kubernetes-setup Dockerfile

.github/workflows/dev_builds.yml

@@ -7,6 +7,32 @@ on:
       - 'release-v[0-9]+.[0-9]+'
 
 jobs:
+  setup-image:
+    runs-on: ubuntu-20.04
+    steps:
+      - uses: actions/checkout@v2
+      - name: Build setup image
+        working-directory: deploy/docker/setup/
+        run: make build
+      # We need to install awscli v1 via pip because it contains a version
+      # that supports ecr-public while github actions environment on Ubuntu 20.04
+      # contains aws v2.1.4 which doesn't know about it yet.
+      # (support for ecr-public landed in v2.1.6)
+      # ref: https://github.com/actions/virtual-environments/blob/main/images/linux/Ubuntu2004-README.md
+      - name: install awscli
+        run: |
+          pip install awscli
+          echo "/home/runner/.local/bin" >> $GITHUB_PATH
+      - name: Login to AWS public ECR
+        working-directory: deploy/docker/setup/
+        run: make login
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_PUBLIC_ECR_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_PUBLIC_ECR_SECRET_ACCESS_KEY }}
+      - name: Push setup image
+        working-directory: deploy/docker/setup/
+        run: make push
+
   build:
     runs-on: ubuntu-20.04
     steps:

.github/workflows/pull_requests.yml

@@ -39,6 +39,14 @@ jobs:
       - name: yamllint
         run: make yamllint
 
+  setup-image:
+    runs-on: ubuntu-20.04
+    steps:
+      - uses: actions/checkout@v2
+      - name: Build setup image
+        working-directory: deploy/docker/setup/
+        run: make build
+
   test:
     runs-on: ubuntu-20.04
     needs: [markdownlint, shellcheck, yamllint]

deploy/docker/setup/Dockerfile

@@ -0,0 +1,30 @@
+FROM alpine:3
+
+ENV TERRAFORM_VERSION 0.12.25-r0
+
+RUN apk update \
+ && apk add --no-cache \
+        bash \
+        curl \
+        jq \
+        terraform=${TERRAFORM_VERSION} \
+ # ping group has a conflicting id: 999 so delete it
+ && delgroup ping \
+ && addgroup -g 999 setup \
+ && adduser -u 999 -D -G setup setup \
+ && mkdir /terraform /scripts \
+ && chown -R setup:setup /terraform /scripts
+
+# main.tf is copied from ../../helm/sumologic/conf/setup/setup.sh to minimize
+# docker context just to current directory
+COPY --chown=setup:setup ./main.tf /terraform/
+
+USER setup
+RUN cd /terraform/ \
+ && terraform init \
+ && rm main.tf
+
+ARG BUILD_TAG=latest
+ENV TAG $BUILD_TAG
+
+WORKDIR /terraform/

deploy/docker/setup/Makefile

@@ -0,0 +1,20 @@
+BUILD_TAG ?= latest
+IMAGE_NAME = kubernetes-setup
+ECR_URL = public.ecr.aws/u5z5f8z6
+REPO_URL = $(ECR_URL)/$(IMAGE_NAME)
+
+build:
+	DOCKER_BUILDKIT=1 docker build \
+		--build-arg BUILD_TAG=$(BUILD_TAG) \
+		--build-arg BUILDKIT_INLINE_CACHE=1 \
+		--cache-from $(REPO_URL):latest \
+		--tag $(IMAGE_NAME):$(BUILD_TAG) \
+		.
+
+push:
+	docker tag $(IMAGE_NAME):$(BUILD_TAG) $(REPO_URL):$(BUILD_TAG)
+	docker push $(REPO_URL):$(BUILD_TAG)
+
+login:
+	aws ecr-public get-login-password --region us-east-1 \
+	| docker login --username AWS --password-stdin $(ECR_URL)

deploy/docker/setup/main.tf

@@ -0,0 +1,6 @@
+terraform {
+  required_providers {
+    sumologic  = "~> 2.4"
+    kubernetes = "~> 1.13.0"
+  }
+}