FROM alpine:3@sha256:c5b1261d6d3e43071626931fc004f70149baeba2c8ec672bd4f27761f8e1ad6b ARG SOPS_VERSION ARG KUSTOMIZE_SOPS_VERSION # Install dependencies RUN apk add --no-cache \ kubectl \ kustomize \ age \ git \ bash \ openssh \ openrc \ ca-certificates \ make # Install sops ADD https://github.com/getsops/sops/releases/download/v${SOPS_VERSION}/sops-v3.8.1.linux.amd64 /tmp/sops RUN mv /tmp/sops /usr/local/bin/sops && chmod +x /usr/local/bin/sops # Install ksops ADD https://github.com/viaduct-ai/kustomize-sops/releases/download/v${KUSTOMIZE_SOPS_VERSION}/ksops_latest_Linux_x86_64.tar.gz /tmp/ksops.tar.gz RUN tar -xzf /tmp/ksops.tar.gz -C /tmp && mv /tmp/ksops /usr/local/bin/ksops && chmod +x /usr/local/bin/ksops # Set up user RUN adduser -h /home/cluster -s /bin/sh -D cluster && \ mkdir -p /home/cluster/.ssh && \ chown -R cluster:cluster /home/cluster && \ chmod 0700 /home/cluster/.ssh RUN ssh-keygen -A && \ echo -e "PasswordAuthentication no" >> /etc/ssh/sshd_config && \ && mkdir -p /run/openrc \ && touch /run/openrc/softlevel USER cluster WORKDIR /home/cluster ENTRYPOINT ["sh", "-c", "rc-status; rc-service sshd start"]