initial commit

.github/workflows/build.yml

@@ -0,0 +1,18 @@
+name: Run Shared Build Workflow
+
+on:
+  pull_request:
+    branches:
+      - main
+      - master
+
+jobs:
+  build:
+    permissions:
+      contents: read
+    uses: jabez007/aws-kubectl/.github/workflows/shared.build_and_push.yml@master
+    with:
+      build-args: |
+        AWS_REGION=${{ vars.AWS_REGION }}
+        EKS_CLUSTER=${{ vars.EKS_CLUSTER }}
+    secrets: inherit

.github/workflows/build_and_push.yml

@@ -0,0 +1,23 @@
+name: Run Shared Build and Push Workflow
+
+on:
+  push:
+    branches:
+      - main
+      - master
+    paths:
+      - 'Dockerfile'
+      - '*.sh'
+
+jobs:
+  build_and_push:
+    permissions:
+      contents: read
+      packages: write # required if push is true
+    uses: jabez007/aws-kubectl/.github/workflows/shared.build_and_push.yml@master
+    with:
+      push: true
+      build-args: |
+        AWS_REGION=${{ vars.AWS_REGION }}
+        EKS_CLUSTER=${{ vars.EKS_CLUSTER }}
+    secrets: inherit

.github/workflows/shared.build_and_push.yml

@@ -0,0 +1,95 @@
+name: Build and Push Docker Image to GHCR
+
+on:
+  workflow_call:
+    inputs:
+      artifact-name:
+        required: false
+        type: string
+      artifact-path:
+        type: string
+        default: .
+      platforms:
+        type: string
+        default: linux/amd64,linux/arm64
+      build-args:
+        required: false
+        type: string
+      tag:
+        required: false
+        type: string
+      push:
+        type: boolean
+        default: false
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: See which repo we just cloned
+        if: ${{ vars.PIPELINE_DEBUG == 'true' }}
+        run: ls -lha
+
+      - name: Get short commit hash
+        id: git_commit
+        run: echo "short_hash=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT"
+
+      - name: Download artifacts
+        if: ${{ inputs.artifact-name != '' }}
+        uses: actions/download-artifact@v2
+        with:
+          name: ${{ inputs.artifact-name }}
+          path: ${{ inputs.artifact-path }}
+
+      - name: See which artifacts we just downloaded
+        if: ${{ inputs.artifact-name != '' && vars.PIPELINE_DEBUG == 'true' }}
+        run: ls ${{ inputs.artifact-path }} -lha
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Log in to GitHub Container Registry
+        if: ${{ inputs.push }}
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }} # The name of the person or app that initiated the workflow. For example, octocat.
+          password: ${{ secrets.GITHUB_TOKEN }} # automatically provided by GitHub Actions, so you don't need to create it manually.
+
+      - name: Build and push Docker image
+        if: ${{ inputs.push }}
+        uses: docker/build-push-action@v4
+        with:
+          platforms: ${{ inputs.platforms }}
+          build-args: ${{ inputs.build-args }}
+          context: .
+          push: true
+          # GITHUB_REPOSITORY = The owner and repository name. For example, octocat/Hello-World.
+          # ghcr.io prefix makes sure we are pushing to GHCR
+          tags: ghcr.io/${{ github.repository }}:${{ github.event.inputs.tag || steps.git_commit.outputs.short_hash }} # octocat/Hello-World:ffac537
+
+      - name: Build and export Docker image
+        if: ${{ ! inputs.push }}
+        uses: docker/build-push-action@v4
+        with:
+          build-args: ${{ inputs.build-args }}
+          context: .
+          tags: ${{ github.repository }}:${{ github.event.inputs.tag || steps.git_commit.outputs.short_hash }}
+          outputs: type=docker,dest=/tmp/${{ github.event.repository.name }}.tar
+
+      - name: Upload image artifacts
+        if: ${{ ! inputs.push }}
+        uses: actions/upload-artifact@v2
+        with:
+          name: ${{ steps.git_commit.outputs.short_hash }}
+          path: /tmp/${{ github.event.repository.name }}.tar
+
+      - name: Post cleanup
+        run: docker image prune -f

