{"id":18677823,"url":"https://github.com/clastix/src-to-oci","last_synced_at":"2026-03-19T05:49:54.644Z","repository":{"id":46050887,"uuid":"426146098","full_name":"clastix/src-to-oci","owner":"clastix","description":null,"archived":false,"fork":false,"pushed_at":"2021-11-18T17:08:57.000Z","size":36,"stargazers_count":2,"open_issues_count":0,"forks_count":1,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-05-18T13:46:45.516Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Makefile","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/clastix.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-11-09T08:21:00.000Z","updated_at":"2023-11-21T09:20:39.000Z","dependencies_parsed_at":"2022-09-15T15:11:55.439Z","dependency_job_id":null,"html_url":"https://github.com/clastix/src-to-oci","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/clastix/src-to-oci","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/clastix%2Fsrc-to-oci","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/clastix%2Fsrc-to-oci/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/clastix%2Fsrc-to-oci/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/clastix%2Fsrc-to-oci/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/clastix","download_url":"https://codeload.github.com/clastix/src-to-oci/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/clastix%2Fsrc-to-oci/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28754823,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-25T13:59:49.818Z","status":"ssl_error","status_checked_at":"2026-01-25T13:59:33.728Z","response_time":113,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-07T09:35:05.869Z","updated_at":"2026-01-25T15:32:54.194Z","avatar_url":"https://github.com/clastix.png","language":"Makefile","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Give me your code: I give you back your OCI image\n\n#### Building and shipping images like a pro!\n\n## Quickstart\n\n1. **Configure the requisites**\n\n```sh\nmake reqs\n```\n\n2. **Configure the identity that the controller will assume to reconcile a sample app**\n\n```sh\nmake app/rbac\n```\n\n3. **(Optional) Configure credentials to push to external OCI registries**\n\n```sh\nkubectl create secret -n kapp-controller docker-registry buildkit --docker-server=\u003cRegistry URL\u003e --docker-username=\u003cRegistry username\u003e --docker-password=\u003cRegistry password\u003e\n```\n\n4. **Build and deploy (Go and NodeJS) sample apps**\n\n```sh\nkubectl apply -f ./{go,nodejs}-simpleapp.yaml\n```\n\n## The architecture\n\n```\n │\n Consumer │ Platform\n space │ space\n │ ┌──────────────────────────────────┐\n │ │ Kapp Controller │\n │ │ | Reconcile |\n┌───────────────┐ │ ┌───────────────┐ │ ┌─────────────┐ │ │\n│ App Source │ │ │ App Config │ │ │ │ │ │\n│ Repository │ │ │ ┌──────────┐ │ │ │ Ytt │ │ │\n│ ┌──────────┐ |◄──┼───┼─┤ Fetch │ │◄───┤ │ │ │ │\n│ │ Source │ │ │ │ │ Config | | │ └──────┬──────┘ │ │\n│ │ code │ │ │ │ ├──────────┤ │ │ │ Templating │\n│ └──────────┘ │ │ │ │ Build │ │ │ ┌──────▼──────┐ │ │\n│ │ | | | Config │ │ │ │ │ │ Image digest resolution\n│ │ │ │ ├──────────┤ │ │ │ Kbld │───┼───────────┬─────────────►\n│ │ │ │ │ Deploy │ │ │ │ │ │ Config recording\n│ │ │ │ │ Config │ │ │ └──────┬──────┘ ▼ │\n│ │ │ │ └──────────┘ │ │ Orchestrating | |\n│ │ │ │ │ │ ┌──────▼──────┐ │ │\n└───────────────┘ │ └───────────────┘ │ │ │ │ │\n │ │ │ Buildkit │ │ │\n │ │ │ │ │ │\n │ │ └──────┬──────┘ │ │\n │ │ │ Image building │\n │ │ ┌──────▼──────┐ │ │\n │ │ │ │ │ │\n │ │ │ OCI Image │ │ │\n │ │ │ │ │ │\n │ │ └──────┬──────┘ │ │\n │ │ │ Image pushing │\n┌───────────────┐ │ │ ┌──────▼──────┐ │ │\n│ │ │ │ │ │ │ │\n│ App Image |◄──┼────────────────────────┼────┤ OCI Registry│ │ Kbld │\n│ │ │ │ │ │ │ config │\n└───────────────┘ │ │ └─────────────┘ │ result |\n │ │ ▼ │\n┌───────────────┐ │ │ ┌────────────────────┐ │\n│ │ │ │ │ | │\n│ App API |◄──┼────────────────────────┼────┤ Kapp deploy | |\n│ │ │ │ │ | |\n└───────────────┘ │ │ └────────────────────┘ │\n │ │ │\n │ └──────────────────────────────────┘\n │\n │\n```\n\n## Prerequisite\n\nA Kubernetes cluster must be initialized, you can use `kind` to scaffold a local one.