blumeops/containers/kubectl/Dockerfile

# Minimal kubectl container
# Multi-arch build: downloads correct binary for target platform

FROM alpine:3.21 AS downloader

ARG TARGETARCH
ARG KUBECTL_VERSION=v1.34.1

RUN apk add --no-cache curl && \
    # Detect architecture - use TARGETARCH if set, otherwise detect from uname
    if [ -n "$TARGETARCH" ]; then \
        ARCH="$TARGETARCH"; \
    else \
        UNAME_ARCH=$(uname -m); \
        case "$UNAME_ARCH" in \
            aarch64|arm64) ARCH="arm64" ;; \
            x86_64) ARCH="amd64" ;; \
            *) echo "Unsupported architecture: $UNAME_ARCH"; exit 1 ;; \
        esac; \
    fi && \
    echo "Downloading kubectl for $ARCH..." && \
    curl -LO "https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/${ARCH}/kubectl" && \
    chmod +x kubectl

FROM alpine:3.21

COPY --from=downloader /kubectl /usr/local/bin/kubectl

# Add ca-certificates for HTTPS connections and bash for scripts
RUN apk add --no-cache ca-certificates bash

# Run as non-root
RUN adduser -D -u 1000 kubectl
USER kubectl

ENTRYPOINT ["kubectl"]
Build local containers for k8s services (#61) ## Summary - Move devpi Dockerfile from argocd/manifests to containers/devpi/ - Add containers for: transmission, teslamate, miniflux, kiwix-serve, kubectl - Update all k8s deployments to use local images (registry.ops.eblu.me/blumeops/*) - All containers use v1.0.0 tag for initial release ## Containers Added \| Container \| Source \| Notes \| \|-----------\|--------\|-------\| \| devpi \| python:3.12-slim \| Existing, moved to containers/ \| \| kubectl \| alpine + download \| For zim-watcher CronJob \| \| miniflux \| Go build from source \| v2.2.16 \| \| kiwix-serve \| Download pre-built binary \| v3.8.1 \| \| transmission \| alpine + apk install \| Simpler than linuxserver image \| \| teslamate \| Elixir build from source \| v2.2.0 \| ## Deployment and Testing - [ ] Build and tag devpi-v1.0.0 - [ ] Build and tag kubectl-v1.0.0 - [ ] Build and tag miniflux-v1.0.0 - [ ] Build and tag kiwix-serve-v1.0.0 - [ ] Build and tag transmission-v1.0.0 - [ ] Build and tag teslamate-v1.0.0 - [ ] Sync ArgoCD apps and verify services 🤖 Generated with [Claude Code](https://claude.com/claude-code) Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/61 2026-01-25 21:35:57 -08:00			`# Minimal kubectl container`
			`# Multi-arch build: downloads correct binary for target platform`

			`FROM alpine:3.21 AS downloader`

			`ARG TARGETARCH`
			`ARG KUBECTL_VERSION=v1.34.1`

			`RUN apk add --no-cache curl && \`
			`# Detect architecture - use TARGETARCH if set, otherwise detect from uname`
			`if [ -n "$TARGETARCH" ]; then \`
			`ARCH="$TARGETARCH"; \`
			`else \`
			`UNAME_ARCH=$(uname -m); \`
			`case "$UNAME_ARCH" in \`
			`aarch64\|arm64) ARCH="arm64" ;; \`
			`x86_64) ARCH="amd64" ;; \`
			`*) echo "Unsupported architecture: $UNAME_ARCH"; exit 1 ;; \`
			`esac; \`
			`fi && \`
			`echo "Downloading kubectl for $ARCH..." && \`
			`curl -LO "https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/${ARCH}/kubectl" && \`
			`chmod +x kubectl`

			`FROM alpine:3.21`

			`COPY --from=downloader /kubectl /usr/local/bin/kubectl`

			`# Add ca-certificates for HTTPS connections and bash for scripts`
			`RUN apk add --no-cache ca-certificates bash`

			`# Run as non-root`
			`RUN adduser -D -u 1000 kubectl`
			`USER kubectl`

			`ENTRYPOINT ["kubectl"]`