Container image with infra tools (terraform, terragrunt, aws cli, helm, kubectl...). Useful for CI/CD.
Table of Contents generated with mtoc
- Badges
- About
- Architecture
- Main tools
- Versioning
- Installing python libraries
- Global gitconfig for internal git servers with self signed certificate
- Lint
- Image security scan with Trivy
- Local dev
- Using
run.sh
script (Recommended) - TODO
- CHANGELOG
- LICENSE
How many times do you need a container image with tools like terraform, helm, kubectl, aws cli, terragrunt
... among many others? Aren't you tired of having to maintain all of them in each repository, instead of having one "general" one that can be used in multiple repos?
Available tags: https://hub.docker.com/r/containerscrew/infratools/tags
Arch | Supported | Tested |
---|---|---|
amd64 | ✅ | ✅ |
arm64 | ✅ | ✅ |
Tool | Available |
---|---|
Terraform | ✅ |
Terragrunt | ✅ |
Kubectl | ✅ |
Helm | ✅ |
AWS CLI | ✅ |
tftools | ✅ |
tfenv | ✅ |
ohmyzsh | ✅ |
Take a look to all the available installed tools inside the Dockerfile
Tip
You can change terraform
version dynamically using tfenv
or setting .terraform-version
file in your repository.
- Alpine core packages: https://pkgs.alpinelinux.org/packages
- AWS cli v2 is installed directly from official alpine repository. If you need to look for other version, visit this page
- For every new version, a new git tag will be created. You can see versioning inside Dockerfile
If you try to install python libraries using `pip3`, you will see the following error:
Error:
× This environment is externally managed ╰─> The system-wide python installation should be maintained using the system package manager (apk) only.If the package in question is not packaged already (and hence installable via "apk add py3-somepackage"), please consider installing it inside a virtual environment, e.g.: python3 -m venv /path/to/venv . /path/to/venv/bin/activate pip install mypackage To exit the virtual environment, run: deactivate The virtual environment is not deleted, and can be re-entered by re-sourcing the activate file. To automatically manage virtual environments, consider using pipx (from the pipx package).
note: If you believe this is a mistake, please contact your Python installation or OS distribution provider. You can override this, at the risk of breaking your Python installation or OS, by passing --break-system-packages. hint: See PEP 668 for the detailed specification.
Install library + deps:
pipx install boto3 --include-deps
Install a package:
pipx install your-package-name # visit pypip
python3 -m venv /path/to/venv
. /path/to/venv/bin/activate
pip3 install mypackage
pip3 install boto3 --break-system-packages
If using custom git repository with self signed certificate, just edit in your ~/.gitconfig
:
[http "https://gitlab.server.internal"]
##################################
# Self Signed Server Certificate #
##################################
sslCAInfo = /path/to/your/certificate.crt
#sslCAPath = /path/to/selfCA/
sslVerify = true # or set to false if you trust
make hadolint
This image uses trivy github action as a tool for security scanning.
Take a look to the official repo of Trivy.
make build-image
make trivy-scan # trivy image docker.io/containerscrew/infratools:test
make local-build
make local-run
# Or all in one
make local-build-run
Use other version(tag) if needed (edit the Makefile).
Create a copy of the script run.sh
in your repository and run it.
./run.sh
Usage: ./run.sh [-i (info)] [-u (update)] [-a (attach)]
With this script, you can run the container or attach to an existing, update the container to the latest tag version, or get the current version of the container.
Important
Running this script, ZSH history will be saved in /code repository to allow persistent command history.
So, If you don't want to push the .zsh_history to git, add the file to .gitignore
in the repo you are using.
- Add other dynamic version switchers for other tools (tgswitch, kubectl...)
- Seperate pipeline for build release + build in other branch