Skip to content
This repository has been archived by the owner on May 18, 2021. It is now read-only.

Allows you to create docker image #122

Closed
wants to merge 4 commits into from
Closed

Allows you to create docker image #122

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
9fe475f
Allows you to create docker image
pollosp Feb 7, 2019
9c2130a
Improve semantics
pollosp Feb 8, 2019
7f625e8
Uses user add from debian instead coping it
pollosp Feb 8, 2019
2b6b099
Adds image with and without aws cli
pollosp Feb 13, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 14 additions & 0 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
FROM golang:1.9-stretch AS builder
WORKDIR /go/src/github.com/segmentio/aws-okta
RUN useradd -u 10001 scratchuser
RUN apt-get update && apt-get -y install libusb-dev libusb-1.0-0-dev && pkg-config --cflags --libs libusb-1.0
COPY . .
RUN make container-build

FROM debian:stretch-slim
WORKDIR /app/
RUN apt-get update && apt-get -y install libusb-1.0-0 ca-certificates python-pip && pip install awscli
nickatsegment marked this conversation as resolved.
Show resolved Hide resolved
nickatsegment marked this conversation as resolved.
Show resolved Hide resolved
COPY --from=builder /go/src/github.com/segmentio/aws-okta/dist/aws-okta-*-linux-amd64 /app/aws-okta
COPY --from=builder /etc/passwd /etc/passwd
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this to avoid the useradd? I'd prefer the useradd TBH

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes I usually use this way with alpine images, maybe I could move to alpine to make this image lighter or just avoid this and use useradd I will check it later.

USER scratchuser
ENTRYPOINT ["/app/aws-okta"]
8 changes: 7 additions & 1 deletion Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,8 @@ test: | govendor

all: dist/aws-okta-$(VERSION)-darwin-amd64 dist/aws-okta-$(VERSION)-linux-amd64

container-build: dist/aws-okta-$(VERSION)-linux-amd64
nickatsegment marked this conversation as resolved.
Show resolved Hide resolved

clean:
rm -rf ./dist

Expand All @@ -27,7 +29,11 @@ dist/aws-okta-$(VERSION)-linux-amd64: | govendor dist/
govendor sync
GOOS=linux GOARCH=amd64 go build $(LDFLAGS) -o $@

dist/aws-okta-$(VERSION)-win-amd64: | govendor dist/
nickatsegment marked this conversation as resolved.
Show resolved Hide resolved
govendor sync
GOOS=windows GOARCH=amd64 go build $(LDFLAGS) -o $@

govendor:
go get -u github.com/kardianos/govendor

.PHONY: clean all govendor
.PHONY: clean all govendor container-build
10 changes: 9 additions & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,11 @@ $ brew install aws-okta

See [docs/windows.md](docs/windows.md) for information on getting this working with Windows.

### Docker
```
$ docker build . -t aws-okta
```

## Usage

### Adding Okta credentials
Expand Down Expand Up @@ -58,7 +63,10 @@ Global Flags:
-b, --backend string Secret backend to use [kwallet secret-service file] (default "file")
-d, --debug Enable debug logging
```

### Exec Docker
```
docker run -ti -v /Users/XXX/.aws:/home/scratchuser/.aws -v /Users/XXX/.aws-okta:/home/scratchuser/.aws-okta/ aws-okta exec profile -- aws s3 ls
```
### Exec for EKS and Kubernetes

`aws-okta` can also be used to authenticate `kubectl` to your AWS EKS cluster. Assuming you have [installed `kubectl`](https://docs.aws.amazon.com/eks/latest/userguide/install-kubectl.html), [setup your kubeconfig](https://docs.aws.amazon.com/eks/latest/userguide/create-kubeconfig.html) and [installed `aws-iam-authenticator`](https://docs.aws.amazon.com/eks/latest/userguide/configure-kubectl.html), you can now access your EKS cluster with `kubectl`. Note that on a new cluster, your Okta CLI user needs to be using the same assumed role as the one who created the cluster. Otherwise, your cluster needs to have been configured to allow your assumed role.
Expand Down