Container image with infra tools (terraform, terragrunt, aws cli, helm, kubectl...). Useful for CI/CD.
Table of Contents generated with mtoc
- Badges
- About
- Architecture
- Main tools
- Versioning
- Installing python libraries
- Global gitconfig for internal git servers with self signed certificate
- Lint
- Image security scan with Trivy
- Local dev
- Using
run.shscript (Recommended) - TODO
- CHANGELOG
- LICENSE
How many times do you need a container image with tools like terraform, helm, kubectl, aws cli, terragrunt... among many others? Aren't you tired of having to maintain all of them in each repository, instead of having one "general" one that can be used in multiple repos?
Available tags: https://hub.docker.com/r/containerscrew/infratools/tags
| Arch | Supported | Tested |
|---|---|---|
| amd64 | β | β |
| arm64 | β | β |
| Tool | Available |
|---|---|
| Terraform | β |
| Terragrunt | β |
| Kubectl | β |
| Helm | β |
| AWS CLI | β |
| tftools | β |
| tfenv | β |
| ohmyzsh | β |
Take a look to all the available installed tools inside the Dockerfile
Tip
You can change terraform version dynamically using tfenv or setting .terraform-version file in your repository.
- Alpine core packages: https://pkgs.alpinelinux.org/packages
- AWS cli v2 is installed directly from official alpine repository. If you need to look for other version, visit this page
- For every new version, a new git tag will be created. You can see versioning inside Dockerfile
If you try to install python libraries using `pip3`, you will see the following error:
Error:
Γ This environment is externally managed
β°β>
The system-wide python installation should be maintained using the system
package manager (apk) only.
If the package in question is not packaged already (and hence installable via
"apk add py3-somepackage"), please consider installing it inside a virtual
environment, e.g.:
python3 -m venv /path/to/venv
. /path/to/venv/bin/activate
pip install mypackage
To exit the virtual environment, run:
deactivate
The virtual environment is not deleted, and can be re-entered by re-sourcing
the activate file.
To automatically manage virtual environments, consider using pipx (from the
pipx package).
note: If you believe this is a mistake, please contact your Python installation or OS distribution provider. You can override this, at the risk of breaking your Python installation or OS, by passing --break-system-packages.
hint: See PEP 668 for the detailed specification.
Install library + deps:
pipx install boto3 --include-depsInstall a package:
pipx install your-package-name # visit pypippython3 -m venv /path/to/venv
. /path/to/venv/bin/activate
pip3 install mypackagepip3 install boto3 --break-system-packagesIf using custom git repository with self signed certificate, just edit in your ~/.gitconfig:
[http "https://gitlab.server.internal"]
##################################
# Self Signed Server Certificate #
##################################
sslCAInfo = /path/to/your/certificate.crt
#sslCAPath = /path/to/selfCA/
sslVerify = true # or set to false if you trustmake hadolintThis image uses trivy github action as a tool for security scanning.
Take a look to the official repo of Trivy.
make build-image
make trivy-scan # trivy image docker.io/containerscrew/infratools:testmake local-build
make local-run
# Or all in one
make local-build-runUse other version(tag) if needed (edit the Makefile).
Create a copy of the script run.sh in your repository and run it.
./run.sh
Usage: ./run.sh [-i (info)] [-u (update)] [-a (attach)]With this script, you can run the container or attach to an existing, update the container to the latest tag version, or get the current version of the container.
Important
Running this script, ZSH history will be saved in /code repository to allow persistent command history.
So, If you don't want to push the .zsh_history to git, add the file to .gitignore in the repo you are using.
- Add other dynamic version switchers for other tools (tgswitch, kubectl...)
- Seperate pipeline for build release + build in other branch