feat(workspace): add --kube flag to mount $HOME/.kube read-only into container
This commit is contained in:
docker-claude
parent
c3875397b0
commit
c3c3fcd099
1 changed files with 31 additions and 3 deletions
34
claude.sh
34
claude.sh
|
|
@ -7,6 +7,9 @@ SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|||
COMPOSE_FILE="$SCRIPT_DIR/docker-compose.yml"
|
||||
PROJECT="claude-secure"
|
||||
|
||||
# ─── Global flags ─────────────────────────────────────────────────────────────
|
||||
ALLOW_KUBE=0 # set by --kube before the subcommand
|
||||
|
||||
# ─── Colours ──────────────────────────────────────────────────────────────────
|
||||
RED='\033[0;31m'; GREEN='\033[0;32m'; YELLOW='\033[1;33m'; NC='\033[0m'
|
||||
info() { echo -e "${GREEN}[+]${NC} $*"; }
|
||||
|
|
@ -98,6 +101,19 @@ workspace_flag() {
|
|||
echo "--volume ${cwd}:/workspace:z"
|
||||
}
|
||||
|
||||
# ─── Optional kubeconfig mount ────────────────────────────────────────────────
|
||||
# Enabled by passing --kube before the subcommand.
|
||||
# Mounts $HOME/.kube read-only at /home/node/.kube inside the container.
|
||||
kube_flag() {
|
||||
[[ "$ALLOW_KUBE" -eq 0 ]] && return
|
||||
local kube_dir="$HOME/.kube"
|
||||
if [[ ! -d "$kube_dir" ]]; then
|
||||
error "--kube specified but $kube_dir does not exist."
|
||||
exit 1
|
||||
fi
|
||||
echo "--volume ${kube_dir}:/home/node/.kube:ro,z"
|
||||
}
|
||||
|
||||
# ─── Compose wrapper ──────────────────────────────────────────────────────────
|
||||
dc() { docker compose -f "$COMPOSE_FILE" -p "$PROJECT" "$@"; }
|
||||
|
||||
|
|
@ -114,7 +130,7 @@ cmd_start() {
|
|||
dc up -d proxy # no-op if already healthy; compose waits via depends_on
|
||||
info "Launching Claude Code..."
|
||||
# shellcheck disable=SC2046
|
||||
dc run --rm --service-ports $(workspace_flag) claude "$@"
|
||||
dc run --rm --service-ports $(workspace_flag) $(kube_flag) claude "$@"
|
||||
}
|
||||
|
||||
cmd_stop() {
|
||||
|
|
@ -131,7 +147,7 @@ cmd_run() {
|
|||
dc up -d proxy
|
||||
info "Launching Claude Code..."
|
||||
# shellcheck disable=SC2046
|
||||
dc run --rm --service-ports $(workspace_flag) claude "$@"
|
||||
dc run --rm --service-ports $(workspace_flag) $(kube_flag) claude "$@"
|
||||
}
|
||||
|
||||
cmd_update() {
|
||||
|
|
@ -157,7 +173,7 @@ cmd_shell() {
|
|||
load_env
|
||||
warn "Opening debug shell inside Claude container (non-Claude entrypoint)."
|
||||
# shellcheck disable=SC2046
|
||||
dc run --rm --service-ports --entrypoint /bin/bash $(workspace_flag) claude
|
||||
dc run --rm --service-ports --entrypoint /bin/bash $(workspace_flag) $(kube_flag) claude
|
||||
}
|
||||
|
||||
cmd_web() {
|
||||
|
|
@ -206,8 +222,12 @@ Environment variables (set in .env or shell):
|
|||
WEBUI_USER Web interface username (default: claude).
|
||||
WEBUI_PASSWORD Required for web mode. Basic auth password.
|
||||
|
||||
Flags (before the subcommand):
|
||||
--kube Mount \$HOME/.kube read-only at /home/node/.kube (kubectl access)
|
||||
|
||||
Examples:
|
||||
cd ~/myproject && ./claude.sh start
|
||||
cd ~/myproject && ./claude.sh --kube start
|
||||
./claude.sh web
|
||||
./claude.sh logs proxy
|
||||
./claude.sh logs webui
|
||||
|
|
@ -216,6 +236,14 @@ EOF
|
|||
}
|
||||
|
||||
# ─── Dispatch ─────────────────────────────────────────────────────────────────
|
||||
# Parse global flags before the subcommand
|
||||
while [[ "${1:-}" == --* ]]; do
|
||||
case "$1" in
|
||||
--kube) ALLOW_KUBE=1; shift ;;
|
||||
*) break ;;
|
||||
esac
|
||||
done
|
||||
|
||||
case "${1:-help}" in
|
||||
start) shift; cmd_start "$@" ;;
|
||||
stop) cmd_stop ;;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue