Skip to content
/ fury-distribution-container-image-sync Public

This is a simple mechanism that pulls and pushes container images based on a configuration file (yaml).

4 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

sighupio/fury-distribution-container-image-sync

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

667 Commits
.github/workflows
.github/workflows
 
 
CVEs
CVEs
 
 
modules
modules
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
single_sync.sh
single_sync.sh
 
 
single_sync_v2.sh
single_sync_v2.sh
 
 
sync.sh
sync.sh
 
 

Repository files navigation

Kubernetes Fury Distribution
Container Image Sync

Table of contents

Introduction

This is a simple mechanism that pulls and pushes or builds container images based on a configuration file (yaml).

The main goal for this repository is to have a central location used to sync on our public SIGHUP registry all the upstream images used by all the Fury modules.

The goal of this repository is twofold: build custom images and sync upstream ones used by all the Fury modules on our public SIGHUP registry.

Features:

  • Configurable via YAML files
  • Build custom images
  • Skips images if the layers between src and dest are the same using skopeo
  • Everything is executed with two bash scripts: sync.sh and single_sync.sh
  • Execute the vulnerability detection and patching of the synced images

How it works

Inside the folder modules/ there is a subfolder for each KFD module with an images.yml file.

Each images.yml file has to have a root attribute: images and its value is an array of objects:

  - name: # Simple description of the image
    source: # Source image. Where to pull the image
    tag: # Tags to sync
      - "xxx"
    destination:
      - # Destination registry

or (when building):

  - name: # Simple description of the image
    source: # Local name used by the newly built image
    build: # Build parameters
      context: # Path where the Dockerfile is stored (relative to images.yml file)
      args: # Build arguments
        - name: # Build argument name
          value: # Build argument value
    tag: # New image tag
      - "xxx"
    destination:
      - # Destination registry

Example images.yml:

  - name: Alpine
    source: docker.io/library/alpine
    tag:
      - "3"
      - "3.12"
      - "3.13"
      - "3.14"
    destinations:
      - registry.sighup.io/fury/alpine

  - name: Grafana
    source: grafana
    build:
      context: custom/grafana
      args:
        - name: GF_INSTALL_PLUGINS
          value: grafana-piechart-panel
    tag:
      - "8.5.5"
    destinations:
      - registry.sighup.io/fury/grafana/grafana

Automated sync execution

This automation runs once a day: "0 2 * * *" and every time someone pushes to the main branch.

Vulnerability detection and patching

The reports of vulnerability scanning and patching are available in the dedicate worflow run page.

On each workflow run, navigate to the Artefacts section where you can find:

  • the cve-reports-vX.Y.Z artefact (zip file) that includes the pre patching and post patching vulnerabilities reports for KFD version X.Y.Z.
  • the cve-patch-reports-by-image artefact (zip file) that includes the patching report by image for all the images used in all the supported KFD versions.

About

This is a simple mechanism that pulls and pushes container images based on a configuration file (yaml).

Topics

docker registry skopeo container-images fury-distribution

Resources

Readme
Activity
Custom properties

Stars

4 stars

Watchers

10 watching

Forks

1 fork
Report repository

Contributors 23

+ 9 contributors

Languages