Kubernetes Container Registry

Overview

k8scr

A kubectl plugin for pushing OCI images through the Kubernetes API server.

Quickstart

  1. Build kubectl-k8scr
make build
  1. Move to location in PATH
sudo mv ./kubectl-k8scr /usr/local/bin
  1. Deploy simple in-memory registry into cluster
kubectl apply -f distribution.yaml

Optional: tail logs to observe results of next step with kubectl logs k8scr -f.

  1. Push image to registry
kubectl k8scr push crossplane/crossplane:v1.2.1

Usage

Usage: k8scr <command>

Push and pull images through the Kubernetes API server.

Flags:
  -h, --help                   Show context-sensitive help.
      --kubeconfig=STRING      Override default kubeconfig path.
  -n, --namespace="default"    Namespace of registry Pod.
  -r, --registry="k8scr"       Name of registry Pod.

Commands:
  push <image>

  pull <image>

How Does This Work?

k8scr uses go-containerregistry to push and pull images, but passes in an http.RoundTripper that reconstructs OCI distribution compliant requests so that they pass through the Kubernetes API server Pod proxy endpoint, before eventually calling the underlying transport constructed from a user's kubeconfig. This allows for pushing and pulling directly to and from an OCI image registry running in a Kubernetes cluster without having to expose it publicly or privately. Any user with access to the cluster and pods/proxy RBAC permissions for the registry Pod is able to push and pull.

What Else Can It Do?

Pretty much any of the operations go-containerregistry supports could also be supported here as the transport is pluggable. I'll likely move it upstream or offer it as a stand-alone library if there is enough interest.

Issues
  • What does -load mean in the image directive in the makefile?

    What does -load mean in the image directive in the makefile?

    image:
    	@docker build . -f distribution.Dockerfile -t hasheddan/k8scr-distribution:latest --load
    

    What does -load mean in the image directive in the makefile? 🔼

    opened by marionxue 2
  • Thanks for your project, little questions here

    Thanks for your project, little questions here

    Hi, i am a beginner in kubernetes. Thanks for your project, I learned that K8S-API-Server has a Proxy feature. I read the source code of this project and drew the diagram of its implementation. Do I understand it correctly?

    1111111
    opened by xhkyyy 1
  • Setup initial CI and build pipeline

    Setup initial CI and build pipeline

    Sets up an initial CI and build pipeline. Artifacts are uploaded alongside the action run after build. Does not yet support building the distribution image or any release activities.

    opened by hasheddan 0
  • Make binaries avaiable

    Make binaries avaiable

    I would like to write a guide that leverages k8scr to make Crossplane fully offline available. With the current setup users would need to clone this repo and run make build. I would like to simplify the setup that it doesn't involve any go build or make build. A simple script to curl would be fine.

    opened by luebken 1
  • Usage with external registry

    Usage with external registry

    I am running an instance of harbor on a VM outside my cluster, I can't go around that. Also, I have a few ci pipelines that use kaniko as a way to build and push images. Is there a way to use this project to replicate the push function of kaniko (without docker-daemon)? My team has been looking for an alternative for a while.

    Thank you very much for this project.

    opened by saharlaor 1
  • Is this useful?

    Is this useful?

    I wrote k8scr quickly as a way to get OCI images into registries running in Kubernetes clusters because it was relevant to work I do with Crossplane. However, I imagine it could be generally useful for folks, and some have already shown interest. There are a variety of ways the scope of this project could be expanded, such as making the in-cluster registry component a little more automated (i.e. automatically deploy tiny temporary registry just to get image to whatever its final destination in the cluster is). Anyway, I am happy to expand / maintain this project if folks find it useful, so I would love to get some feedback as to what people want to see and how they may be using it already. Feel free to comment below or, if necessary, reach out privately to @hasheddan.

    opened by hasheddan 3
Owner
Daniel Mangum
A complex system that works is invariably found to have evolved from a simple system that worked.
Daniel Mangum
Kubernetes Container Registry

k8scr A kubectl plugin for pushing OCI images through the Kubernetes API server. Quickstart Build kubectl-k8scr make build Move to location in PATH s

Daniel Mangum 110 Mar 25, 2022
Kubernetes controller for backing up public container images to our own registry repository

image-clone-controller Kubernetes controller which watches applications (Deployment and DaemonSet) and "caches" the images (public container images) b

Sahadat Hossain 6 Jan 17, 2022
Container Registry Synchronization made easy and fast

?? booster - Makes synchronization of container images between registries faster.

