Simple Ubuntu 16.10 image with various packages installed for remote server management. Meant to be deployed on any cloud instance and populated with SSH keys and credentials to manage Kubernetes, git repos, etc.
kubectlgcloudgcsfuse
- Run
gcloud initto get started with Google Cloud
Note: Run these commands on the host
-
You'll need Google Cloud SDK,
gcsfuseand Docker Community Edition- Run the
tools-*.shscript for your host's distribution, e.g:
chmod +x tools-ubuntu-debian.sh ./tools-ubuntu-debian.sh
- Run the
-
Obtain Application Default Credentials for
gcsfusegcloud auth application-default login- Or use a JSON file
-
Mount a GCS Bucket:
sudo mkdir /mnt/gcsbucket && chown $USER:$USER /mnt/gcsbucket sudo sed -i 's/^#user_allow_other/user_allow_other/g' /etc/fuse.conf gcsfuse -o allow_other name_of_your_GCS_bucket /mnt/gcsbucket
-
Create a
Secretdirectory in you bucket and encrypt it withecryptfscd /mnt/gcsbucket mkdir -m 700 .secret mkdir -m 500 secret sudo mount -t ecryptfs .secret/ secret/ -
Go through the setup steps and write down your chosen passphrase.
- You can unmount and re-encrypt your secrets with
sudo umount /mnt/gcsbucket/secret/. - Repeat the
sudo mount -t ecryptfs .secret/ secret/to mount your secret directory anytime, going through the interactive prompts and answering the same way as when you initially set it up.
- You can unmount and re-encrypt your secrets with
-
Start a container with the bucket and secrets mounted:
docker run -it -v /mnt/gcsbucket:/root/gcsbucket chepurko/remote-comm-yakkety /bin/bash -
NOTE: The Dockerfile relies on your directories being named
gcsbucket, so if you must use a different dir name then you'll have to modify the Dockerfile on your own as welll.