├── .circleci └── config.yml ├── .github └── FUNDING.yml ├── .gitignore ├── Dockerfile ├── LICENSE ├── README.md ├── build.sh └── latest_versions.sh /.circleci/config.yml: -------------------------------------------------------------------------------- 1 | version: 2.1 2 | 3 | # Prerequisite 4 | # Make sure you set secret enviroment variables in CICD 5 | # DOCKER_USERNAME 6 | # DOCKER_PASSWORD 7 | # API_TOKEN 8 | 9 | # REBUILD - it has default value "false", if need rebuild the image, turn it on with value "true" 10 | 11 | parameters: 12 | rebuild: 13 | type: string 14 | default: "false" 15 | 16 | jobs: 17 | build: 18 | docker: 19 | - image: alpine/docker-with-buildx 20 | environment: 21 | REBUILD: << pipeline.parameters.rebuild >> 22 | steps: 23 | - checkout 24 | - setup_remote_docker: 25 | docker_layer_caching: true 26 | - run: 27 | name: Run Build 28 | no_output_timeout: 30m 29 | command: | 30 | apk --no-cache --update add bash curl sudo 31 | echo $REBUILD 32 | bash ./build.sh 33 | 34 | scan: 35 | docker: 36 | - image: alpine/trivy 37 | steps: 38 | - checkout 39 | - run: | 40 | apk add bash 41 | latest_versions=$(bash ./latest_versions.sh) 42 | for tag in ${latest_versions} 43 | do 44 | echo "Scan image alpine/k8s:${tag} ..." 45 | trivy image -s "HIGH,CRITICAL" alpine/k8s:${tag} 46 | echo "==== End of Scan ====" 47 | done 48 | 49 | workflows: 50 | build: 51 | jobs: 52 | - build: 53 | name: build 54 | context: Docker-Hub 55 | filters: 56 | branches: 57 | only: 58 | - master 59 | - main 60 | - scan: 61 | requires: 62 | - build 63 | name: scan 64 | context: 65 | - Docker-Hub 66 | filters: 67 | branches: 68 | only: 69 | - master 70 | - main 71 | 72 | nightly: 73 | triggers: 74 | - schedule: 75 | cron: "0 2 * * 0" 76 | filters: 77 | branches: 78 | only: 79 | - master 80 | - main 81 | jobs: 82 | - build: 83 | name: build 84 | context: Docker-Hub 85 | filters: 86 | branches: 87 | only: 88 | - master 89 | - main 90 | 91 | - scan: 92 | requires: 93 | - build 94 | name: scan 95 | context: 96 | - Docker-Hub 97 | filters: 98 | branches: 99 | only: 100 | - master 101 | - main 102 | -------------------------------------------------------------------------------- /.github/FUNDING.yml: -------------------------------------------------------------------------------- 1 | # These are supported funding model platforms 2 | 3 | github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2] 4 | patreon: # Replace with a single Patreon username 5 | open_collective: # Replace with a single Open Collective username 6 | ko_fi: # Replace with a single Ko-fi username 7 | tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel 8 | community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry 9 | liberapay: # Replace with a single Liberapay username 10 | issuehunt: # Replace with a single IssueHunt username 11 | otechie: # Replace with a single Otechie username 12 | custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2'] 13 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | release.html 2 | release.txt 3 | 4 | # IDES 5 | .idea/ 6 | .vscode/ 7 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM alpine 2 | 3 | ARG ARCH 4 | 5 | # Ignore to update versions here 6 | # docker build --no-cache --build-arg KUBECTL_VERSION=${tag} --build-arg HELM_VERSION=${helm} --build-arg KUSTOMIZE_VERSION=${kustomize_version} -t ${image}:${tag} . 7 | ARG HELM_VERSION=3.2.1 8 | ARG KUBECTL_VERSION=1.17.5 9 | ARG KUSTOMIZE_VERSION=v3.8.1 10 | ARG KUBESEAL_VERSION=0.18.1 11 | ARG KREW_VERSION=v0.4.4 12 | ARG VALS_VERSION=0.28.1 13 | ARG KUBECONFORM_VERSION=0.6.3 14 | 15 | # Install helm (latest release) 16 | # ENV BASE_URL="https://storage.googleapis.com/kubernetes-helm" 17 | RUN case `uname -m` in \ 18 | x86_64) ARCH=amd64; ;; \ 19 | armv7l) ARCH=arm; ;; \ 20 | aarch64) ARCH=arm64; ;; \ 21 | ppc64le) ARCH=ppc64le; ;; \ 22 | s390x) ARCH=s390x; ;; \ 23 | *) echo "un-supported arch, exit ..."; exit 1; ;; \ 24 | esac && \ 25 | echo "export ARCH=$ARCH" > /envfile && \ 26 | cat /envfile 27 | 28 | RUN . /envfile && echo $ARCH && \ 29 | apk add --update --no-cache curl ca-certificates bash git && \ 30 | curl -sL https://get.helm.sh/helm-v${HELM_VERSION}-linux-${ARCH}.tar.gz | tar -xvz && \ 31 | mv linux-${ARCH}/helm /usr/bin/helm && \ 32 | chmod +x /usr/bin/helm && \ 33 | rm -rf linux-${ARCH} 34 | 35 | # add helm-diff 36 | RUN helm plugin install https://github.com/databus23/helm-diff && rm -rf /tmp/helm-* 37 | 38 | # add helm-unittest 39 | RUN helm plugin install https://github.com/helm-unittest/helm-unittest && rm -rf /tmp/helm-* 40 | 41 | # add helm-push 42 | RUN helm plugin install https://github.com/chartmuseum/helm-push && \ 43 | rm -rf /tmp/helm-* \ 44 | /root/.local/share/helm/plugins/helm-push/testdata \ 45 | /root/.cache/helm/plugins/https-github.com-chartmuseum-helm-push/testdata 46 | 47 | # Install kubectl 48 | RUN . /envfile && echo $ARCH && \ 49 | curl -sLO "https://dl.k8s.io/release/v${KUBECTL_VERSION}/bin/linux/${ARCH}/kubectl" && \ 50 | mv kubectl /usr/bin/kubectl && \ 51 | chmod +x /usr/bin/kubectl 52 | 53 | # Install kustomize (latest release) 54 | RUN . /envfile && echo $ARCH && \ 55 | curl -sLO https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2F${KUSTOMIZE_VERSION}/kustomize_${KUSTOMIZE_VERSION}_linux_${ARCH}.tar.gz && \ 56 | tar xvzf kustomize_${KUSTOMIZE_VERSION}_linux_${ARCH}.tar.gz && \ 57 | mv kustomize /usr/bin/kustomize && \ 58 | chmod +x /usr/bin/kustomize && \ 59 | rm kustomize_${KUSTOMIZE_VERSION}_linux_${ARCH}.tar.gz 60 | 61 | # Install eksctl (latest version) 62 | RUN . /envfile && echo $ARCH && \ 63 | curl -sL "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_${ARCH}.tar.gz" | tar xz -C /tmp && \ 64 | mv /tmp/eksctl /usr/bin && \ 65 | chmod +x /usr/bin/eksctl 66 | 67 | # Install awscli 68 | # Temp fix to allow system-wide package installation: 69 | # https://stackoverflow.com/a/76540031/3671801 70 | RUN apk add --update --no-cache py3-pip && \ 71 | pip3 install --break-system-packages --upgrade pip setuptools && \ 72 | pip3 install --break-system-packages awscli && \ 73 | pip3 cache purge 74 | 75 | # Install jq 76 | RUN apk add --update --no-cache jq yq 77 | 78 | # https://docs.aws.amazon.com/eks/latest/userguide/install-aws-iam-authenticator.html 79 | # Install aws-iam-authenticator (latest version) 80 | RUN . /envfile && echo $ARCH && \ 81 | authenticator=$(curl -fs https://api.github.com/repos/kubernetes-sigs/aws-iam-authenticator/releases/latest | jq --raw-output '.name' | sed 's/^v//') && \ 82 | curl -fL https://github.com/kubernetes-sigs/aws-iam-authenticator/releases/download/v${authenticator}/aws-iam-authenticator_${authenticator}_linux_${ARCH} -o /usr/bin/aws-iam-authenticator && \ 83 | chmod +x /usr/bin/aws-iam-authenticator 84 | 85 | # Install for envsubst 86 | RUN apk add --update --no-cache gettext 87 | 88 | # Install kubeseal 89 | RUN . /envfile && echo $ARCH && \ 90 | curl -L https://github.com/bitnami-labs/sealed-secrets/releases/download/v${KUBESEAL_VERSION}/kubeseal-${KUBESEAL_VERSION}-linux-${ARCH}.tar.gz -o - | tar xz -C /usr/bin/ && \ 91 | chmod +x /usr/bin/kubeseal 92 | 93 | # Install vals 94 | RUN . /envfile && echo $ARCH && \ 95 | curl -L https://github.com/helmfile/vals/releases/download/v${VALS_VERSION}/vals_${VALS_VERSION}_linux_${ARCH}.tar.gz -o -| tar xz -C /usr/bin/ && \ 96 | chmod +x /usr/bin/vals 97 | 98 | # Install krew (latest release) 99 | RUN . /envfile && echo $ARCH && \ 100 | curl -fsSLO "https://github.com/kubernetes-sigs/krew/releases/download/v${KREW_VERSION}/krew-linux_${ARCH}.tar.gz" && \ 101 | tar zxvf krew-linux_${ARCH}.tar.gz && \ 102 | ./krew-linux_${ARCH} install krew && \ 103 | echo 'export PATH=/root/.krew/bin:$PATH' >> ~/.bashrc && \ 104 | rm krew-linux_${ARCH}.tar.gz 105 | 106 | # Install kubeconform 107 | RUN . /envfile && echo $ARCH && \ 108 | curl -L https://github.com/yannh/kubeconform/releases/download/v${KUBECONFORM_VERSION}/kubeconform-linux-${ARCH}.tar.gz -o - | tar xz -C /usr/bin/ && \ 109 | chmod +x /usr/bin/kubeconform 110 | 111 | WORKDIR /apps 112 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2018 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # All-In-One Kubernetes tools (kubectl, helm, iam-authenticator, eksctl, kubeseal, etc) 2 | 3 | [If enjoy, please consider buying me a coffee.](https://www.buymeacoffee.com/ozbillwang) 4 | 5 | kubernetes docker images with necessary tools 6 | 7 | [![DockerHub Badge](http://dockeri.co/image/alpine/k8s)](https://hub.docker.com/r/alpine/k8s/) 8 | 9 | ### Notes 10 | 11 | (1) **There is no `latest` tag for this image** 12 | 13 | (2) If you need more tools to be added, raise tickets in issues. 14 | 15 | (3) This image supports `linux/amd64,linux/arm64` platforms now, updated on 15th Feb 2023 with [#54](https://github.com/alpine-docker/k8s/pull/54) 16 | 17 | ### Installed tools 18 | 19 | - [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) (latest minor versions: https://kubernetes.io/releases/) 20 | - [kustomize](https://github.com/kubernetes-sigs/kustomize) (latest release: https://github.com/kubernetes-sigs/kustomize/releases/latest) 21 | - [helm](https://github.com/helm/helm) (latest release: https://github.com/helm/helm/releases/latest) 22 | - [helm-diff](https://github.com/databus23/helm-diff) (latest commit) 23 | - [helm-unittest](https://github.com/helm-unittest/helm-unittest) (latest commit) 24 | - [helm-push](https://github.com/chartmuseum/helm-push) (latest commit) 25 | - [aws-iam-authenticator](https://github.com/kubernetes-sigs/aws-iam-authenticator) (latest version when run the build) 26 | - [eksctl](https://github.com/weaveworks/eksctl) (latest version when run the build) 27 | - [awscli v1](https://github.com/aws/aws-cli) (latest version when run the build) 28 | - [kubeseal](https://github.com/bitnami-labs/sealed-secrets) (latest version when run the build) 29 | - [krew](https://github.com/kubernetes-sigs/krew) (latest version when run the build) 30 | - [vals](https://github.com/helmfile/vals) (latest version when run the build) 31 | - [kubeconform](https://github.com/yannh/kubeconform) (latest version when run the build) 32 | - General tools, such as bash, curl, jq, yq, etc 33 | 34 | ### Github Repo 35 | 36 | https://github.com/alpine-docker/k8s 37 | 38 | ### build logs 39 | 40 | https://app.circleci.com/pipelines/github/alpine-docker/k8s 41 | 42 | ### Docker image tags 43 | 44 | https://hub.docker.com/r/alpine/k8s/tags/ 45 | 46 | # Why we need it 47 | 48 | Mostly it is used during CI/CD (continuous integration and continuous delivery) or as part of an automated build/deployment 49 | 50 | # kubectl versions 51 | 52 | You should check in [kubernetes versions](https://kubernetes.io/releases/), it lists the kubectl latest minor versions and used as image tags. 53 | 54 | # Involve with developing and testing 55 | 56 | If you want to build these images by yourself, please follow below commands. 57 | 58 | ``` 59 | export REBUILD=true 60 | # comment the line in file "build.sh" to stop image push: docker push ${image}:${tag} 61 | bash ./build.sh 62 | ``` 63 | 64 | Second thinking, if you are adding a new tool, make sure it is supported in both `linux/amd64,linux/arm64` platforms 65 | 66 | ### Notes for krew usage 67 | 68 | You need execute `source ~/.bashrc` before execute krew 69 | ``` 70 | $(DOCKER_CMD) bash -c "source ~/.bashrc" && kubectl krew update 71 | $(DOCKER_CMD) bash -c "source ~/.bashrc" && kubectl krew install modify-secret ns grep 72 | ``` 73 | 74 | ### Weekly build 75 | 76 | Automation build job runs weekly by Circle CI Pipeline. 77 | 78 | ## Star History 79 | 80 | [![Star History Chart](https://api.star-history.com/svg?repos=alpine-docker/k8s&type=Date)](https://star-history.com/#alpine-docker/k8s&Date) 81 | 82 | -------------------------------------------------------------------------------- /build.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Prerequisite 4 | # Make sure you set secret enviroment variables in CI 5 | # DOCKER_USERNAME 6 | # DOCKER_PASSWORD 7 | 8 | # set -ex 9 | 10 | set -e 11 | 12 | install_jq() { 13 | # jq 1.6 14 | DEBIAN_FRONTEND=noninteractive 15 | #sudo apt-get update && sudo apt-get -q -y install jq 16 | curl -sL https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 -o jq 17 | sudo mv jq /usr/bin/jq 18 | sudo chmod +x /usr/bin/jq 19 | } 20 | 21 | build() { 22 | # helm latest, hold the release candidates 23 | helm=$(curl -s https://api.github.com/repos/helm/helm/releases | jq -r '.[].tag_name | select([startswith("v"), (contains("-rc") | not)] | all)' \ 24 | | sort -rV | head -n 1 |sed 's/v//') 25 | echo "helm version is $helm" 26 | 27 | # kustomize latest 28 | kustomize_release=$(curl -s https://api.github.com/repos/kubernetes-sigs/kustomize/releases | jq -r '.[].tag_name | select(contains("kustomize"))' \ 29 | | sort -rV | head -n 1) 30 | kustomize_version=$(basename ${kustomize_release}) 31 | echo "kustomize version is $kustomize_version" 32 | 33 | # kubeseal latest 34 | kubeseal_version=$(curl -s https://api.github.com/repos/bitnami-labs/sealed-secrets/releases | jq -r '.[].tag_name | select(startswith("v"))' \ 35 | | sort -rV | head -n 1 |sed 's/v//') 36 | echo "kubeseal version is $kubeseal_version" 37 | 38 | # krew latest 39 | krew_version=$(curl -s https://api.github.com/repos/kubernetes-sigs/krew/releases | jq -r '.[].tag_name | select(startswith("v"))' \ 40 | | sort -rV | head -n 1 |sed 's/v//') 41 | echo "krew version is $krew_version" 42 | 43 | # vals latest 44 | vals_version=$(curl -s https://api.github.com/repos/helmfile/vals/releases | jq -r '.[].tag_name | select(startswith("v"))' \ 45 | | sort -rV | head -n 1 |sed 's/v//') 46 | echo "vals version is $vals_version" 47 | 48 | # kubeconform latest 49 | kubeconform_version=$(curl -s https://api.github.com/repos/yannh/kubeconform/releases | jq -r '.[].tag_name | select(startswith("v"))' \ 50 | | sort -rV | head -n 1 |sed 's/v//') 51 | echo "kubeconform version is $kubeconform_version" 52 | 53 | docker build --no-cache \ 54 | --build-arg KUBECTL_VERSION=${tag} \ 55 | --build-arg HELM_VERSION=${helm} \ 56 | --build-arg KUSTOMIZE_VERSION=${kustomize_version} \ 57 | --build-arg KUBESEAL_VERSION=${kubeseal_version} \ 58 | --build-arg KREW_VERSION=${krew_version} \ 59 | --build-arg VALS_VERSION=${vals_version} \ 60 | --build-arg KUBECONFORM_VERSION=${kubeconform_version} \ 61 | -t ${image}:${tag} . 