cyclenerd/cloud-tools-container

docker

Hub

By cyclenerd

•Updated 11 days ago

📦 Ready-to-use image with cloud tools (AWS CLI, Google Cloud CLI, Terraform, Packer, Ansible)

Image

Integration & Delivery

Developer Tools

986

Overview Tags

Cloud Tools Container

Ready-to-use Docker container image for AWS CodeBuild/CodePipeline, Bitbucket Pipelines, CircleCI, GitHub Actions, GitLab runner jobs and Google Cloud Build.

Image:

cyclenerd/cloud-tools-container:latest

Multiarch support:

amd64 : Intel or AMD 64-Bit CPU (x86-64)
arm64 : Arm-based 64-Bit CPU (i.e. Apple silicon, AWS Graviton, Ampere Altra)

This project uses GitHub Actions⁠ for automated builds and deployments. The image is regularly rebuilt on the 15th of each month.

Software

This Docker container image is based on the Ubuntu 24.04 release (ubuntu:noble).

The following software is included and tested:

Ansible⁠ infrastructure as configuration (IaC) software tool (ansible and ansible-playbook)
AWS⁠ command line interface (CLI) tools (aws)
Firebase⁠ command line interface (CLI) tools (firebase)
fuego⁠ command line firestore client (fuego)
Hetzner Cloud CLI⁠ (hcloud)
GCR Cleaner⁠ deletes old container images on registries (gcr-cleaner-cli)
Google Cloud⁠ command line interface (CLI) tools (gcloud, gsutil and bq)
Open Policy Agent⁠ general-purpose policy engine, context-aware policy enforcement (opa)
Packer⁠ (packer)
ShellCheck⁠ analysis and linting tool for Shell/Bash scripts (shellcheck)
skopeo⁠ command line utility that performs various operations on container images and repositories (skopeo)
Terraform⁠ infrastructure as configuration (IaC) software tool (terraform)
- terraform-docs⁠ generates documentation from Terraform modules (terraform-docs)
- Terragrunt⁠ thin wrapper that provides extra tools (terragrunt)
- tflint⁠ linting tool for Terraform code (tflint)
- tfsec⁠ analysis security scanner for Terraform code (tfsec)
Kubernetes
- Helm⁠ package manager for Kubernetes (helm)
- Kubernetes cluster manager⁠ command line tool for communicating with a Kubernetes cluster (kubectl)
Vault⁠ password manager and authentication tool (vault)
Base packages
- GNU bash 5 (bash)
- apt-utils⁠
  - Advanced Packaging Tool⁠ package manager (apt, apt-get)
- build-essential⁠
  - GNU C compiler gcc
  - make⁠ utility for directing compilation (make)
- Common CA certificates⁠
- curl⁠ tool for transferring data with URL syntax (curl)
- DiG⁠ DNS lookup utility (dig)
- FIGlet⁠ prints its input using large characters (figlet)
- git⁠ distributed revision control system (git)
- jq⁠ JSON processor (jq)
- Mutt⁠ command line email client (mutt)
- Node.js⁠ JavaScript runtime environment (node)
  - npm⁠ package manager for the JavaScript (npm)
- OpenSSL⁠ cryptography toolkit (openssl)
- OpenSSH⁠ remote login client (ssh)
- Perl 5⁠ programming language (perl)
  - cpanm⁠ modules installer for Perl (cpanm)
- Python 3⁠ programming language (python3)
  - pip⁠ package installer for Python (pip3)
- Go⁠ programming language (go)
- GNU tar archiving utility (tar)
- De-archiver for .zip files (unzip)
- Archiver for .zip files (zip)

Run

Runs a command in the container, pulling the image if needed and starting the container.

Docker 🐳

Docker run command:

docker run cyclenerd/cloud-tools-container:latest aws --version

Podman 🦭

Podman run command:

podman run docker.io/cyclenerd/cloud-tools-container:latest aws --version

Examples

Example configurations for various CI/CD tools.