\n\n```\nkind create cluster --name oci\n```\n\n### Install the Kapp Controller\n\n`kapp-controller` is the GitOps engine and CI/CD engine behind the PoC.\n\nActually, it must be installed using the container image `quay.io/maxgio92/kapp-controller:v0.20.0-feat-buildkit` due to some hotfixes not yet ported in the `upstream`.\n\n```shell\nkubectl apply -f ./kapp-controller\n```\n\n### Ensure that `buildkit` has been deployed in `kapp-controller` Namespace.\n\n`buildkit` will be the builder to compile the OCI images using the `containerd` socket.\n\n```shell\nkubectl buildkit create --config=./buildkit/config.toml\n```\n\n\u003e Installation should be performed in an idempotent way by the `kapp-controller` at first run, we like to play safe.\n\n### Ensure that the `buildkit` ConfigMap is using the right configuration\n\nFor the PoC, we have to ensure being able to push to a local repository that is self-hosted in the cluster: this means to TLS to keep the setup as streamline and no burderning as possible.\n\n```shell\ncat ./buildkit/config.toml\ndebug = true\n[worker.containerd]\n namespace = \"k8s.io\"\n[registry.\"registry.default:5000\"]\n http = true\n insecure = true\n```\n\n```shell\nkubectl -n kapp-controller create configmap buildkit --from-file=./buildkit/config.toml --dry-run=client -o yaml | kubectl apply -f -\n```\n\n### Deploy the Registry\n\nWe have to host our images, the easier way is having a local registry.\n\n```shell\nkubectl -n default apply -f ./registry\n```\n\n### Ensure the `kubectl-buildkit` RBAC is well configured\n\nThis is required to allow `kubectl-buildkit` binary to connect to the `buildkit` pods running in the same Namespace.\n\n```shell\nkubectl -n kapp-controller apply -f ./rbac/kubectl-buildkit/clusterrole.yaml\n```\n\n```shell\nkubectl -n kapp-controller apply -f ./rbac/kubectl-buildkit/rolebinding.yaml\n```\n\n### Create the `simpleapp` required RBAC for the App definition.\n\nEach App resource will grant permission to a specific Namespace following the least privilege principle security: the `simpleapp` will be able to manipulate resources just in its Namespace.\n\nThis is achievable creating a _Service Account_ that will be used by `kapp` to interact with the Kubernetes APIs.\n\n```shell\nkubectl -n default apply -f ./rbac/simpleapp/serviceaccount.yaml\n```\n\n```shell\nkubectl -n default apply -f ./rbac/simpleapp/rolebinding.yaml\n```\n\n### Finally, deploy the App manifest\n\n```shell\nkubectl -n default apply -f app.yaml\n```\n\nAfter a while, you'll end up with your Kubernetes resources deployed in the `default` Namespace, along with the built image in the registry!\n\nYou can check the pushed image doing a `kubectl -n default port-forward svc/registry 5000` and performing a curl as follows:\n\n```\ncurl -s localhost:5000/v2/dkalinin/k8s-simple-app/tags/list | jq\n{\n \"name\": \"dkalinin/k8s-simple-app\",\n \"tags\": [\n \"rand-1636035802052238426-23020512585110-simple-app\",\n \"rand-1636035879761363148-23661231108212-simple-app\",\n \"rand-1636035573732647161-15319724092168-simple-app\",\n \"rand-1636035689187581038-62121151971-simple-app\",\n \"rand-1636035765142987597-237186124193138-simple-app\",\n \"rand-1636035536302191351-6313325222646-simple-app\",\n \"rand-1636035612490018087-4089132189189-simple-app\",\n \"rand-1636035727340293068-13312016318875-simple-app\",\n \"rand-1636035650671132368-2062444129177-simple-app\",\n \"rand-1636035841539707777-21542242238171-simple-app\"\n ]\n}\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fclastix%2Fsrc-to-oci","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fclastix%2Fsrc-to-oci","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fclastix%2Fsrc-to-oci/lists"}