diff --git a/.github/workflows/build-images.yml b/.github/workflows/build-images.yml index 4fb656e..e15e4c0 100644 --- a/.github/workflows/build-images.yml +++ b/.github/workflows/build-images.yml @@ -16,7 +16,9 @@ jobs: strategy: fail-fast: false matrix: - image: ['jkube-java', 'jkube-java-11', 'jkube-jetty9', 'jkube-karaf', 'jkube-tomcat9', 'jkube-tomcat'] + image: [ + 'jkube-java', 'jkube-java-11', 'jkube-jetty9', 'jkube-karaf', 'jkube-remote-dev', 'jkube-tomcat9', 'jkube-tomcat' + ] steps: - name: Checkout uses: actions/checkout@v3 diff --git a/.github/workflows/push-images.yml b/.github/workflows/push-images.yml index d16981a..45bcf17 100644 --- a/.github/workflows/push-images.yml +++ b/.github/workflows/push-images.yml @@ -12,7 +12,9 @@ jobs: strategy: fail-fast: false matrix: - image: ['jkube-java', 'jkube-java-11', 'jkube-jetty9', 'jkube-karaf', 'jkube-tomcat9', 'jkube-tomcat'] + image: [ + 'jkube-java', 'jkube-java-11', 'jkube-jetty9', 'jkube-karaf', 'jkube-remote-dev', 'jkube-tomcat9', 'jkube-tomcat' + ] steps: - name: Checkout uses: actions/checkout@v3 diff --git a/README.md b/README.md index 38290d1..f2a62a1 100644 --- a/README.md +++ b/README.md @@ -59,6 +59,12 @@ Available environment variables for runtime configuration: * **`AB_PROMETHEUS_OFF`** Disables the use of Prometheus Java Agent. * **`AB_PROMETHEUS_PORT`** Port to use for the Prometheus JMX Exporter. +### jkube-remote-dev + +https://quay.io/repository/jkube/https://quay.io/repository/jkube/jkube-remote-dev + +Base image to be used by Eclipse JKube's remote development service. + ### jkube-tomcat https://quay.io/repository/jkube/jkube-tomcat diff --git a/jkube-remote-dev.yaml b/jkube-remote-dev.yaml new file mode 100644 index 0000000..58a0ae4 --- /dev/null +++ b/jkube-remote-dev.yaml @@ -0,0 +1,30 @@ +schema_version: 1 + +name: "quay.io/jkube/jkube-remote-dev" +description: "JKube's remote development image (SSH server)" +version: "latest" +from: "alpine:3.16" + +labels: + - name: "io.k8s.display-name" + value: "Eclipse JKube - Remote development" + - name: "io.k8s.description" + value: "Base image for JKube's remote development service" + - name: "io.openshift.tags" + value: "builder,jkube,remote-dev" + - name: "maintainer" + value: "Eclipse JKube Team " + +modules: + repositories: + - path: modules + install: + - name: remote-dev + +ports: + - value: 2222 + +run: + user: 1000 + cmd: + - "/init.sh" diff --git a/modules/remote-dev/artifacts/init.sh b/modules/remote-dev/artifacts/init.sh new file mode 100755 index 0000000..241c2a6 --- /dev/null +++ b/modules/remote-dev/artifacts/init.sh @@ -0,0 +1,17 @@ +#!/bin/sh + +set -e + +if [ -z "$PUBLIC_KEY" ]; then + echo "PUBLIC_KEY is required" + exit 1 +fi + +echo "$PUBLIC_KEY" >> /opt/ssh-config/authorized_keys + +echo "Current container user is: $(whoami)" + +ssh-keygen -A + +/usr/sbin/sshd.pam -D -e -p 2222 + diff --git a/modules/remote-dev/configure b/modules/remote-dev/configure new file mode 100755 index 0000000..054001b --- /dev/null +++ b/modules/remote-dev/configure @@ -0,0 +1,29 @@ +#!/bin/sh +set -e + +SCRIPT_DIR=$(dirname $0) +ARTIFACTS_DIR=${SCRIPT_DIR}/artifacts + +echo "Copying artifacts" +cp $ARTIFACTS_DIR/init.sh /init.sh +chmod 755 /init.sh + +echo "Configuring OpenSSH" +SSHD_CONFIG=/etc/ssh/sshd_config +SSH_CONFIG_DIR=/opt/ssh-config +chmod -R 775 /etc/ssh +chmod -R 775 /run/ +sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/g' $SSHD_CONFIG +sed -i '/^AllowTcpForwarding/c\AllowTcpForwarding yes' $SSHD_CONFIG +sed -i '/^GatewayPorts/c\GatewayPorts clientspecified' $SSHD_CONFIG +sed -i "\,^AuthorizedKeysFile,c\AuthorizedKeysFile $SSH_CONFIG_DIR/authorized_keys" $SSHD_CONFIG +echo "StrictModes no" >> $SSHD_CONFIG + +echo "Adding base image user (1000)" +SSH_CONFIG_DIR=/opt/ssh-config +adduser --disabled-password --uid 1000 "1000" +addgroup "1000" "root" +mkdir -p $SSH_CONFIG_DIR +chmod 777 $SSH_CONFIG_DIR +touch $SSH_CONFIG_DIR/authorized_keys +chmod 666 $SSH_CONFIG_DIR/authorized_keys diff --git a/modules/remote-dev/module.yaml b/modules/remote-dev/module.yaml new file mode 100644 index 0000000..d1e7d84 --- /dev/null +++ b/modules/remote-dev/module.yaml @@ -0,0 +1,16 @@ +schema_version: 1 +version: 1.0.0 +name: remote-dev +description: "Sets up the Open SSH server to be consumed by JKube's remote development service" +envs: + - description: The user's public key to be added to the authorized_keys file + name: PUBLIC_KEY +packages: + manager: apk + install: + - curl + - openssh-client + - openssh-server-pam + - openssh-sftp-server +execute: + - script: configure diff --git a/scripts/test-jkube-remote-dev.sh b/scripts/test-jkube-remote-dev.sh new file mode 100755 index 0000000..ea45186 --- /dev/null +++ b/scripts/test-jkube-remote-dev.sh @@ -0,0 +1,22 @@ +#!/bin/bash + +set -Eeuo pipefail +trap 'exit' ERR +BASEDIR=$(dirname "$BASH_SOURCE") +source "$BASEDIR/common.sh" + +IMAGE="quay.io/jkube/jkube-remote-dev:$TAG_OR_LATEST" + +sshd_config="$(dockerRun 'cat /etc/ssh/sshd_config')" + + +assertMatches "$sshd_config" "^PasswordAuthentication no$" \ + || reportError "SSHD config has invalid PasswordAuthentication" +assertMatches "$sshd_config" "^AllowTcpForwarding yes$" \ + || reportError "SSHD config has invalid AllowTcpForwarding" +assertMatches "$sshd_config" "^GatewayPorts clientspecified$" \ + || reportError "SSHD config has invalid GatewayPorts" +assertMatches "$sshd_config" "^AuthorizedKeysFile /opt/ssh-config/authorized_keys$" \ + || reportError "SSHD config has invalid AuthorizedKeysFile" +assertMatches "$sshd_config" "^StrictModes no$" \ + || reportError "SSHD config has invalid StrictModes"