feat(workspace): add --kube flag to mount $HOME/.kube read-only into container
This commit is contained in:
docker-claude
parent
c3875397b0
commit
c3c3fcd099
1 changed files with 31 additions and 3 deletions
34
claude.sh
34
claude.sh
|
|
@ -7,6 +7,9 @@ SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
||||||
COMPOSE_FILE="$SCRIPT_DIR/docker-compose.yml"
|
COMPOSE_FILE="$SCRIPT_DIR/docker-compose.yml"
|
||||||
PROJECT="claude-secure"
|
PROJECT="claude-secure"
|
||||||
|
|
||||||
|
# ─── Global flags ─────────────────────────────────────────────────────────────
|
||||||
|
ALLOW_KUBE=0 # set by --kube before the subcommand
|
||||||
|
|
||||||
# ─── Colours ──────────────────────────────────────────────────────────────────
|
# ─── Colours ──────────────────────────────────────────────────────────────────
|
||||||
RED='\033[0;31m'; GREEN='\033[0;32m'; YELLOW='\033[1;33m'; NC='\033[0m'
|
RED='\033[0;31m'; GREEN='\033[0;32m'; YELLOW='\033[1;33m'; NC='\033[0m'
|
||||||
info() { echo -e "${GREEN}[+]${NC} $*"; }
|
info() { echo -e "${GREEN}[+]${NC} $*"; }
|
||||||
|
|
@ -98,6 +101,19 @@ workspace_flag() {
|
||||||
echo "--volume ${cwd}:/workspace:z"
|
echo "--volume ${cwd}:/workspace:z"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# ─── Optional kubeconfig mount ────────────────────────────────────────────────
|
||||||
|
# Enabled by passing --kube before the subcommand.
|
||||||
|
# Mounts $HOME/.kube read-only at /home/node/.kube inside the container.
|
||||||
|
kube_flag() {
|
||||||
|
[[ "$ALLOW_KUBE" -eq 0 ]] && return
|
||||||
|
local kube_dir="$HOME/.kube"
|
||||||
|
if [[ ! -d "$kube_dir" ]]; then
|
||||||
|
error "--kube specified but $kube_dir does not exist."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
echo "--volume ${kube_dir}:/home/node/.kube:ro,z"
|
||||||
|
}
|
||||||
|
|
||||||
# ─── Compose wrapper ──────────────────────────────────────────────────────────
|
# ─── Compose wrapper ──────────────────────────────────────────────────────────
|
||||||
dc() { docker compose -f "$COMPOSE_FILE" -p "$PROJECT" "$@"; }
|
dc() { docker compose -f "$COMPOSE_FILE" -p "$PROJECT" "$@"; }
|
||||||
|
|
||||||
|
|
@ -114,7 +130,7 @@ cmd_start() {
|
||||||
dc up -d proxy # no-op if already healthy; compose waits via depends_on
|
dc up -d proxy # no-op if already healthy; compose waits via depends_on
|
||||||
info "Launching Claude Code..."
|
info "Launching Claude Code..."
|
||||||
# shellcheck disable=SC2046
|
# shellcheck disable=SC2046
|
||||||
dc run --rm --service-ports $(workspace_flag) claude "$@"
|
dc run --rm --service-ports $(workspace_flag) $(kube_flag) claude "$@"
|
||||||
}
|
}
|
||||||
|
|
||||||
cmd_stop() {
|
cmd_stop() {
|
||||||
|
|
@ -131,7 +147,7 @@ cmd_run() {
|
||||||
dc up -d proxy
|
dc up -d proxy
|
||||||
info "Launching Claude Code..."
|
info "Launching Claude Code..."
|
||||||
# shellcheck disable=SC2046
|
# shellcheck disable=SC2046
|
||||||
dc run --rm --service-ports $(workspace_flag) claude "$@"
|
dc run --rm --service-ports $(workspace_flag) $(kube_flag) claude "$@"
|
||||||
}
|
}
|
||||||
|
|
||||||
cmd_update() {
|
cmd_update() {
|
||||||
|
|
@ -157,7 +173,7 @@ cmd_shell() {
|
||||||
load_env
|
load_env
|
||||||
warn "Opening debug shell inside Claude container (non-Claude entrypoint)."
|
warn "Opening debug shell inside Claude container (non-Claude entrypoint)."
|
||||||
# shellcheck disable=SC2046
|
# shellcheck disable=SC2046
|
||||||
dc run --rm --service-ports --entrypoint /bin/bash $(workspace_flag) claude
|
dc run --rm --service-ports --entrypoint /bin/bash $(workspace_flag) $(kube_flag) claude
|
||||||
}
|
}
|
||||||
|
|
||||||
cmd_web() {
|
cmd_web() {
|
||||||
|
|
@ -206,8 +222,12 @@ Environment variables (set in .env or shell):
|
||||||
WEBUI_USER Web interface username (default: claude).
|
WEBUI_USER Web interface username (default: claude).
|
||||||
WEBUI_PASSWORD Required for web mode. Basic auth password.
|
WEBUI_PASSWORD Required for web mode. Basic auth password.
|
||||||
|
|
||||||
|
Flags (before the subcommand):
|
||||||
|
--kube Mount \$HOME/.kube read-only at /home/node/.kube (kubectl access)
|
||||||
|
|
||||||
Examples:
|
Examples:
|
||||||
cd ~/myproject && ./claude.sh start
|
cd ~/myproject && ./claude.sh start
|
||||||
|
cd ~/myproject && ./claude.sh --kube start
|
||||||
./claude.sh web
|
./claude.sh web
|
||||||
./claude.sh logs proxy
|
./claude.sh logs proxy
|
||||||
./claude.sh logs webui
|
./claude.sh logs webui
|
||||||
|
|
@ -216,6 +236,14 @@ EOF
|
||||||
}
|
}
|
||||||
|
|
||||||
# ─── Dispatch ─────────────────────────────────────────────────────────────────
|
# ─── Dispatch ─────────────────────────────────────────────────────────────────
|
||||||
|
# Parse global flags before the subcommand
|
||||||
|
while [[ "${1:-}" == --* ]]; do
|
||||||
|
case "$1" in
|
||||||
|
--kube) ALLOW_KUBE=1; shift ;;
|
||||||
|
*) break ;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
|
||||||
case "${1:-help}" in
|
case "${1:-help}" in
|
||||||
start) shift; cmd_start "$@" ;;
|
start) shift; cmd_start "$@" ;;
|
||||||
stop) cmd_stop ;;
|
stop) cmd_stop ;;
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue