From d0720ecf2f847a30f4fa73728394d3870aa7a2e0 Mon Sep 17 00:00:00 2001
From: Kevin Sandermann <Kevin.sandermann@gmail.com>
Date: Tue, 11 Oct 2022 23:52:52 +0200
Subject: [PATCH] 2022-10-11 (#66)

* release 2022-10-01

* backup

* build.sh

* safe

* backup

* backup

* safe

* readme

* safe

* fixes

* readme

* readme

* readme

* readme

* readme

* readme

* readme

* readme

* readme

* readme

* readme

* readme

* readme

* readme

* readme

* backup

* fixed script

* script

* finalization

* removed todos

* moved run script to latest tag

* readme
---
 .bashrc                 |  24 ++-
 Dockerfile              | 419 ++++++++++++++++++++++++----------------
 README.md               |  78 +++++---
 args_base.args          |  26 +++
 args_optional.args      |  12 ++
 build.sh                | 168 +++++++++++++---
 docs/version_history.md |  17 ++
 run.sh                  |  17 ++
 8 files changed, 529 insertions(+), 232 deletions(-)
 create mode 100644 args_base.args
 create mode 100644 args_optional.args

diff --git a/.bashrc b/.bashrc
index 769e992..c44bec3 100755
--- a/.bashrc
+++ b/.bashrc
@@ -6,14 +6,22 @@
 if [ -f /etc/bash_completion ] && ! shopt -oq posix; then
     . /etc/bash_completion
 fi
-source <(kubectl completion bash)
-echo "kubectl bash completion installed!"
-source <(helm completion bash)
-echo "helm bash completion installed!"
-source <(oc completion bash)
-echo "oc bash completion installed!"
-terraform -install-autocomplete
-echo "terraform bash completion installed!"
+if [ -f /usr/local/bin/kubectl ] ; then
+  source <(kubectl completion bash)
+  echo "kubectl bash completion installed!"
+fi
+if [ -f /usr/local/bin/helm ] ; then
+  source <(helm completion bash)
+  echo "helm bash completion installed!"
+fi
+if [ -f /usr/local/bin/oc ] ; then
+  source <(oc completion bash)
+  echo "oc bash completion installed!"
+fi
+if [ -f /usr/local/bin/terraform ] ; then
+  terraform -install-autocomplete
+  echo "terraform bash completion installed!"
+fi
 
 ######################################################## SOURCE ########################################################
 sleep 1
diff --git a/Dockerfile b/Dockerfile
index a5ff9ed..c6297f4 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,155 +1,179 @@
 ######################################################### TOOLCHAIN VERSIONING #########################################
 #settings values here to be able to use dockerhub autobuild
-ARG UBUNTU_VERSION=20.04
-
-#https://docs.docker.com/engine/release-notes/
-ARG DOCKER_VERSION="20.10.18"
-#https://github.com/kubernetes/kubernetes/releases
-ARG KUBECTL_VERSION="1.25.1"
-#https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/stable/
-ARG OC_CLI_VERSION="4.11.4"
-#https://github.com/helm/helm/releases
-ARG HELM_VERSION="3.9.4"
-#https://github.com/hashicorp/terraform/releases
-ARG TERRAFORM_VERSION="1.2.9"
-#https://pypi.org/project/awscli/
-ARG AWS_CLI_VERSION="1.25.77"
-#https://pypi.org/project/azure-cli/
-ARG AZ_CLI_VERSION="2.40.0"
-#apt-get update && apt-cache madison google-cloud-sdk | head -n 1
-ARG GCLOUD_VERSION="402.0.0-0"
-#https://pypi.org/project/ansible/
-ARG ANSIBLE_VERSION="6.4.0"
-#https://pypi.org/project/Jinja2/
-ARG JINJA_VERSION="3.1.2"
-#https://mirror.exonetric.net/pub/OpenBSD/OpenSSH/portable/
-ARG OPENSSH_VERSION="9.0p1"
-#https://github.com/kubernetes-sigs/cri-tools/releases
-ARG CRICTL_VERSION="1.25.0"
-#https://github.com/hashicorp/vault/releases
-ARG VAULT_VERSION="1.11.3"
-#https://github.com/vmware-tanzu/velero/releases
-ARG VELERO_VERSION="1.9.1"
-#https://docs.hashicorp.com/sentinel/changelog
-ARG SENTINEL_VERSION="0.18.12"
-#https://github.com/stern/stern/releases
-ARG STERN_VERSION="1.21.0"
-#https://github.com/Azure/kubelogin/releases
-ARG KUBELOGIN_VERSION="0.0.20"
-#apt-get update && apt-cache madison zsh | head -n 1
-ARG ZSH_VERSION="5.8-3ubuntu1.1"
-ARG MULTISTAGE_BUILDER_VERSION="2022-08-25"
-
-######################################################### BUILDER ######################################################
-FROM ksandermann/multistage-builder:$MULTISTAGE_BUILDER_VERSION as builder
+ARG UBUNTU_VERSION
+ARG DOCKER_VERSION
+ARG KUBECTL_VERSION
+ARG OC_CLI_VERSION
+ARG HELM_VERSION
+ARG TERRAFORM_VERSION
+ARG AWS_CLI_VERSION
+ARG AZ_CLI_VERSION
+ARG GCLOUD_VERSION
+ARG ANSIBLE_VERSION
+ARG JINJA_VERSION
+ARG OPENSSH_VERSION
+ARG CRICTL_VERSION
+ARG VAULT_VERSION
+ARG VELERO_VERSION
+ARG SENTINEL_VERSION
+ARG STERN_VERSION
+ARG KUBELOGIN_VERSION
+ARG ZSH_VERSION
+ARG MULTISTAGE_BUILDER_VERSION
+
+######################################################### BINARY-DOWNLOADER ############################################
+FROM ksandermann/multistage-builder:$MULTISTAGE_BUILDER_VERSION as binary_downloader
 MAINTAINER Kevin Sandermann <kevin.sandermann@gmail.com>
 LABEL maintainer="kevin.sandermann@gmail.com"
 
 ARG TARGETARCH
+ARG DOCKER_VERSION
+ARG KUBECTL_VERSION
 ARG OC_CLI_VERSION
 ARG HELM_VERSION
 ARG TERRAFORM_VERSION
-ARG DOCKER_VERSION
-ARG KUBECTL_VERSION
+ARG AWS_CLI_VERSION
+ARG AZ_CLI_VERSION
+ARG GCLOUD_VERSION
+ARG ANSIBLE_VERSION
+ARG JINJA_VERSION
+ARG OPENSSH_VERSION
 ARG CRICTL_VERSION
 ARG VAULT_VERSION
 ARG VELERO_VERSION
 ARG SENTINEL_VERSION
 ARG STERN_VERSION
 ARG KUBELOGIN_VERSION
+ARG ZSH_VERSION
 
 WORKDIR /root/download
 
+RUN mkdir -p /root/download/binaries
+
 #download oc-cli
-RUN mkdir -p oc_cli && \
-    curl -SsL --retry 5 -o oc_cli.tar.gz https://mirror.openshift.com/pub/openshift-v4/$TARGETARCH/clients/ocp/stable/openshift-client-linux-$OC_CLI_VERSION.tar.gz && \
-    tar xvf oc_cli.tar.gz -C oc_cli
+RUN if [[ ! -z ${OC_CLI_VERSION} ]] ; then \
+      mkdir -p oc_cli && \
+      curl -SsL --retry 5 -o oc_cli.tar.gz https://mirror.openshift.com/pub/openshift-v4/$TARGETARCH/clients/ocp/stable/openshift-client-linux-$OC_CLI_VERSION.tar.gz && \
+      tar xvf oc_cli.tar.gz -C oc_cli && \
+      mv "/root/download/oc_cli/oc" "/root/download/binaries/oc"; \
+    fi
 
 #download helm3-cli
-RUN mkdir helm && curl -SsL --retry 5 "https://get.helm.sh/helm-v$HELM_VERSION-linux-$TARGETARCH.tar.gz" | tar xz -C ./helm
+RUN if [[ ! -z ${HELM_VERSION} ]] ; then \
+      mkdir helm && curl -SsL --retry 5 "https://get.helm.sh/helm-v$HELM_VERSION-linux-$TARGETARCH.tar.gz" | tar xz -C ./helm && \
+      mv "/root/download/helm/linux-${TARGETARCH}/helm" "/root/download/binaries/helm"; \
+    fi
 
 #download terraform
-RUN wget https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform\_${TERRAFORM_VERSION}\_linux_${TARGETARCH}.zip && \
-    unzip ./terraform\_${TERRAFORM_VERSION}\_linux_${TARGETARCH}.zip -d terraform_cli
+RUN if [[ ! -z ${TERRAFORM_VERSION} ]] ; then \
+      wget https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform\_${TERRAFORM_VERSION}\_linux_${TARGETARCH}.zip && \
+      unzip ./terraform\_${TERRAFORM_VERSION}\_linux_${TARGETARCH}.zip -d terraform_cli && \
+      mv "/root/download/terraform_cli/terraform" "/root/download/binaries/terraform"; \
+    fi
 
 #download docker
 #credits to https://github.com/docker-library/docker/blob/463595652d2367887b1ffe95ec30caa00179be72/18.09/Dockerfile
 #need to stick to uname since docker download link uses "aarch64" instead of "arm64"
-RUN mkdir -p /root/download/docker/bin && \
-    set -eux; \
-    arch="$(uname -m)"; \
-    if ! wget -O docker.tgz "https://download.docker.com/linux/static/stable/${arch}/docker-${DOCKER_VERSION}.tgz"; then \
-        echo >&2 "error: failed to download 'docker-${DOCKER_VERSION}' from 'stable' for '${arch}'"; \
-        exit 1; \
-    fi; \
-    tar --extract \
-        --file docker.tgz \
-        --strip-components 1 \
-        --directory /root/download/docker/bin
+RUN if [[ ! -z ${DOCKER_VERSION} ]] ; then \
+      mkdir -p /root/download/docker/bin && \
+      set -eux && \
+      arch="$(uname -m)" && \
+      wget -O docker.tgz "https://download.docker.com/linux/static/stable/${arch}/docker-${DOCKER_VERSION}.tgz" && \
+      tar --extract \
+          --file docker.tgz \
+          --strip-components 1 \
+          --directory /root/download/docker/bin && \
+      mv /root/download/docker/bin/* -t "/root/download/binaries/" ; \
+    fi
 
 #download kubectl
-RUN wget https://storage.googleapis.com/kubernetes-release/release/v$KUBECTL_VERSION/bin/linux/${TARGETARCH}/kubectl -O /root/download/kubectl
+RUN if [[ ! -z ${KUBECTL_VERSION} ]] ; then \
+      wget https://storage.googleapis.com/kubernetes-release/release/v$KUBECTL_VERSION/bin/linux/${TARGETARCH}/kubectl -O /root/download/kubectl && \
+      mv "/root/download/kubectl" "/root/download/binaries/kubectl"; \
+    fi
 
 #download crictl
-RUN mkdir -p /root/download/crictl && \
-    wget "https://github.com/kubernetes-sigs/cri-tools/releases/download/v$CRICTL_VERSION/crictl-v$CRICTL_VERSION-linux-${TARGETARCH}.tar.gz" -O /root/download/crictl.tar.gz && \
-    tar zxvf /root/download/crictl.tar.gz -C /root/download/crictl  && \
-    chmod +x /root/download/crictl/crictl
+RUN if [[ ! -z ${CRICTL_VERSION} ]] ; then \
+      mkdir -p /root/download/crictl && \
+      wget "https://github.com/kubernetes-sigs/cri-tools/releases/download/v$CRICTL_VERSION/crictl-v$CRICTL_VERSION-linux-${TARGETARCH}.tar.gz" -O /root/download/crictl.tar.gz && \
+      tar zxvf /root/download/crictl.tar.gz -C /root/download/crictl && \
+      mv "/root/download/crictl/crictl" "/root/download/binaries/crictl"; \
+    fi
 
 #download yq
-RUN curl -Lo yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_${TARGETARCH}
+RUN curl -Lo yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_${TARGETARCH} && \
+    mv "/root/download/yq" "/root/download/binaries/yq"
 
 #download vault
-RUN wget https://releases.hashicorp.com/vault/${VAULT_VERSION}/vault_${VAULT_VERSION}_linux_${TARGETARCH}.zip && \
-    unzip ./vault_${VAULT_VERSION}_linux_${TARGETARCH}.zip
+RUN if [[ ! -z ${VAULT_VERSION} ]] ; then \
+      wget https://releases.hashicorp.com/vault/${VAULT_VERSION}/vault_${VAULT_VERSION}_linux_${TARGETARCH}.zip && \
+      unzip ./vault_${VAULT_VERSION}_linux_${TARGETARCH}.zip && \
+      mv "/root/download/vault" "/root/download/binaries/vault"; \
+    fi
 
 #download tcpping
 #todo: switch to https://github.com/deajan/tcpping/blob/master/tcpping when ubuntu is supported
-RUN wget https://raw.githubusercontent.com/deajan/tcpping/original-1.8/tcpping -O /root/download/tcpping
+RUN wget https://raw.githubusercontent.com/deajan/tcpping/original-1.8/tcpping -O /root/download/tcpping && \
+    mv "/root/download/tcpping" "/root/download/binaries/tcpping"
 
 #download velero CLI
-RUN wget https://github.com/vmware-tanzu/velero/releases/download/v${VELERO_VERSION}/velero-v${VELERO_VERSION}-linux-${TARGETARCH}.tar.gz && \
-   tar -xvf velero-v${VELERO_VERSION}-linux-${TARGETARCH}.tar.gz && \
-   mkdir -p /root/download/velero_binary && \
-   mv velero-v${VELERO_VERSION}-linux-${TARGETARCH}/velero /root/download/velero_binary/velero
+RUN if [[ ! -z ${VELERO_VERSION} ]] ; then \
+      wget https://github.com/vmware-tanzu/velero/releases/download/v${VELERO_VERSION}/velero-v${VELERO_VERSION}-linux-${TARGETARCH}.tar.gz && \
+      tar -xvf velero-v${VELERO_VERSION}-linux-${TARGETARCH}.tar.gz && \
+      mv velero-v${VELERO_VERSION}-linux-${TARGETARCH}/velero /root/download/binaries/velero; \
+    fi
 
