Public | Automated Build

Last pushed: a year ago
Short Description
Latest executable of kubectl (1.3.x) for CI/CD built with alpine linux
Full Description

kubectl

Latest executable of kubectl (1.3.x) built with alpine linux

Configuration can be mounted from host OR environment variables base64 encoded.

GCP vs basic auth

If you are using Google Container Environment it is highly recommended that you use GCP instead of basic auth.
This allow you to use service account credentials to fetch a time limited token with limited access rights in the cluster.

Fetch your credentials (GCP):
CLOUDSDK_CONTAINER_USE_CLIENT_CERTIFICATE=False gcloud container clusters get-credentials <clustername>

Fetch your credentials (basic auth):
CLOUDSDK_CONTAINER_USE_CLIENT_CERTIFICATE=True gcloud container clusters get-credentials <clustername>

More information can be found here: https://cloud.google.com/container-engine/docs/iam-integration

Using with mounted configuration files

  ## for each request with basic auth
  docker run --rm -v $HOME/kubeconfig_staging:/config/kubeconfig xiapps/kubectl:latest version
  docker run --rm -v $HOME/kubeconfig_staging:/config/kubeconfig xiapps/kubectl:latest get deployments
  docker run --rm -v $HOME/kubeconfig_staging:/config/kubeconfig xiapps/kubectl:latest set image deployment/myapp-master myapp-master=myapp:$BRANCH.$BUILD_NUMBER

  docker run --rm -v $HOME/kubeconfig_staging:/config/kubeconfig $PWD:/var/kubectl xiapps/kubectl:latest create -f file_in_host.yml

  ## for each request with GCP (new token is requested every time)
  docker run --rm -v $HOME/kubeconfig_staging:/config/kubeconfig $HOME/key.json:/config/key.json xiapps/kubectl:latest version
  docker run --rm -v $HOME/kubeconfig_staging:/config/kubeconfig $HOME/key.json:/config/key.json xiapps/kubectl:latest get deployments
  docker run --rm -v $HOME/kubeconfig_staging:/config/kubeconfig $HOME/key.json:/config/key.json xiapps/kubectl:latest set image deployment/myapp-master myapp-master=myapp:$BRANCH.$BUILD_NUMBER

  ## reuse token with GCP
  docker run --name kubectl-config xiapps/kubectl create-storage
  docker run --rm --volumes-from kubectl-config -v $HOME/kubeconfig_staging:/config/kubeconfig $HOME/key.json:/config/key.json xiapps/kubectl:latest true
  docker run --rm --volumes-from kubectl-config xiapps/kubectl:latest version
  docker run --rm --volumes-from kubectl-config xiapps/kubectl:latest get deployments
  docker run --rm --volumes-from kubectl-config xiapps/kubectl:latest set image deployment/myapp-master myapp-master=myapp:$BRANCH.$BUILD_NUMBER

Using with base64 encoded environment variables

Many CI/CD solutions support enrypted (secret) variables which are only available in the remote CI/CD
environment. To use these variables as configuration, make sure they are base64 encoded - see below:

  ## for each request with basic auth
  docker run --rm -e KUBECONFIG_BASE64=<string> xiapps/kubectl:latest version
  docker run --rm -e KUBECONFIG_BASE64=<string> xiapps/kubectl:latest get deployments
  docker run --rm -e KUBECONFIG_BASE64=<string> xiapps/kubectl:latest set image deployment/myapp-master myapp-master=myapp:$BRANCH.$BUILD_NUMBER

  ## for each request with GCP (new token is requested every time)
  docker run --rm -e KUBECONFIG_BASE64=<string> -e GCLOUD_CREDENTIALS_BASE64=<string> xiapps/kubectl:latest version
  docker run --rm -e KUBECONFIG_BASE64=<string> -e GCLOUD_CREDENTIALS_BASE64=<string> xiapps/kubectl:latest get deployments
  docker run --rm -e KUBECONFIG_BASE64=<string> -e GCLOUD_CREDENTIALS_BASE64=<string> xiapps/kubectl:latest set image deployment/myapp-master myapp-master=myapp:$BRANCH.$BUILD_NUMBER

  ## reuse token with GCP
  docker run --name kubectl-config xiapps/kubectl create-storage
  docker run --rm --volumes-from kubectl-config -e KUBECONFIG_BASE64=<string> -e GCLOUD_CREDENTIALS_BASE64=<string> xiapps/kubectl:latest true
  docker run --rm --volumes-from kubectl-config xiapps/kubectl:latest get deployments
  docker run --rm --volumes-from kubectl-config xiapps/kubectl:latest set image ...

Security

Please note that when using a storage container to reuse token between requests, both service account credentials and
token are stored. In other words, keep the storage container safe!

Alias

  echo "alias kubectl='docker run -it --rm -v ~/.kube/config:/config/kubeconfig -v \$PWD:/var/kubectl xiapps/kubectl'" >>~/.bash_aliases

Rebuilding and updating image

  docker build --build-arg VERSION=latest -t xiapps/kubectl:latest .

To add a new version, make sure to add SHA1SUM to Dockerfile

Docker Pull Command
Owner
xiapps
Source Repository