feat: jkube-remote-dev image

.github/workflows/build-images.yml

@@ -16,7 +16,9 @@ jobs:
  strategy:
  fail-fast: false
  matrix:
- image: ['jkube-java', 'jkube-java-11', 'jkube-jetty9', 'jkube-karaf', 'jkube-tomcat9', 'jkube-tomcat']
+ image: [
+ 'jkube-java', 'jkube-java-11', 'jkube-jetty9', 'jkube-karaf', 'jkube-remote-dev', 'jkube-tomcat9', 'jkube-tomcat'
+ ]
  steps:
  - name: Checkout
  uses: actions/checkout@v3

.github/workflows/push-images.yml

@@ -12,7 +12,9 @@ jobs:
  strategy:
  fail-fast: false
  matrix:
- image: ['jkube-java', 'jkube-java-11', 'jkube-jetty9', 'jkube-karaf', 'jkube-tomcat9', 'jkube-tomcat']
+ image: [
+ 'jkube-java', 'jkube-java-11', 'jkube-jetty9', 'jkube-karaf', 'jkube-remote-dev', 'jkube-tomcat9', 'jkube-tomcat'
+ ]
  steps:
  - name: Checkout
  uses: actions/checkout@v3

README.md

@@ -59,6 +59,12 @@ Available environment variables for runtime configuration:
 * **`AB_PROMETHEUS_OFF`** Disables the use of Prometheus Java Agent.
 * **`AB_PROMETHEUS_PORT`** Port to use for the Prometheus JMX Exporter.
 
+### jkube-remote-dev
+
+https://quay.io/repository/jkube/https://quay.io/repository/jkube/jkube-remote-dev
+
+Base image to be used by Eclipse JKube's remote development service.
+
 ### jkube-tomcat
 
 https://quay.io/repository/jkube/jkube-tomcat

jkube-remote-dev.yaml

@@ -0,0 +1,30 @@
+schema_version: 1
+
+name: "quay.io/jkube/jkube-remote-dev"
+description: "JKube's remote development image (SSH server)"
+version: "latest"
+from: "alpine:3.16"
+
+labels:
+ - name: "io.k8s.display-name"
+ value: "Eclipse JKube - Remote development"
+ - name: "io.k8s.description"
+ value: "Base image for JKube's remote development service"
+ - name: "io.openshift.tags"
+ value: "builder,jkube,remote-dev"
+ - name: "maintainer"
+ value: "Eclipse JKube Team <[email protected]>"
+
+modules:
+ repositories:
+ - path: modules
+ install:
+ - name: remote-dev
+
+ports:
+ - value: 2222
+
+run:
+ user: 1000
+ cmd:
+ - "/init.sh"

modules/remote-dev/artifacts/init.sh

@@ -0,0 +1,17 @@
+#!/bin/sh
+
+set -e
+
+if [ -z "$PUBLIC_KEY" ]; then
+ echo "PUBLIC_KEY is required"
+ exit 1
+fi
+
+echo "$PUBLIC_KEY" >> /opt/ssh-config/authorized_keys
+
+echo "Current container user is: $(whoami)"
+
+ssh-keygen -A
+
+/usr/sbin/sshd.pam -D -e -p 2222
+

modules/remote-dev/configure

@@ -0,0 +1,29 @@
+#!/bin/sh
+set -e
+
+SCRIPT_DIR=$(dirname $0)
+ARTIFACTS_DIR=${SCRIPT_DIR}/artifacts
+
+echo "Copying artifacts"
+cp $ARTIFACTS_DIR/init.sh /init.sh
+chmod 755 /init.sh
+
+echo "Configuring OpenSSH"
+SSHD_CONFIG=/etc/ssh/sshd_config
+SSH_CONFIG_DIR=/opt/ssh-config
+chmod -R 775 /etc/ssh
+chmod -R 775 /run/
+sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/g' $SSHD_CONFIG
+sed -i '/^AllowTcpForwarding/c\AllowTcpForwarding yes' $SSHD_CONFIG
+sed -i '/^GatewayPorts/c\GatewayPorts clientspecified' $SSHD_CONFIG
+sed -i "\,^AuthorizedKeysFile,c\AuthorizedKeysFile $SSH_CONFIG_DIR/authorized_keys" $SSHD_CONFIG
+echo "StrictModes no" >> $SSHD_CONFIG
+
+echo "Adding base image user (1000)"
+SSH_CONFIG_DIR=/opt/ssh-config
+adduser --disabled-password --uid 1000 "1000"
+addgroup "1000" "root"
+mkdir -p $SSH_CONFIG_DIR
+chmod 777 $SSH_CONFIG_DIR
+touch $SSH_CONFIG_DIR/authorized_keys
+chmod 666 $SSH_CONFIG_DIR/authorized_keys

modules/remote-dev/module.yaml

@@ -0,0 +1,16 @@
+schema_version: 1
+version: 1.0.0
+name: remote-dev
+description: "Sets up the Open SSH server to be consumed by JKube's remote development service"
+envs:
+ - description: The user's public key to be added to the authorized_keys file
+ name: PUBLIC_KEY
+packages:
+ manager: apk
+ install:
+ - curl
+ - openssh-client
+ - openssh-server-pam
+ - openssh-sftp-server
+execute:
+ - script: configure

scripts/test-jkube-remote-dev.sh

@@ -0,0 +1,22 @@
+#!/bin/bash
+
+set -Eeuo pipefail
+trap 'exit' ERR
+BASEDIR=$(dirname "$BASH_SOURCE")
+source "$BASEDIR/common.sh"
+
+IMAGE="quay.io/jkube/jkube-remote-dev:$TAG_OR_LATEST"
+
+sshd_config="$(dockerRun 'cat /etc/ssh/sshd_config')"
+
+
+assertMatches "$sshd_config" "^PasswordAuthentication no$" \
+ || reportError "SSHD config has invalid PasswordAuthentication"
+assertMatches "$sshd_config" "^AllowTcpForwarding yes$" \
+ || reportError "SSHD config has invalid AllowTcpForwarding"
+assertMatches "$sshd_config" "^GatewayPorts clientspecified$" \
+ || reportError "SSHD config has invalid GatewayPorts"
+assertMatches "$sshd_config" "^AuthorizedKeysFile /opt/ssh-config/authorized_keys$" \
+ || reportError "SSHD config has invalid AuthorizedKeysFile"
+assertMatches "$sshd_config" "^StrictModes no$" \
+ || reportError "SSHD config has invalid StrictModes"