 #download terraform sentinel
-RUN curl https://releases.hashicorp.com/sentinel/${SENTINEL_VERSION}/sentinel_${SENTINEL_VERSION}_linux_${TARGETARCH}.zip --output ./sentinel.zip && \
-  unzip ./sentinel.zip -d ./sentinel_binary
+RUN if [[ ! -z ${SENTINEL_VERSION} ]] ; then \
+      curl https://releases.hashicorp.com/sentinel/${SENTINEL_VERSION}/sentinel_${SENTINEL_VERSION}_linux_${TARGETARCH}.zip --output ./sentinel.zip && \
+      unzip ./sentinel.zip -d ./sentinel_binary && \
+      mv "/root/download/sentinel_binary/sentinel" "/root/download/binaries/sentinel"; \
+    fi
 
 #download stern
-RUN mkdir -p /root/download/stern && \
-    wget https://github.com/stern/stern/releases/download/v${STERN_VERSION}/stern_${STERN_VERSION}_linux_${TARGETARCH}.tar.gz -O /root/download/stern_arch.tar.gz && \
-    tar zxvf /root/download/stern_arch.tar.gz -C /root/download/stern && \
-    mkdir -p /root/download/stern_binary && \
-    mv /root/download/stern/stern /root/download/stern_binary/stern
+RUN if [[ ! -z ${STERN_VERSION} ]] ; then \
+      mkdir -p /root/download/stern && \
+      wget https://github.com/stern/stern/releases/download/v${STERN_VERSION}/stern_${STERN_VERSION}_linux_${TARGETARCH}.tar.gz -O /root/download/stern_arch.tar.gz && \
+      tar zxvf /root/download/stern_arch.tar.gz -C /root/download/stern && \
+      mv /root/download/stern/stern "/root/download/binaries/stern" ; \
+    fi
 
 #download kubelogin
-RUN mkdir -p /root/download/kubelogin/binary && \
-    wget https://github.com/Azure/kubelogin/releases/download/v${KUBELOGIN_VERSION}/kubelogin-linux-${TARGETARCH}.zip -O /root/download/kubelogin/kubelogin.zip && \
-    unzip /root/download/kubelogin/kubelogin.zip -d /root/download/kubelogin/ && \
-    mv /root/download/kubelogin/bin/linux_${TARGETARCH}/kubelogin /root/download/kubelogin/binary/kubelogin
+RUN if [[ ! -z ${KUBELOGIN_VERSION} ]] ; then \
+      mkdir -p /root/download/kubelogin/binary && \
+      wget https://github.com/Azure/kubelogin/releases/download/v${KUBELOGIN_VERSION}/kubelogin-linux-${TARGETARCH}.zip -O /root/download/kubelogin/kubelogin.zip && \
+      unzip /root/download/kubelogin/kubelogin.zip -d /root/download/kubelogin/ && \
+      mv /root/download/kubelogin/bin/linux_${TARGETARCH}/kubelogin "/root/download/binaries/kubelogin" ; \
+    fi
 
+######################################################### BASE-IMAGE ###################################################
 
-######################################################### IMAGE ########################################################
-
-FROM ubuntu:$UBUNTU_VERSION
-MAINTAINER Kevin Sandermann <kevin.sandermann@gmail.com>
-LABEL maintainer="kevin.sandermann@gmail.com"
+FROM ubuntu:$UBUNTU_VERSION as base-image
 
 ARG TARGETARCH
-#tooling versions
-ARG OPENSSH_VERSION
+ARG DOCKER_VERSION
 ARG KUBECTL_VERSION
+ARG OC_CLI_VERSION
+ARG HELM_VERSION
+ARG TERRAFORM_VERSION
+ARG AWS_CLI_VERSION
+ARG AZ_CLI_VERSION
+ARG GCLOUD_VERSION
 ARG ANSIBLE_VERSION
 ARG JINJA_VERSION
-ARG AZ_CLI_VERSION
-ARG AWS_CLI_VERSION
+ARG OPENSSH_VERSION
+ARG CRICTL_VERSION
+ARG VAULT_VERSION
+ARG VELERO_VERSION
+ARG SENTINEL_VERSION
+ARG STERN_VERSION
+ARG KUBELOGIN_VERSION
 ARG ZSH_VERSION
-ARG GCLOUD_VERSION
+
+#use bash during docker build
+SHELL ["/bin/bash", "-c"]
 
 #env
-ENV EDITOR nano
 ENV DEBIAN_FRONTEND noninteractive
 
 USER root
@@ -211,106 +235,161 @@ RUN apt-get update && \
     apt-get install -y \
     fonts-powerline \
     powerline \
-    zsh=$ZSH_VERSION
+    zsh=${ZSH_VERSION}
 RUN git config --global --add safe.directory '*'
 
-
-ENV TERM xterm
-ENV ZSH_THEME agnoster
-RUN wget https://github.com/robbyrussell/oh-my-zsh/raw/master/tools/install.sh -O - | zsh || true
-
 #install OpenSSH & remove ssh key files (this is only reasonable here since they are generated here)
-RUN wget "https://mirror.exonetric.net/pub/OpenBSD/OpenSSH/portable/openssh-${OPENSSH_VERSION}.tar.gz" --no-check-certificate && \
-    tar xfz openssh-${OPENSSH_VERSION}.tar.gz && \
-    cd openssh-${OPENSSH_VERSION} && \
-    ./configure && \
-    make && \
-    make install && \
-    rm -rf ../openssh-${OPENSSH_VERSION}.tar.gz ../openssh-${OPENSSH_VERSION} /usr/local/etc/*_key /usr/local/etc/*.pub && \
-    ssh -V
-
-#install ansible common requirements + azure-cli
-RUN apt remove azure-cli -y || true && \
-    pip3 install \
-    ansible==${ANSIBLE_VERSION} \
-    ansible-lint \
+RUN if [[ ! -z ${OPENSSH_VERSION} ]] ; then \
+      wget "https://mirror.exonetric.net/pub/OpenBSD/OpenSSH/portable/openssh-${OPENSSH_VERSION}.tar.gz" --no-check-certificate && \
+      tar xfz openssh-${OPENSSH_VERSION}.tar.gz && \
+      cd openssh-${OPENSSH_VERSION} && \
+      ./configure && \
+      make && \
+      make install && \
+      rm -rf ../openssh-${OPENSSH_VERSION}.tar.gz ../openssh-${OPENSSH_VERSION} /usr/local/etc/*_key /usr/local/etc/*.pub && \
+      ssh -V; \
+    fi
+
+#install common requirements
+RUN pip3 install \
     cryptography \
     hvac \
-    jinja2==${JINJA_VERSION} \
     jmespath \
     netaddr \
-    openshift \
     passlib \
     pbr \
     pip \
     pyOpenSSL \
     pyvmomi \
-    setuptools && \
-    pip3 install \
-    azure-cli==${AZ_CLI_VERSION}
+    setuptools
+
+#install ansible
+RUN if [[ ! -z ${ANSIBLE_VERSION} && ! -z ${JINJA_VERSION} ]] ; then \
+      pip3 install \
+      ansible==${ANSIBLE_VERSION} \
+      ansible-lint \
+      jinja2==${JINJA_VERSION}; \
+    fi
+
+#install azure-cli
+RUN if [[ ! -z ${AZ_CLI_VERSION} ]] ; then \
+      apt remove azure-cli -y || true && \
+      pip3 install azure-cli==${AZ_CLI_VERSION}; \
+    fi
 
