @@
+#!/bin/sh
+
+set -e
+
+#
+# copy signadot config from mount
+#
+if [ -d $HOME/.signadot ]; then
+	true;
+else
+	mkdir $HOME/.signadot
+fi
+
+if [ -f $HOME/.signadot/config.yaml  ]; then
+	true;
+else
+	cp $HOME/.signadot-localhost/config.yaml $HOME/.signadot/config.yaml
+fi
+
+#
+# rewrite kubeconfig
+#
+if [ -d $HOME/.kube ]; then
+	true;
+else
+	go run /workspaces/cli/.devcontainer/rewrite_kubeconfig
+fi
diff --git a/.devcontainer/rewrite_kubeconfig/main.go b/.devcontainer/rewrite_kubeconfig/main.go
@@ -0,0 +1,58 @@
+package main
+
+import (
+	"flag"
+	"log"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"k8s.io/client-go/tools/clientcmd"
+)
+
+var (
+	in, out, localhostHome string
+)
+
+func main() {
+	flag.StringVar(&in, "in", os.ExpandEnv("$HOME/.kube-localhost/config"), "input kube config file")
+	flag.StringVar(&out, "out", os.ExpandEnv("$HOME/.kube/config"), "output kube config file")
+	log.Printf("running with in=%q out=%q and $LOCALHOST_HOME=%q", in, out, os.Getenv("LOCALHOST_HOME"))
+	flag.Parse()
+
+	cfg, err := clientcmd.LoadFromFile(in)
+	if err != nil {
+		log.Fatal(err)
+	}
+	d, _ := filepath.Split(out)
+	if err := os.MkdirAll(d, 0755); err != nil {
+		log.Fatal(err)
+	}
+	for _, cluster := range cfg.Clusters {
+		if cluster.ProxyURL != "" {
+			cluster.ProxyURL = rewriteHost(cluster.ProxyURL)
+			continue
+		}
+		cluster.Server = rewriteHost(cluster.Server)
+		cluster.CertificateAuthority = rewriteHome(cluster.CertificateAuthority)
+	}
+	for _, user := range cfg.AuthInfos {
+		user.ClientCertificate = rewriteHome(user.ClientCertificate)
+		user.ClientKey = rewriteHome(user.ClientKey)
+	}
+	if err := clientcmd.WriteToFile(*cfg, out); err != nil {
+		log.Fatal(err)
+	}
+}
+
+func rewriteHost(s string) string {
+	s = strings.ReplaceAll(s, "127.0.0.1", "host.docker.internal")
+	s = strings.ReplaceAll(s, "localhost", "host.docker.internal")
+	return s
+}
+
+func rewriteHome(s string) string {
+	s = strings.ReplaceAll(s, os.ExpandEnv("$LOCALHOST_HOME"), os.ExpandEnv("$HOME"))
+	s = strings.ReplaceAll(s, ".minikube", ".minikube-localhost")
+	return s
+}
diff --git a/Makefile b/Makefile
@@ -15,3 +15,8 @@ build:
 
 release:
 	SIGNADOT_IMAGE_SUFFIX='' goreleaser release --rm-dist
+
+
+devcontainer:
+	GOOS=linux go build -o .devcontainer/signadot ./cmd/signadot
+	GOARCH=$(shell go env GOARCH) devcontainer --workspace-folder . build