62 | 63 | # run test 64 | echo "Detected Helm3+" 65 | version=$(docker run --rm ${image}:${tag} helm version) 66 | # version.BuildInfo{Version:"v3.6.3", GitCommit:"d506314abfb5d21419df8c7e7e68012379db2354", GitTreeState:"clean", GoVersion:"go1.16.5"} 67 | 68 | version=$(echo ${version}| awk -F \" '{print $2}') 69 | if [ "${version}" == "v${helm}" ]; then 70 | echo "matched" 71 | else 72 | echo "unmatched" 73 | exit 74 | fi 75 | 76 | if [[ "$CIRCLE_BRANCH" == "master" ]]; then 77 | docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD 78 | docker buildx create --use 79 | docker buildx build --no-cache --push \ 80 | --platform=linux/amd64,linux/arm64 \ 81 | --build-arg KUBECTL_VERSION=${tag} \ 82 | --build-arg HELM_VERSION=${helm} \ 83 | --build-arg KUSTOMIZE_VERSION=${kustomize_version} \ 84 | --build-arg KUBESEAL_VERSION=${kubeseal_version} \ 85 | --build-arg KREW_VERSION=${krew_version} \ 86 | --build-arg VALS_VERSION=${vals_version} \ 87 | --build-arg KUBECONFORM_VERSION=${kubeconform_version} \ 88 | -t ${image}:${tag} . 89 | fi 90 | } 91 | 92 | image="alpine/k8s" 93 | 94 | install_jq 95 | 96 | # Get the list of all releases tags, excludes alpha, beta, rc tags 97 | releases=$(curl -s https://api.github.com/repos/kubernetes/kubernetes/releases | jq -r '.[].tag_name | select(test("alpha|beta|rc") | not)') 98 | 99 | # Loop through the releases and extract the minor version number 100 | for release in $releases; do 101 | minor_version=$(echo $release | awk -F'.' '{print $1"."$2}') 102 | 103 | # Check if the minor version is already in the array of minor versions 104 | if [[ ! " ${minor_versions[@]} " =~ " ${minor_version} " ]]; then 105 | minor_versions+=($minor_version) 106 | fi 107 | done 108 | 109 | # Sort the unique minor versions in reverse order 110 | sorted_minor_versions=($(echo "${minor_versions[@]}" | tr ' ' '\n' | sort -rV)) 111 | 112 | # Loop through the first 4 unique minor versions and get the latest version for each 113 | for i in $(seq 0 3); do 114 | minor_version="${sorted_minor_versions[$i]}" 115 | latest_version=$(echo "$releases" | grep "^$minor_version\." | sort -rV | head -1 | sed 's/v//') 116 | latest_versions+=($latest_version) 117 | done 118 | 119 | echo "Found k8s latest versions: ${latest_versions[*]}" 120 | 121 | for tag in "${latest_versions[@]}"; do 122 | echo ${tag} 123 | status=$(curl -sL https://hub.docker.com/v2/repositories/${image}/tags/${tag}) 124 | echo $status 125 | if [[ ( "${status}" =~ "not found" ) ||( ${REBUILD} == "true" ) ]]; then 126 | echo "build image for ${tag}" 127 | build 128 | fi 129 | done 130 | -------------------------------------------------------------------------------- /latest_versions.sh: -------------------------------------------------------------------------------- 1 | image="alpine/k8s" 2 | 3 | # jq 1.6 4 | DEBIAN_FRONTEND=noninteractive 5 | #sudo apt-get update && sudo apt-get -q -y install jq 6 | curl -sL https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 -o jq 7 | mv jq /usr/bin/jq 8 | chmod +x /usr/bin/jq 9 | 10 | # Get the list of all releases tags, excludes alpha, beta, rc tags 11 | releases=$(curl -s https://api.github.com/repos/kubernetes/kubernetes/releases | jq -r '.[].tag_name | select(test("alpha|beta|rc") | not)') 12 | 13 | # Loop through the releases and extract the minor version number 14 | for release in $releases; do 15 | minor_version=$(echo $release | awk -F'.' '{print $1"."$2}') 16 | 17 | # Check if the minor version is already in the array of minor versions 18 | if [[ ! " ${minor_versions[@]} " =~ " ${minor_version} " ]]; then 19 | minor_versions+=($minor_version) 20 | fi 21 | done 22 | 23 | # Sort the unique minor versions in reverse order 24 | sorted_minor_versions=($(echo "${minor_versions[@]}" | tr ' ' '\n' | sort -rV)) 25 | 26 | # Loop through the first 4 unique minor versions and get the latest version for each 27 | for i in $(seq 0 3); do 28 | minor_version="${sorted_minor_versions[$i]}" 29 | latest_version=$(echo "$releases" | grep "^$minor_version\." | sort -rV | head -1 | sed 's/v//') 30 | latest_versions+=($latest_version) 31 | done 32 | 33 | echo "${latest_versions[*]}" 34 | --------------------------------------------------------------------------------