 #test azure-cli
-RUN az --version && \
-    az extension add --name azure-devops && \
-    az extension add --name ssh && \
-    az extension add --name serial-console && \
-    az extension add --name sentinel && \
-    az extension add --name resource-mover && \
-    az extension add --name resource-graph && \
-    az extension add --name quota && \
-    az extension add --name portal && \
-    az extension add --name k8sconfiguration && \
-    az extension add --name k8s-extension && \
-    az extension add --name k8s-configuration && \
-    az extension add --name azure-firewall
+RUN if [[ ! -z ${AZ_CLI_VERSION} ]] ; then \
+      az --version && \
+      az extension add --name azure-devops && \
+      az extension add --name ssh && \
+      az extension add --name serial-console && \
+      az extension add --name sentinel && \
+      az extension add --name resource-mover && \
+      az extension add --name resource-graph && \
+      az extension add --name quota && \
+      az extension add --name portal && \
+      az extension add --name k8sconfiguration && \
+      az extension add --name k8s-extension && \
+      az extension add --name k8s-configuration && \
+      az extension add --name azure-firewall; \
+    fi
 
 #install AWS CLI
-RUN pip3 install awscli==$AWS_CLI_VERSION && \
-    aws --version
+RUN if [[ ! -z ${AWS_CLI_VERSION} ]] ; then \
+      pip3 install awscli==$AWS_CLI_VERSION && \
+      aws --version; \
+    fi
 
 #install gcloud
-RUN echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] http://packages.cloud.google.com/apt cloud-sdk main" | sudo tee -a /etc/apt/sources.list.d/google-cloud-sdk.list && \
-    curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key --keyring /usr/share/keyrings/cloud.google.gpg add - && \
-    apt-get update && \
-    apt-get install -y google-cloud-sdk=${GCLOUD_VERSION}
-
-#install binaries
-COPY --from=builder "/root/download/helm/linux-${TARGETARCH}/helm" "/usr/local/bin/helm"
-COPY --from=builder "/root/download/oc_cli/oc" "/usr/local/bin/oc"
-COPY --from=builder "/root/download/terraform_cli/terraform" "/usr/local/bin/terraform"
-COPY --from=builder "/root/download/docker/bin/*" "/usr/local/bin/"
-COPY --from=builder "/root/download/kubectl" "/usr/local/bin/kubectl"
-COPY --from=builder "/root/download/crictl/crictl" "/usr/local/bin/crictl"
-COPY --from=builder "/root/download/yq" "/usr/local/bin/yq"
-COPY --from=builder "/root/download/vault" "/usr/local/bin/vault"
-COPY --from=builder "/root/download/tcpping" "/usr/local/bin/tcpping"
-COPY --from=builder "/root/download/velero_binary/velero" "/usr/local/bin/velero"
-COPY --from=builder "/root/download/sentinel_binary/sentinel" "/usr/local/bin/sentinel"
-COPY --from=builder "/root/download/stern_binary/stern" "/usr/local/bin/stern"
-COPY --from=builder "/root/download/kubelogin/binary/kubelogin" "/usr/local/bin/kubelogin"
+RUN if [[ ! -z ${GCLOUD_VERSION} ]] ; then \
+      echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] http://packages.cloud.google.com/apt cloud-sdk main" | sudo tee -a /etc/apt/sources.list.d/google-cloud-sdk.list && \
+      curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key --keyring /usr/share/keyrings/cloud.google.gpg add - && \
+      apt-get update && \
+      apt-get install -y google-cloud-sdk=${GCLOUD_VERSION}; \
+    fi
+
+ENV TERM xterm
+ENV ZSH_THEME agnoster
+RUN wget https://github.com/robbyrussell/oh-my-zsh/raw/master/tools/install.sh -O - | zsh
 
+######################################################### IMAGE ########################################################
+FROM base-image
+MAINTAINER Kevin Sandermann <kevin.sandermann@gmail.com>
+LABEL maintainer="kevin.sandermann@gmail.com"
+
+ARG TARGETARCH
+ARG DOCKER_VERSION
+ARG KUBECTL_VERSION
+ARG OC_CLI_VERSION
+ARG HELM_VERSION
+ARG TERRAFORM_VERSION
+ARG AWS_CLI_VERSION
+ARG AZ_CLI_VERSION
+ARG GCLOUD_VERSION
+ARG ANSIBLE_VERSION
+ARG JINJA_VERSION
+ARG OPENSSH_VERSION
+ARG CRICTL_VERSION
+ARG VAULT_VERSION
+ARG VELERO_VERSION
+ARG SENTINEL_VERSION
+ARG STERN_VERSION
+ARG KUBELOGIN_VERSION
+ARG ZSH_VERSION
+
+#use bash during docker build
+SHELL ["/bin/bash", "-c"]
+
+#env
+ENV EDITOR nano
+
+#copy binaries
+COPY --from=binary_downloader "/root/download/binaries/*" "/usr/local/bin/"
 
 RUN chmod -R +x /usr/local/bin && \
-    helm version && \
-    helm repo add stable https://charts.helm.sh/stable && \
-    helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx && \
-    helm repo update && \
-    kubectl version --client=true && \
-    crictl --version && \
-    oc version --client && \
-    terraform version && \
     docker --version && \
     yq --version && \
-    vault -version && \
-    gcloud version && \
-    tcpping && \
-    velero --help && \
-    stern --version && \
-    sentinel --version && \
-    kubelogin --version
+    tcpping; \
+    if [[ ! -z "HELM_VERSION" ]] ; then \
+      helm version && \
+      helm repo add stable https://charts.helm.sh/stable && \
+      helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx && \
+      helm repo update; \
+    fi; \
+    if [[ ! -z "KUBECTL_VERSION" ]] ; then \
+      kubectl version --client=true; \
+    fi; \
+    if [[ ! -z "CRICTL_VERSION" ]] ; then \
+      crictl --version; \
+    fi; \
+    if [[ ! -z "OC_CLI_VERSION" ]] ; then \
+      oc version --client; \
+    fi; \
+    if [[ ! -z "TERRAFORM_VERSION" ]] ; then \
+      terraform version ; \
+    fi; \
+    if [[ ! -z "VAULT_VERSION" ]] ; then \
+      vault -version; \
+    fi; \
+    if [[ ! -z "GCLOUD_VERSION" ]] ; then \
+      gcloud version; \
+    fi; \
+    if [[ ! -z "VELERO_VERSION" ]] ; then \
+      velero version --client-only; \
+    fi; \
+    if [[ ! -z "STERN_VERSION" ]] ; then \
+      stern --version; \
+    fi; \
+    if [[ ! -z "SENTINEL_VERSION" ]] ; then \
+      sentinel --version; \
+    fi; \
+    if [[ ! -z "KUBELOGIN_VERSION" ]] ; then \
+      kubelogin --version ; \
+    fi
 
 COPY .bashrc /root/.bashrc
 COPY .zshrc /root/.zshrc
 
+USER root
 WORKDIR /root/project
 CMD ["/bin/bash"]
diff --git a/README.md b/README.md
index 42cce43..249e49a 100644
--- a/README.md
+++ b/README.md
@@ -1,8 +1,33 @@
-# cloud-toolbox
-Docker Image to work with Azure, AWS, Google Cloud, Docker, Kubernetes, Openshift, Helm, Ansible, Terraform and HashiCorp Vault.
-It's the toolchain I'm working with on a daily basis, packed into a docker image with both zsh and bash to have a
-platform-independent development environment.
-Feel free to use/share/contribute.
+<p align="center">
+ <img width="100px" src="https://upload.wikimedia.org/wikipedia/commons/thumb/8/83/Circle-icons-tools.svg/512px-Circle-icons-tools.svg.png" align="center" alt="Cloud Toolbox" />
+ <h2 align="center">Cloud-Toolbox</h2>
+ <p align="center">Docker Image to work with Azure, AWS, Google Cloud, Docker, Kubernetes, Openshift, Helm, Ansible, Terraform and HashiCorp Vault.</p>
+ <p align="center">It's the toolchain I'm working with on a daily basis, packed into a docker image with both zsh and bash to have a
+platform-independent development environment.</p>
+ <p align="center">Feel free to use/share/contribute.</p>
+</p>
+<p align="center">
+    <a href="https://github.com/ksandermann/cloud-toolbox/releases">
+      <img alt="GitHub Releases" src="https://img.shields.io/github/v/release/ksandermann/cloud-toolbox?color=B689B2" />
+    </a>
+    <a href="https://hub.docker.com/repository/docker/ksandermann/cloud-toolbox">
+      <img alt="Docker Pulls" src="https://img.shields.io/docker/pulls/ksandermann/cloud-toolbox?color=D9A0B9" />
+    </a>
+    <a href="https://github.com/ksandermann/cloud-toolbox/pulls?q=is%3Apr+is%3Aclosed">
+      <img alt="Closed pull requests" src="https://img.shields.io/github/issues-pr-closed-raw/ksandermann/cloud-toolbox?color=F2B8B9" />
+    </a>
+    <a href="https://github.com/ksandermann/cloud-toolbox/pulls">
+      <img alt="Open pull requests" src="https://img.shields.io/github/issues-pr-raw/ksandermann/cloud-toolbox?color=FBE3B0" />
+    </a>
+    <a href="https://github.com/ksandermann/cloud-toolbox/issues">
+      <img alt="Issues" src="https://img.shields.io/github/issues/ksandermann/cloud-toolbox?color=FCF8D9" />
+    </a>
+    <a href="https://github.com/ksandermann/cloud-toolbox/graphs/contributors">
+      <img alt="GitHub Contributors" src="https://img.shields.io/github/contributors/ksandermann/cloud-toolbox?color=B6D8DB" />
+    </a>
+    <br />
+    <br />
+</p>
 
 # default shell & custom startup-script
 The default shell is sh.
@@ -15,32 +40,33 @@ The behaviour of run.sh is as follows:
 1. if so, attach to the container and start a new shell (/bin/bash) inside it.
 1. if not, pull latest tag and start a new interactive container and start a new shell (/bin/zsh) inside it.
 
-# custom ca certificates`
+# custom ca certificates
 All CAs placed inside ```~/ca-certificates``` on the host system will be mounted into the container and trusted on startup.
 
 # multi-platform support
 Starting with release *2022-08-25_01*, arm64/aarch64 and amd64 are supported and have been tested on linux/amd64 and Macbook M1.
 
 # versioning
-Release tags will be build following pattern YYYY-MM-dd-version.
-Version 01 of a date will always contain the latest stable/official versions of tooling available.
-Other versions of a date can contain version combinations of the toolchain and will be documented in the version history
-below.
+Release tags will be build following pattern YYYY-MM-dd_version.
+
+There is 2 versions of toolbox available: *base* and *complete*.
+
+The latest tag of version *base* will be built using tag *latest*, while the latest tag of version *complete* is available through tag *complete*.
+
+Version *base* of a date will always contain the latest stable/official versions of tooling available of version *base*.
+
+Version *complete* will always contain the latest stable/official versions of tooling available of version *complete*.
+
+For a list of tooling available in version *complete*, but not in *base*, please refer [here](https://github.com/ksandermann/cloud-toolbox/blob/master/docs/args_optional.args)
+
+## version history
+latest -> 2022-10-11_base
+project -> 2022-10-11_base
+complete -> 2022-10-11_complete
+
+| RELEASE             | UBUNTU | DOCKER   | KUBECTL | HELM   | TERRAFORM | AZ CLI | OPENSSH | CRICTL | VELERO | SENTINEL | STERN  | KUBELOGIN | OC CLI | AWS CLI | GCLOUD SDK | ANSIBLE | JINJA2  | VAULT  |
+|---------------------|--------|----------|---------|--------|-----------|--------|---------|--------|--------|----------|--------|-----------|--------|---------|------------|---------|---------|--------|
+| 2022-10-11_complete | 20.04  | 20.10.18 | 1.25.2  | 3.10.0 | 1.3.2     | 2.40.0 | 9.1p1   | 1.25.0 | 1.9.2  | 0.18.11  | 1.22.0 | 0.0.20    | 4.11.7 | 1.25.90 | 405.0.0    | 6.4.0   | 3.1.2   | 1.11.4 |
 