Dockerfile

@@ -0,0 +1,54 @@
+ARG AWS_REGION
+ARG EKS_CLUSTER
+
+FROM --platform=$BUILDPLATFORM debian:stable-slim
+
+# Set target architecture variable
+ARG TARGETARCH
+
+# Install dependencies
+RUN apt-get update && apt-get install -y \
+  unzip \
+  bash \
+  curl \
+  jq \
+  yq \
+  && rm -rf /var/lib/apt/lists/*
+
+# Install kubectl
+RUN curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/${TARGETARCH}/kubectl" \
+  && install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
+
+# Verify kubectl install
+RUN kubectl version --client
+
+# Install aws cli
+RUN if [ "$TARGETARCH" = "arm64" ]; then \
+    curl "https://awscli.amazonaws.com/awscli-exe-linux-aarch64.zip" -o "awscliv2.zip"; \
+  else \
+    curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"; \
+  fi \
+  && unzip awscliv2.zip \
+  && ./aws/install \
+  && rm -rf awscliv2.zip aws
+
+# Verify aws cli install
+RUN aws --version
+
+# Add aliases to .bashrc
+RUN echo "alias update-kubeconfig='aws eks update-kubeconfig --region ${AWS_REGION} --name ${EKS_CLUSTER}'" >> /root/.bashrc
+
+# Copy the entrypoint script into the container
+COPY entrypoint.sh /usr/local/bin/entrypoint.sh
+
+# Make the entrypoint script executable
+RUN chmod +x /usr/local/bin/entrypoint.sh
+
+# Set the entrypoint to the script
+ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
+
+# Set the working directory
+WORKDIR /home/root
+
+# Set bash as the default shell
+CMD ["/bin/bash"]

README.md

@@ -0,0 +1,66 @@
+# aws-kubectl
+
+This repository provides a Dockerfile to build an image with the AWS CLI and `kubectl` installed.
+The image includes a startup script that ensures AWS Single Sign-On (SSO) is configured when the container starts.
+Additionally, the image configures an alias in the `.bashrc` to update the kubeconfig with the specified AWS region and EKS cluster name.
+
+## Features
+
+- AWS CLI pre-installed
+- `kubectl` pre-installed
+- Automatic SSO configuration at startup
+- Alias for updating kubeconfig with AWS region and EKS cluster
+
+## Build Arguments
+
+The Docker image build requires the following arguments:
+
+- `AWS_REGION`: The AWS region where your EKS cluster is located.
+- `EKS_CLUSTER`: The name of your EKS cluster.
+
+### Build the Docker Image
+
+To build the Docker image with the required arguments, run:
+
+```bash
+docker build --build-arg AWS_REGION=<your-region> --build-arg EKS_CLUSTER=<your-cluster-name> -t aws-kubectl .
+```
+
+### Running the Container
+
+To run the container, ensure your local `.aws` directory is mounted to the container's `/root/.aws` directory. This allows the container to access your AWS configurations and credentials, including SSO profiles.
+
+#### Example for Linux/macOS, Windows with WSL, or Git Bash
+
+```bash
+docker run -it --rm -v ~/.aws:/root/.aws aws-kubectl
+```
+
+#### Example for Windows with PowerShell
+
+```powershell
+docker run -it --rm -v ${env:USERPROFILE}\.aws:/root/.aws aws-kubectl
+```
+
+### Using the Kubeconfig Alias
+
+Once the container is running, you can use the configured alias to update your kubeconfig:
+
+```bash
+update-kubeconfig
+```
+
+This command automatically updates the kubeconfig with the AWS region and EKS cluster name specified during the build.
+
+### Notes
+
+- The container must have access to your AWS credentials, so mounting your `.aws` directory is necessary.
+- The startup script will check if SSO is configured and prompt you if additional steps are required.
+
+## Contributing
+
+Feel free to open issues or submit pull requests if you find any bugs or have suggestions for improvements.
+
+## License
+
+This project is licensed under the MIT License. See the [LICENSE](LICENSE) file for details.

entrypoint.sh

@@ -0,0 +1,11 @@
+#!/bin/bash
+
+# Check if the 'eks' profile exists
+aws configure list-profiles | grep -q '^eks$'
+if [ $? -eq 0 ]; then
+  echo "Profile 'eks' found. Running 'aws sso login --profile eks'."
+  aws sso login --profile eks
+else
+  echo "Profile 'eks' not found. Running 'aws configure sso'."
+  aws configure sso
+fi