commit bad82ad2fbf76315ddcf306df02b95f4c1177ede Author: BAK BYEONG JUN Date: Sun Apr 13 02:28:10 2025 +0000 kaniko is added diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile new file mode 100644 index 0000000..d7da93a --- /dev/null +++ b/.devcontainer/Dockerfile @@ -0,0 +1,5 @@ +FROM mcr.microsoft.com/devcontainers/base:ubuntu + +RUN apt clean && apt update --fix-missing +RUN apt install -y pkg-config \ + && rm -rf /var/lib/apt/lists/* diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json new file mode 100644 index 0000000..beaeef3 --- /dev/null +++ b/.devcontainer/devcontainer.json @@ -0,0 +1,47 @@ +{ + "name": "loafle.docker.tools", + // Or use a Dockerfile or Docker Compose file. More info: https://containers.dev/guide/dockerfile + "dockerComposeFile": "docker-compose.yaml", + "service": "app", + "workspaceFolder": "/workspace", + "shutdownAction": "stopCompose", + "features": { + "ghcr.io/devcontainers/features/git:1": {}, + "ghcr.io/devcontainers/features/docker-in-docker:2": {} + }, + // Configure tool-specific properties. + "customizations": { + // Configure properties specific to VS Code. + "vscode": { + "settings": { + "terminal.integrated.defaultProfile.linux": "zsh", + "terminal.integrated.profiles.linux": { + "zsh": { + "path": "/bin/zsh" + } + }, + "editor.formatOnSave": true + }, + "extensions": [ + "eamodio.gitlens", + "esbenp.prettier-vscode", + "ms-azuretools.vscode-docker", + "ms-kubernetes-tools.vscode-kubernetes-tools", + "streetsidesoftware.code-spell-checker", + "tamasfe.even-better-toml" + ] + } + }, + // Use 'forwardPorts' to make a list of ports inside the container available locally. + // "forwardPorts": [], + // Use 'postCreateCommand' to run commands after the container is created. + "postCreateCommand": "/bin/sh ./.devcontainer/postCreateCommand.sh", + // Uncomment to connect as root instead. More info: https://aka.ms/dev-containers-non-root. + // "remoteUser": "vscode" + "mounts": [ + "source=${localEnv:HOME}/.gitconfig,target=/home/vscode/.gitconfig,type=bind,consistency=cached", + "source=${localEnv:HOME}/.config/pypoetry,target=/home/vscode/.config/pypoetry,type=bind,consistency=cached", + "source=${localEnv:HOME}/.ssh/id_rsa,target=/home/vscode/.ssh/id_rsa,type=bind,consistency=cached", + "source=${localEnv:HOME}/.netrc,target=/home/vscode/.netrc,type=bind,consistency=cached" + ] +} \ No newline at end of file diff --git a/.devcontainer/docker-compose.yaml b/.devcontainer/docker-compose.yaml new file mode 100644 index 0000000..f92ffa9 --- /dev/null +++ b/.devcontainer/docker-compose.yaml @@ -0,0 +1,48 @@ +version: "3.8" + +services: + app: + # Using a Dockerfile is optional, but included for completeness. + build: + context: . + dockerfile: Dockerfile + # [Optional] You can use build args to set options. e.g. 'VARIANT' below affects the image in the Dockerfile + # args: + # VARIANT: buster + # environment: + # PORT: 3000 + # ports: + # - 3000:3000 + + volumes: + # This is where VS Code should expect to find your project's source code and the value of "workspaceFolder" in .devcontainer/devcontainer.json + - ..:/workspace:cached + + # Uncomment the next line to use Docker from inside the container. See https://aka.ms/vscode-remote/samples/docker-from-docker-compose for details. + # - /var/run/docker.sock:/var/run/docker.sock + + # Overrides default command so things don't shut down after the process ends. + # command: /bin/sh -c "while sleep 1000; do :; done" + command: sleep infinity + + # Runs app on the same network as the service container, allows "forwardPorts" in devcontainer.json function. + # network_mode: service:another-service + + # Use "forwardPorts" in **devcontainer.json** to forward an app port locally. + # (Adding the "ports" property to this file will not forward from a Codespace.) + + # Uncomment the next line to use a non-root user for all processes - See https://aka.ms/vscode-remote/containers/non-root for details. + # user: vscode + + # Uncomment the next four lines if you will use a ptrace-based debugger like C++, Go, and Rust. + # cap_add: + # - SYS_PTRACE + # security_opt: + # - seccomp:unconfined + + # You can include other services not opened by VS Code as well + # another-service: + # image: mongo:latest + # restart: unless-stopped + + # As in the "app" service, use "forwardPorts" in **devcontainer.json** to forward an app port locally. \ No newline at end of file diff --git a/.devcontainer/postCreateCommand.sh b/.devcontainer/postCreateCommand.sh new file mode 100644 index 0000000..6241177 --- /dev/null +++ b/.devcontainer/postCreateCommand.sh @@ -0,0 +1,8 @@ +#!/usr/bin/env bash + +set -ex + +# sudo apt clean +# sudo apt update --fix-missing + +# project dependency diff --git a/kaniko/1.23.2-bash/Dockerfile b/kaniko/1.23.2-bash/Dockerfile new file mode 100644 index 0000000..c7d2b67 --- /dev/null +++ b/kaniko/1.23.2-bash/Dockerfile @@ -0,0 +1,34 @@ +# Dockerfile (kaniko-with-bash) docker.unbox-x.net/registry/tools/kaniko:v1.23.2 +# Stage 1: 공식 Kaniko executor 바이너리 추출 +FROM gcr.io/kaniko-project/executor:v1.23.2 AS kaniko + +# Stage 2: 안전한 Bash 환경을 가진 최종 이미지 +FROM debian:bookworm-slim + +# 보안: 루트 인증서 및 최소 도구 설치 +RUN apt-get update && \ + apt-get install -y --no-install-recommends \ + bash \ + coreutils \ + ca-certificates \ + && rm -rf /var/lib/apt/lists/* + +# 보안: executor 바이너리 복사 (Go 정적 빌드 바이너리) +COPY --from=kaniko /kaniko/executor /kaniko/executor + +# 보안: 실행 디렉토리 및 사용자 지정 +RUN addgroup --system kaniko && adduser --system --ingroup kaniko kaniko && \ + mkdir -p /workspace && chown -R kaniko:kaniko /workspace && \ + chown -R kaniko:kaniko /kaniko + +# PATH 설정 +ENV PATH="/kaniko:$PATH" + +# 보안: 작업 디렉토리 설정 +WORKDIR /workspace + +# 보안: 루트 권한 제거 +USER kaniko + +# ENTRYPOINT 설정 +ENTRYPOINT ["/kaniko/executor"]