AWS CodeBuild

AWS CodeBuild configuration:

{
  "environment": {
    "type": "LINUX_CONTAINER",
    "image": "cyclenerd/cloud-tools-container:latest",
    "computeType": "BUILD_GENERAL1_SMALL"
  },
}

Google Cloud Build

Google Cloud Build (cloudbuild.yaml) configuration file:

steps:
  - name: 'cyclenerd/cloud-tools-container:latest'
    entrypoint: 'gcloud'
    args: ['--version']

GitLab CI/CD

Google Cloud Service Account Key

GitLab CI/CD (.gitlab-ci.yml) configuration with Google Cloud Service Account Key:

variables:
  GOOGLE_APPLICATION_CREDENTIALS: "/tmp/service_account_key.json"

default:
  image: cyclenerd/cloud-tools-container:latest
  before_script:
    # Login
    - echo "$YOUR_GOOGLE_CLOUD_SERVICE_ACCOUNT_KEY" > "$GOOGLE_APPLICATION_CREDENTIALS"
    - gcloud auth activate-service-account --key-file="$GOOGLE_APPLICATION_CREDENTIALS"

stages:
  - auth

gcloud-auth-list:
  stage: auth
  script:
    - gcloud auth list

Google Cloud Workload Identity Federation

GitLab CI/CD (.gitlab-ci.yml) configuration with Google Cloud Workload Identity Federation⁠ login:

variables:
  WIF_PROVIDER: projects/1057256049272/locations/global/workloadIdentityPools/gitlab-com/providers/gitlab-com-oidc
  SERVICE_ACCOUNT: gitlab-ci@nkn-it-wif-demo.iam.gserviceaccount.com
  GOOGLE_CREDENTIALS: gcp_temp_cred.json

default:
  image: cyclenerd/cloud-tools-container:latest
  before_script:
    # Login
    - echo "${CI_JOB_JWT_V2}" > gitlab_jwt_token.txt
    - gcloud iam workload-identity-pools create-cred-config "${WIF_PROVIDER}"
      --service-account="${SERVICE_ACCOUNT}"
      --output-file=${GOOGLE_CREDENTIALS}
      --credential-source-file=gitlab_jwt_token.txt
    - gcloud config set auth/credential_file_override "${GOOGLE_CREDENTIALS}"
stages:
  - auth

gcloud-auth-list:
  stage: auth
  script:
    - gcloud auth list

Bitbucket Pipelines

Google Cloud Workload Identity Federation

Bitbucket pipeline configuration (bitbucket-pipelines.yml) with Google Cloud Workload Identity Federation⁠ login:

image: cyclenerd/cloud-tools-container:latest

pipelines:
  default:
    - step:
        name: "Workload Identity Federation"
        # Enable OIDC
        oidc: true
        max-time: 5
        script:
          # Set variables
          - export WIF_PROVIDER='projects/753695557698/locations/global/workloadIdentityPools/bitbucket-org/providers/bitbucket-org-oidc'
          - export SERVICE_ACCOUNT='bitbucket-pipeline@nkn-it-wif-demo-0.iam.gserviceaccount.com'
          - export GOOGLE_CREDENTIALS='gcp_temp_cred.json'
          # Configure Workload Identity Federation via a credentials file.
          - echo ${BITBUCKET_STEP_OIDC_TOKEN} > .ci_job_jwt_file
          - gcloud iam workload-identity-pools create-cred-config "${WIF_PROVIDER}"
            --service-account="${SERVICE_ACCOUNT}"
            --output-file="${GOOGLE_CREDENTIALS}"
            --credential-source-file=.ci_job_jwt_file
          - gcloud config set auth/credential_file_override "${GOOGLE_CREDENTIALS}"
          # Now you can run gcloud commands authenticated as the impersonated service account.

GitHub Actions

GitHub Actions configuration:

jobs:
  cloud-tools-container:
    runs-on: 'ubuntu-latest'
    # Use container to run the steps in a job
    container:
      image: 'docker://cyclenerd/cloud-tools-container:latest'
    steps:
      - name: "Terraform"
        run: terraform --version

CircleCI

CircleCI configuration:

jobs:
  cloud-tools-container:
    docker:
      - image: cyclenerd/cloud-tools-container:latest
    steps:
      - run:
          name: Google Cloud CLI
          command: gcloud --version

Docker Pull Command

docker pull cyclenerd/cloud-tools-container