Silvio Moioli 10 Oct 7, 2021
Returns which registry from the container image name

Returns which registry from the container image name

Nozomu Ohki 0 Jan 23, 2022
KEDA is a Kubernetes-based Event Driven Autoscaling component. It provides event driven scale for any container running in Kubernetes

Kubernetes-based Event Driven Autoscaling KEDA allows for fine-grained autoscaling (including to/from zero) for event driven Kubernetes workloads. KED

KEDA 4.9k May 11, 2022
Moby Project - a collaborative project for the container ecosystem to assemble container-based systems

The Moby Project Moby is an open-source project created by Docker to enable and accelerate software containerization. It provides a "Lego set" of tool

Moby 63k May 11, 2022
Boxygen is a container as code framework that allows you to build container images from code

Boxygen is a container as code framework that allows you to build container images from code, allowing integration of container image builds into other tooling such as servers or CLI tooling.

nitric 5 Dec 13, 2021
Amazon ECS Container Agent: a component of Amazon Elastic Container Service

Amazon ECS Container Agent The Amazon ECS Container Agent is a component of Amazon Elastic Container Service (Amazon ECS) and is responsible for manag

null 0 Dec 28, 2021
The Container Storage Interface (CSI) Driver for Fortress Block Storage This driver allows you to use Fortress Block Storage with your container orchestrator

fortress-csi The Container Storage Interface (CSI) Driver for Fortress Block Storage This driver allows you to use Fortress Block Storage with your co

Fortress 0 Jan 23, 2022
k8s-image-swapper Mirror images into your own registry and swap image references automatically.

k8s-image-swapper Mirror images into your own registry and swap image references automatically. k8s-image-swapper is a mutating webhook for Kubernetes

Enrico Stahn 300 May 1, 2022
Solana Token Registry - a package that allows application to query for list of tokens

Please note: This repository is being rebuilt to accept the new volume of token additions and modifications. PR merges will be delayed. @solana/spl-to

Square and Compass 0 Jan 16, 2022
A tool to check whether docker images exist in the remote registry.

Check Docker Image A tool to check whether docker images exist in the remote registry. Build project: go build -o check-image . Example usage: REGISTR

Hao-Ming, Hsu 1 Jan 20, 2022
Common Image Registry for Testcontainers-Go

Testcontainers-Go Common Image Registry Common Image Registry for Testcontainers-Go Prerequisites Go >= 1.16 Install go get github.com/nhatthm/testcon

Nhat 1 Feb 3, 2022
Service registry/discovery implementation in Go.

go-service-registry Availabe endpoints : GET http://localhost:3000/ --> Dashboard GET http://localhost:3000/services/[serviceName] --> Get available

null 1 Feb 11, 2022
Kubernetes OS Server - Kubernetes Extension API server exposing OS configuration like sysctl via Kubernetes API

KOSS is a Extension API Server which exposes OS properties and functionality using Kubernetes API, so it can be accessed using e.g. kubectl. At the moment this is highly experimental and only managing sysctl is supported. To make things actually usable, you must run KOSS binary as root on the machine you will be managing.

Mateusz Gozdek 3 May 19, 2021
⎈ Multi pod and container log tailing for Kubernetes

stern Stern allows you to tail multiple pods on Kubernetes and multiple containers within the pod. Each result is color coded for quicker debugging. T

wercker 5.9k May 11, 2022
A toolbox for debugging docker container and kubernetes with web UI.

A toolbox for debugging Docker container and Kubernetes with visual web UI. You can start the debugging journey on any docker container host! You can

CloudNativer 52 Apr 13, 2022
Kubernetes workload controller for container image deployment

kube-image-deployer kube-image-deployer는 Docker Registry의 Image:Tag를 감시하는 Kubernetes Controller입니다. Keel과 유사하지만 단일 태그만 감시하며 더 간결하게 동작합니다. Container, I

PUBG Corporation 2 Mar 8, 2022