|
| 1 | +# https://github.com/cloudposse/geodesic/ |
| 2 | +ARG GEODESIC_VERSION=4.3.0 |
| 3 | +ARG GEODESIC_OS=debian |
| 4 | +# https://github.com/cloudposse/atmos |
| 5 | +ARG ATMOS_VERSION=1.157.0 |
| 6 | +# This should match the version set in stacks/catalog/spacelift.yaml |
| 7 | +# This should match the version set in .github/workflows/auto-format.yaml |
| 8 | +ARG TF_1_VERSION=1.5.7 |
| 9 | +ARG TOFU_VERSION=1.8.8 |
| 10 | + |
| 11 | +FROM public.ecr.aws/cloudposse/geodesic:${GEODESIC_VERSION}-${GEODESIC_OS} |
| 12 | + |
| 13 | +# Some configuration options for Geodesic |
| 14 | +ENV AWS_SAML2AWS_ENABLED=false |
| 15 | +ENV AWS_VAULT_ENABLED=false |
| 16 | +ENV AWS_VAULT_SERVER_ENABLED=false |
| 17 | +ENV CHAMBER_KMS_KEY_ALIAS=aws/ssm |
| 18 | +ENV GEODESIC_TF_PROMPT_ENABLED=false |
| 19 | +ENV DIRENV_ENABLED=false |
| 20 | + |
| 21 | +# Enable advanced AWS assume role chaining for tools using AWS SDK |
| 22 | +# https://docs.aws.amazon.com/sdk-for-go/api/aws/session/ |
| 23 | +ENV AWS_SDK_LOAD_CONFIG=1 |
| 24 | +ENV AWS_DEFAULT_REGION=us-east-1 |
| 25 | +ENV AWS_DEFAULT_SHORT_REGION=use1 |
| 26 | +ENV AWS_REGION_ABBREVIATION_TYPE=short |
| 27 | +# Install specific versions of Terraform. Must match versions in Spacelift terraform_version_map |
| 28 | +# in components/terraform/spacelift/default.auto.tfvars |
| 29 | +ARG TF_1_VERSION |
| 30 | +ARG TOFU_VERSION |
| 31 | +RUN apt-get update && apt-get install -y -u --allow-downgrades \ |
| 32 | + terraform-1="${TF_1_VERSION}-*" && \ |
| 33 | + tofu="${TOFU_VERSION}" && \ |
| 34 | + update-alternatives --set terraform /usr/share/terraform/1/bin/terraform |
| 35 | +ARG ATMOS_VERSION |
| 36 | +RUN apt-get update && apt-get install -y --allow-downgrades \ |
| 37 | + atmos="${ATMOS_VERSION}-*" \ |
| 38 | + spacectl |
| 39 | + |
| 40 | +# Install pluto - a CLI tool to help discover deprecated and removed apiVersions in Kubernetes |
| 41 | +# https://pluto.docs.fairwinds.com/ |
| 42 | +# https://github.com/FairwindsOps/pluto |
| 43 | +RUN apt-get update && apt-get install -y --allow-downgrades \ |
| 44 | + pluto |
| 45 | + |
| 46 | +COPY rootfs/ / |
| 47 | + |
| 48 | + |
| 49 | +ARG DOCKER_REPO |
| 50 | +ARG TENANT="core" |
| 51 | +ENV NAMESPACE=acme |
| 52 | +# Format of Geodesic banner prompt |
| 53 | +ENV BANNER=${NAMESPACE} |
| 54 | +ENV DOCKER_IMAGE="acme/infra-acme" |
| 55 | +ENV DOCKER_TAG="latest" |
| 56 | + |
| 57 | +# Default AWS_PROFILE |
| 58 | +ENV AWS_PROFILE=${NAMESPACE}-identity |
| 59 | +# This sets the default AWS_CONFIG to be used after signing in with Leapp. |
| 60 | +# Once logged in, this config file gives you access to all the other teams |
| 61 | +# and roles (if you are authorized for access). |
| 62 | +ENV AWS_CONFIG_FILE=/etc/aws-config/aws-config-teams |
| 63 | +ENV ASSUME_ROLE_INTERACTIVE_QUERY=${NAMESPACE}${TENANT:+-$TENANT}-gbl- |
| 64 | + |
| 65 | +WORKDIR / |
0 commit comments