 ## version history
-latest -> 2022-09-21_01
-
-| RELEASE       | UBUNTU | DOCKER   | KUBECTL | OC CLI  | HELM  | TERRAFORM | AWS CLI | AZ CLI | GCLOUD SDK | ANSIBLE | JINJA2 | OPENSSH | CRICTL | VAULT  | VELERO | SENTINEL |
-|---------------|--------|----------|---------|---------|-------|-----------|---------|--------|------------|---------|--------|---------|--------|--------|--------|----------|
-| 2022-09-22_01 | 20.04  | 20.10.18 | 1.25.1  | 4.11.4  | 3.9.4 | 1.2.9     | 1.25.77 | 2.40.0 | 402.0.0    | 6.4.0   | 3.1.2  | 9.0p1   | 1.25.0 | 1.11.3 | 1.9.1  | 0.18.12  |
-| 2022-09-21_01 | 20.04  | 20.10.18 | 1.25.1  | 4.11.4  | 3.9.4 | 1.2.9     | 1.25.77 | 2.40.0 | 402.0.0    | 6.4.0   | 3.1.2  | 9.0p1   | 1.25.0 | 1.11.3 | 1.9.1  | 0.18.12  |
-| 2022-09-14_01 | 20.04  | 20.10.18 | 1.25.0  | 4.11.1  | 3.9.4 | 1.2.9     | 1.25.73 | 2.40.0 | 402.0.0    | 6.3.0   | 3.1.2  | 9.0p1   | 1.25.0 | 1.11.3 | 1.9.1  | 0.18.11  |
-| 2022-08-25_01 | 20.04  | 20.10.17 | 1.25.0  | 4.11.0  | 3.9.4 | 1.2.8     | 1.25.60 | 2.39.0 | 399.0.0    | 6.3.0   | 3.1.2  | 9.0p1   | 1.24.2 | 1.11.2 | 1.9.1  | 0.18.11  |
-| 2022-07-30_01 | 20.04  | 20.10.17 | 1.24.3  | 4.10.23 | 3.9.2 | 1.2.6     | 1.25.41 | 2.38.0 | 395.0.0    | 6.1.0   | 3.1.2  | 9.0p1   | 1.24.2 | 1.11.1 | 1.9.0  | 0.18.11  |
-| 2022-07-13_01 | 20.04  | 20.10.17 | 1.24.2  | 4.10.20 | 3.9.0 | 1.2.5     | 1.25.28 | 2.38.0 | 393.0.0    | 6.1.0   | 3.1.2  | 9.0p1   | 1.24.2 | 1.11.0 | 1.9.0  | 0.18.11  |
-| 2022-06-16_01 | 20.04  | 20.10.17 | 1.24.1  | 4.10.17 | 3.9.0 | 1.2.3     | 1.25.9  | 2.37.0 | 390.0.0    | 5.9.0   | 3.1.2  | 9.0p1   | 1.24.2 | 1.10.4 | 1.8.1  | 0.18.11  |
-| 2022-05-02_01 | 20.04  | 20.10.14 | 1.23.6  | 4.10.10 | 3.8.2 | 1.1.9     | 1.23.4  | 2.36.0 | 383.0.1    | 5.7.0   | 3.1.2  | 9.0p1   | 1.23.0 | 1.10.2 | 1.8.1  | 0.18.9   |
-| 2022-04-26_01 | 20.04  | 20.10.14 | 1.23.6  | 4.10.9  | 3.8.2 | 1.1.9     | 1.23.0  | 2.36.0 | 382.0.0    | 5.6.0   | 3.1.1  | 9.0p1   | 1.23.0 | 1.10.1 | 1.8.1  | 0.18.9   |
-| 2022-03-17_01 | 20.04  | 20.10.13 | 1.23.5  | 4.10.3  | 3.8.1 | 1.1.7     | 1.22.76 | 2.34.1 | 377.0.0    | 5.5.0   | 3.0.3  | 8.9p1   | 1.23.0 | 1.9.4  | 1.8.1  | 0.18.7   |
-
-## [ version history before 2022-03-17](https://github.com/ksandermann/cloud-toolbox/blob/master/docs/version_history.md)
+## [version history before 2022-10-10](https://github.com/ksandermann/cloud-toolbox/blob/master/docs/version_history.md)
diff --git a/args_base.args b/args_base.args
new file mode 100644
index 0000000..43a5211
--- /dev/null
+++ b/args_base.args
@@ -0,0 +1,26 @@
+UBUNTU_VERSION=20.04
+#https://docs.docker.com/engine/release-notes/
+DOCKER_VERSION=20.10.18
+#https://github.com/kubernetes/kubernetes/releases
+KUBECTL_VERSION=1.25.2
+#https://github.com/helm/helm/releases
+HELM_VERSION=3.10.0
+#https://github.com/hashicorp/terraform/releases
+TERRAFORM_VERSION=1.3.2
+#https://pypi.org/project/azure-cli/
+AZ_CLI_VERSION=2.40.0
+#https://mirror.exonetric.net/pub/OpenBSD/OpenSSH/portable/
+OPENSSH_VERSION=9.1p1
+#https://github.com/kubernetes-sigs/cri-tools/releases
+CRICTL_VERSION=1.25.0
+#https://github.com/vmware-tanzu/velero/releases
+VELERO_VERSION=1.9.2
+#https://docs.hashicorp.com/sentinel/changelog
+SENTINEL_VERSION=0.18.11
+#https://github.com/stern/stern/releases
+STERN_VERSION=1.22.0
+#https://github.com/Azure/kubelogin/releases
+KUBELOGIN_VERSION=0.0.20
+#apt-get update && apt-cache madison zsh | head -n 1
+ZSH_VERSION=5.8-3ubuntu1.1
+MULTISTAGE_BUILDER_VERSION=2022-08-25
diff --git a/args_optional.args b/args_optional.args
new file mode 100644
index 0000000..dd51d5a
--- /dev/null
+++ b/args_optional.args
@@ -0,0 +1,12 @@
+#https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/stable/
+OC_CLI_VERSION=4.11.7
+#https://pypi.org/project/awscli/
+AWS_CLI_VERSION=1.25.90
+#apt-get update && apt-cache madison google-cloud-sdk | head -n 1
+GCLOUD_VERSION=405.0.0-0
+#https://pypi.org/project/ansible/
+ANSIBLE_VERSION=6.4.0
+#https://pypi.org/project/Jinja2/
+JINJA_VERSION=3.1.2
+#https://github.com/hashicorp/vault/releases
+VAULT_VERSION=1.11.4
diff --git a/build.sh b/build.sh
index 51fa154..f18ae3d 100755
--- a/build.sh
+++ b/build.sh
@@ -2,18 +2,49 @@
 set -euo pipefail
 IFS=$'\n\t'
 
-IMAGE_TAG="2022-09-22_01"
-UPSTREAM_TAG="latest"
+IMAGE_TAG="2022-10-11"
+TAG_PREFIX_COMPLETE="complete"
+TAG_PREFIX_BASE="latest"
+TAG_PREFIX_BASE2="project"
+UPSTREAM_TAG_COMPLETE="${IMAGE_TAG}_${TAG_PREFIX_COMPLETE}"
+UPSTREAM_TAG_BASE="${IMAGE_TAG}_${TAG_PREFIX_BASE}"
+
+echo "building complete image with specific tag $UPSTREAM_TAG_COMPLETE and general tag $TAG_PREFIX_COMPLETE"
+echo "building base image with specific tag $UPSTREAM_TAG_BASE and general tag $TAG_PREFIX_BASE"
+
+##BUILD COMPLETE IMAGE
+
+#https://stackoverflow.com/a/62357213
+while IFS= read -r line; do
+  if [[ "$line" != \#* ]];
+   then buildargs_base+=(--build-arg "$line");
+  fi
+done < "args_base.args"
+
+while IFS= read -r line; do
+  if [[ "$line" != \#* ]];
+   then buildargs_optional+=(--build-arg "$line");
+  fi
+done < "args_optional.args"
 
 docker login
 
+echo "removing cached images"
+#remove current manifest to not ammend more images with same architecture but create a clean one
+docker manifest rm ksandermann/cloud-toolbox:$UPSTREAM_TAG_COMPLETE || true
+docker manifest rm ksandermann/cloud-toolbox:$TAG_PREFIX_COMPLETE || true
+rm -rf ~/.docker/manifests/docker.io_ksandermann_cloud-toolbox*
+
 #building image and pushing to private registry since it might still contain secrets/ssh keys or vulnerabilities
 #https://blog.jaimyn.dev/how-to-build-multi-architecture-docker-images-on-an-m1-mac/
 docker buildx build \
     --pull \
+    ${buildargs_base[@]} ${buildargs_optional[@]} \
     --platform linux/amd64,linux/arm64 \
-    -t ksandermann/cloud-toolbox-private:$IMAGE_TAG \
+    -t ksandermann/cloud-toolbox-private:$UPSTREAM_TAG_COMPLETE \
+    --no-cache \
     --push \
+    --progress plain \
     .
 
 #scanning private image - skipping binaries where it is known we are already using the latest available version.
@@ -22,51 +53,132 @@ docker buildx build \
 trivy image \
     --ignore-unfixed \
     --severity HIGH,CRITICAL,MEDIUM \
+    --skip-files "/usr/local/bin/containerd" \
+    --skip-files "/usr/local/bin/containerd-shim" \
+    --skip-files "/usr/local/bin/containerd-shim-runc-v2" \
+    --skip-files "/usr/local/bin/crictl" \
+    --skip-files "/usr/local/bin/ctr" \
+    --skip-files "/usr/local/bin/docker" \
+    --skip-files "/usr/local/bin/docker-init" \
+    --skip-files "/usr/local/bin/docker-proxy" \
+    --skip-files "/usr/local/bin/dockerd" \
     --skip-files "/usr/local/bin/helm" \
+    --skip-files "/usr/local/bin/kubectl" \
+    --skip-files "/usr/local/bin/kubelogin" \
     --skip-files "/usr/local/bin/oc" \
+    --skip-files "/usr/local/bin/sentinel" \
+    --skip-files "/usr/local/bin/stern" \
+    --skip-files "/usr/local/bin/tcpping" \
     --skip-files "/usr/local/bin/terraform" \
-    --skip-files "/usr/local/bin/kubectl" \
-    --skip-files "/usr/local/bin/crictl" \
-    --skip-files "/usr/local/bin/yq" \
     --skip-files "/usr/local/bin/vault" \
-    --skip-files "/usr/local/bin/tcpping" \
     --skip-files "/usr/local/bin/velero" \
-    --skip-files "/usr/local/bin/stern" \
-    --skip-files "/usr/local/bin/sentinel" \
+    --skip-files "/usr/local/bin/yq" \
+    --skip-dirs "/root/.azure/cliextensions/ssh/" \
+    ksandermann/cloud-toolbox-private:$UPSTREAM_TAG_COMPLETE
+
+echo "Vulnerability scan complete. Press ctrl+c to abort and not push images. Sleeping 120 seconds, then proceeding to push images"
+sleep 120
+echo "proceeding with pushing the images"
+
+echo "extracting image layer digests"
+COMPLETE_PRIVATE_MANIFEST_DIGEST_1=$(docker manifest inspect ksandermann/cloud-toolbox-private:$UPSTREAM_TAG_COMPLETE | jq -r '.manifests[0].digest')
+COMPLETE_PRIVATE_MANIFEST_DIGEST_2=$(docker manifest inspect ksandermann/cloud-toolbox-private:$UPSTREAM_TAG_COMPLETE | jq -r '.manifests[1].digest')
+
+echo "found digest 1: $COMPLETE_PRIVATE_MANIFEST_DIGEST_1"
+echo "found digest 2: $COMPLETE_PRIVATE_MANIFEST_DIGEST_2"
+
+echo "creating image manifest with tag ksandermann/cloud-toolbox:${UPSTREAM_TAG_COMPLETE}"
+docker manifest create ksandermann/cloud-toolbox:${UPSTREAM_TAG_COMPLETE} \
+    --amend ksandermann/cloud-toolbox-private@${COMPLETE_PRIVATE_MANIFEST_DIGEST_1} \
+    --amend ksandermann/cloud-toolbox-private@${COMPLETE_PRIVATE_MANIFEST_DIGEST_2}
+
+
+echo "creating image manifest with tag ksandermann/cloud-toolbox:${TAG_PREFIX_COMPLETE}"
+docker manifest create ksandermann/cloud-toolbox:${TAG_PREFIX_COMPLETE} \
+    --amend ksandermann/cloud-toolbox-private@${COMPLETE_PRIVATE_MANIFEST_DIGEST_1} \
+    --amend ksandermann/cloud-toolbox-private@${COMPLETE_PRIVATE_MANIFEST_DIGEST_2}
+
+
+#push both images
+echo "pushing images"
+docker manifest push ksandermann/cloud-toolbox:$UPSTREAM_TAG_COMPLETE
+docker manifest push ksandermann/cloud-toolbox:$TAG_PREFIX_COMPLETE
+
+##BUILD LATEST IMAGE
+
+#remove current manifest to not ammend more images with same architecture but create a clean one
+docker manifest rm ksandermann/cloud-toolbox:$UPSTREAM_TAG_BASE || true
+docker manifest rm ksandermann/cloud-toolbox:$TAG_PREFIX_BASE || true
+docker manifest rm ksandermann/cloud-toolbox:$TAG_PREFIX_BASE2 || true
+rm -rf ~/.docker/manifests/docker.io_ksandermann_cloud-toolbox*
+
+#building image and pushing to private registry since it might still contain secrets/ssh keys or vulnerabilities
+#https://blog.jaimyn.dev/how-to-build-multi-architecture-docker-images-on-an-m1-mac/
+docker buildx build \
+    --pull \
+    ${buildargs_base[@]} \
+    --platform linux/amd64,linux/arm64 \
+    --no-cache \
+    -t ksandermann/cloud-toolbox-private:$UPSTREAM_TAG_BASE \
+    --progress plain \
+    --push \
+    .
+
+#scanning private image - skipping binaries where it is known we are already using the latest available version.
+#ssh keys get removed in the step they get generated
+#azure-cli ssh extension triggers a false-positive string being recognized as Alibaba access token
+trivy image \
+    --ignore-unfixed \
+    --severity HIGH,CRITICAL,MEDIUM \
     --skip-files "/usr/local/bin/containerd" \
     --skip-files "/usr/local/bin/containerd-shim" \
     --skip-files "/usr/local/bin/containerd-shim-runc-v2" \
+    --skip-files "/usr/local/bin/crictl" \
+    --skip-files "/usr/local/bin/ctr" \
     --skip-files "/usr/local/bin/docker" \
     --skip-files "/usr/local/bin/docker-init" \
     --skip-files "/usr/local/bin/docker-proxy" \
     --skip-files "/usr/local/bin/dockerd" \
+    --skip-files "/usr/local/bin/helm" \
+    --skip-files "/usr/local/bin/kubectl" \
     --skip-files "/usr/local/bin/kubelogin" \
+    --skip-files "/usr/local/bin/oc" \
+    --skip-files "/usr/local/bin/sentinel" \
+    --skip-files "/usr/local/bin/stern" \
+    --skip-files "/usr/local/bin/tcpping" \
+    --skip-files "/usr/local/bin/terraform" \
+    --skip-files "/usr/local/bin/vault" \
+    --skip-files "/usr/local/bin/velero" \
+    --skip-files "/usr/local/bin/yq" \
     --skip-dirs "/root/.azure/cliextensions/ssh/" \
-    ksandermann/cloud-toolbox-private:$IMAGE_TAG
+    ksandermann/cloud-toolbox-private:$UPSTREAM_TAG_BASE
 
-for i in {1..5}
-do
-    echo ""
-done
 echo "Vulnerability scan complete. Press ctrl+c to abort and not push images. Sleeping 120 seconds, then proceeding to push images"
 sleep 120
 echo "proceeding with pushing the images"
 
-PRIVATE_MANIFEST_DIGEST_1=$(docker manifest inspect ksandermann/cloud-toolbox-private:$IMAGE_TAG | yq '.manifests[0].digest')
-PRIVATE_MANIFEST_DIGEST_2=$(docker manifest inspect ksandermann/cloud-toolbox-private:$IMAGE_TAG | yq '.manifests[1].digest')
+BASE_PRIVATE_MANIFEST_DIGEST_1=$(docker manifest inspect ksandermann/cloud-toolbox-private:$UPSTREAM_TAG_BASE | jq -r '.manifests[0].digest')
+BASE_PRIVATE_MANIFEST_DIGEST_2=$(docker manifest inspect ksandermann/cloud-toolbox-private:$UPSTREAM_TAG_BASE | jq -r '.manifests[1].digest')
 
-docker manifest create ksandermann/cloud-toolbox:$IMAGE_TAG \
-    --amend ksandermann/cloud-toolbox-private@$PRIVATE_MANIFEST_DIGEST_1 \
-    --amend ksandermann/cloud-toolbox-private@$PRIVATE_MANIFEST_DIGEST_2
+#create public tag with "date_latest"
+echo "creating image manifest with tag ksandermann/cloud-toolbox:${UPSTREAM_TAG_BASE}"
+docker manifest create ksandermann/cloud-toolbox:$UPSTREAM_TAG_BASE \
+    --amend ksandermann/cloud-toolbox-private@$BASE_PRIVATE_MANIFEST_DIGEST_1 \
+    --amend ksandermann/cloud-toolbox-private@$BASE_PRIVATE_MANIFEST_DIGEST_2
 
-#docker manifest push ksandermann/cloud-toolbox:$IMAGE_TAG
-
-#remove current manifest to not ammend more images with same architecture but create a clean one
-docker manifest rm ksandermann/cloud-toolbox:$UPSTREAM_TAG || true
-rm -rf ~/.docker/manifests/docker.io_ksandermann_cloud-toolbox-latest
+#create public tag with "latest"
+echo "creating image manifest with tag ksandermann/cloud-toolbox:${TAG_PREFIX_BASE}"
+docker manifest create ksandermann/cloud-toolbox:$TAG_PREFIX_BASE \
+    --amend ksandermann/cloud-toolbox-private@$BASE_PRIVATE_MANIFEST_DIGEST_1 \
+    --amend ksandermann/cloud-toolbox-private@$BASE_PRIVATE_MANIFEST_DIGEST_2
 
-docker manifest create ksandermann/cloud-toolbox:$UPSTREAM_TAG \
-    --amend ksandermann/cloud-toolbox-private@$PRIVATE_MANIFEST_DIGEST_1 \
-    --amend ksandermann/cloud-toolbox-private@$PRIVATE_MANIFEST_DIGEST_2
+#create public tag with "project"
+echo "creating image manifest with tag ksandermann/cloud-toolbox:${TAG_PREFIX_BASE2}"
+docker manifest create ksandermann/cloud-toolbox:$TAG_PREFIX_BASE2 \
+    --amend ksandermann/cloud-toolbox-private@$BASE_PRIVATE_MANIFEST_DIGEST_1 \
+    --amend ksandermann/cloud-toolbox-private@$BASE_PRIVATE_MANIFEST_DIGEST_2
 
-docker manifest push ksandermann/cloud-toolbox:$UPSTREAM_TAG
+echo "pushing images"
+docker manifest push ksandermann/cloud-toolbox:$UPSTREAM_TAG_BASE
+docker manifest push ksandermann/cloud-toolbox:$TAG_PREFIX_BASE
+docker manifest push ksandermann/cloud-toolbox:$TAG_PREFIX_BASE2
diff --git a/docs/version_history.md b/docs/version_history.md
index 1886640..dbf7cd8 100644
--- a/docs/version_history.md
+++ b/docs/version_history.md
@@ -1,3 +1,20 @@
+## version history before 2022-10-05
+
+| RELEASE       | UBUNTU | DOCKER   | KUBECTL | OC CLI  | HELM   | TERRAFORM | AWS CLI | AZ CLI | GCLOUD SDK | ANSIBLE | JINJA2 | OPENSSH | CRICTL | VAULT  | VELERO | SENTINEL |
+|---------------|--------|----------|---------|---------|--------|-----------|---------|--------|------------|---------|--------|---------|--------|--------|--------|----------|
+| 2022-09-22_01 | 20.04  | 20.10.18 | 1.25.1  | 4.11.4  | 3.9.4  | 1.2.9     | 1.25.77 | 2.40.0 | 402.0.0    | 6.4.0   | 3.1.2  | 9.0p1   | 1.25.0 | 1.11.3 | 1.9.1  | 0.18.12  |
+| 2022-09-21_01 | 20.04  | 20.10.18 | 1.25.1  | 4.11.4  | 3.9.4  | 1.2.9     | 1.25.77 | 2.40.0 | 402.0.0    | 6.4.0   | 3.1.2  | 9.0p1   | 1.25.0 | 1.11.3 | 1.9.1  | 0.18.12  |
+| 2022-09-14_01 | 20.04  | 20.10.18 | 1.25.0  | 4.11.1  | 3.9.4  | 1.2.9     | 1.25.73 | 2.40.0 | 402.0.0    | 6.3.0   | 3.1.2  | 9.0p1   | 1.25.0 | 1.11.3 | 1.9.1  | 0.18.11  |
+| 2022-08-25_01 | 20.04  | 20.10.17 | 1.25.0  | 4.11.0  | 3.9.4  | 1.2.8     | 1.25.60 | 2.39.0 | 399.0.0    | 6.3.0   | 3.1.2  | 9.0p1   | 1.24.2 | 1.11.2 | 1.9.1  | 0.18.11  |
+| 2022-07-30_01 | 20.04  | 20.10.17 | 1.24.3  | 4.10.23 | 3.9.2  | 1.2.6     | 1.25.41 | 2.38.0 | 395.0.0    | 6.1.0   | 3.1.2  | 9.0p1   | 1.24.2 | 1.11.1 | 1.9.0  | 0.18.11  |
+| 2022-07-13_01 | 20.04  | 20.10.17 | 1.24.2  | 4.10.20 | 3.9.0  | 1.2.5     | 1.25.28 | 2.38.0 | 393.0.0    | 6.1.0   | 3.1.2  | 9.0p1   | 1.24.2 | 1.11.0 | 1.9.0  | 0.18.11  |
+| 2022-06-16_01 | 20.04  | 20.10.17 | 1.24.1  | 4.10.17 | 3.9.0  | 1.2.3     | 1.25.9  | 2.37.0 | 390.0.0    | 5.9.0   | 3.1.2  | 9.0p1   | 1.24.2 | 1.10.4 | 1.8.1  | 0.18.11  |
+| 2022-05-02_01 | 20.04  | 20.10.14 | 1.23.6  | 4.10.10 | 3.8.2  | 1.1.9     | 1.23.4  | 2.36.0 | 383.0.1    | 5.7.0   | 3.1.2  | 9.0p1   | 1.23.0 | 1.10.2 | 1.8.1  | 0.18.9   |
+| 2022-04-26_01 | 20.04  | 20.10.14 | 1.23.6  | 4.10.9  | 3.8.2  | 1.1.9     | 1.23.0  | 2.36.0 | 382.0.0    | 5.6.0   | 3.1.1  | 9.0p1   | 1.23.0 | 1.10.1 | 1.8.1  | 0.18.9   |
+| 2022-03-17_01 | 20.04  | 20.10.13 | 1.23.5  | 4.10.3  | 3.8.1  | 1.1.7     | 1.22.76 | 2.34.1 | 377.0.0    | 5.5.0   | 3.0.3  | 8.9p1   | 1.23.0 | 1.9.4  | 1.8.1  | 0.18.7   |
+
+
+
 ## version history before 2022-03-17
 
 | RELEASE       | UBUNTU | DOCKER   | KUBECTL  | OC CLI | HELM2    | HELM   | TERRAFORM | AWS CLI  | AZ CLI | GCLOUD SDK | ANSIBLE | JINJA2 | OPENSSH | CRICTL | VAULT | VELERO | SENTINEL |
diff --git a/run.sh b/run.sh
index f10e214..2425425 100755
--- a/run.sh
+++ b/run.sh
@@ -30,6 +30,23 @@ function attachToToolbox {
   docker exec -it toolbox /bin/bash
 }
 
+function testBinaries {
+  docker --version && \
+  yq --version && \
+  tcpping && \
+  helm version && \
+  kubectl version --client=true && \
+  crictl --version && \
+  terraform version  && \
+  velero version --client-only && \
+  sentinel --version && \
+  kubelogin --version && \
+  stern --version && \
+  oc version --client && \
+  vault -version && \
+  gcloud version
+}
+
 if [[ "$(docker ps -a | grep toolbox)" ]]
 then
     attachToToolbox