{"id":7689964,"url":"https://github.com/indeedeng/harbor-container-webhook","last_synced_at":"2025-05-15T09:20:02.190Z","repository":{"id":46561713,"uuid":"304411363","full_name":"indeedeng/harbor-container-webhook","owner":"indeedeng","description":"mutating webhook which rewrites container images to use a Harbor proxy cache","archived":false,"fork":false,"pushed_at":"2025-03-17T22:17:47.000Z","size":368,"stargazers_count":88,"open_issues_count":10,"forks_count":24,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-05-07T23:40:06.983Z","etag":null,"topics":["docker","harbor","kubernetes","webhook"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/indeedeng.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2020-10-15T18:13:00.000Z","updated_at":"2025-05-05T20:44:06.000Z","dependencies_parsed_at":"2024-01-26T18:43:33.711Z","dependency_job_id":null,"html_url":"https://github.com/indeedeng/harbor-container-webhook","commit_stats":{"total_commits":39,"total_committers":4,"mean_commits":9.75,"dds":"0.10256410256410253","last_synced_commit":"969b4284c9b283166a958e29a03664948ccbe236"},"previous_names":["indeedeng-alpha/harbor-container-webhook"],"tags_count":14,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/indeedeng%2Fharbor-container-webhook","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/indeedeng%2Fharbor-container-webhook/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/indeedeng%2Fharbor-container-webhook/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/indeedeng%2Fharbor-container-webhook/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/indeedeng","download_url":"https://codeload.github.com/indeedeng/harbor-container-webhook/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254310502,"owners_count":22049471,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["docker","harbor","kubernetes","webhook"],"created_at":"2024-04-09T13:02:59.584Z","updated_at":"2025-05-15T09:20:02.094Z","avatar_url":"https://github.com/indeedeng.png","language":"Go","funding_links":[],"categories":["Projects","General"],"sub_categories":[],"readme":"harbor-container-webhook\n=========\n\nA kubernetes mutating webhook which rewrites container images to use a Harbor proxy cache.\nThis is typically useful for mirroring public registries that have low rate limits, such as dockerhub, or limiting\npublic bandwidth usage, by mirroring images in a local Harbor registry.\n\nharbor-container-webhook inspects pod requests in a kubernetes cluster and rewrites the container image registry of\nmatching images.\n\n* [Prerequisites](#prerequisites)\n* [Installing](#installing)\n* [Usage](#usage)\n* [Local Development](#local-development)\n\nPrerequisites\n===\nRequires kubernetes 1.17+ and can either be installed via helm or bare manifests.\n\nInstalling with helm\n===\n\nOption 1: Install from chart repository\n```shell\nhelm repo add harbor-container-webhook https://indeedeng.github.io/harbor-container-webhook/\n\nhelm install harbor-container-webhook harbor-container-webhook/harbor-container-webhook -n harbor-container-webhook --create-namespace \n```\n\nOption 2: Install chart from local build\n\nBuild and install the Helm chart locally after cloning the repository.\n```shell\nmake helm.build\n\nhelm install harbor-container-webhook ./bin/chart/harbor-container-webhook.tgz -n harbor-container-webhook --create-namespace\n```\n\nUsage\n===\nThe harbor-container-webhook rewrites are managed by configuration rules. Each rule contains a list of regular\nexpressions to match on, as well as an optional list of regular expressions to exclude. For each container image\nreference which matches at least one match rule and none of the exclusion rules, then the registry is replaced\nby the `replace` contents of the rule. If `checkUpstream` is enabled, the webhook will first fetch the manifest\nthe rewritten container image reference and verify it exists before rewriting the image.\n\nExample configuration:\n```yaml\nport: 9443\ncertDir: \"./hack/certs\"\nhealthAddr: \":8080\"\nmetricsAddr: \":8081\"\nrules:\n  - name: 'docker.io rewrite rule'\n    # image refs must match at least one of the rules, and not match any excludes\n    matches:\n      - '^docker.io'\n    excludes:\n      # for example, exclude ubuntu from harbor's proxy cache\n      - '^docker.io/(library/)?ubuntu:.*$'\n    replace: 'harbor.example.com/dockerhub-proxy'\n    checkUpstream: false\n  - name: 'docker.io ubuntu rewrite rule'\n    # image refs must match at least one of the rules, and not match any excludes\n    matches:\n      - '^docker.io/(library/)?ubuntu:.*$'\n    replace: 'harbor.example.com/ubuntu-proxy'\n    checkUpstream: true # tests if the manifest for the rewritten image exists\n    authSecretName: harbor-example-image-pull-secret # optional, defaults to \"\" - secret in the webhook namespace for authenticating to harbor.example.com\n```\nLocal Development\n===\n`make help` prints out the help info for local development:\n\n```\nbuild         Build binary for the specified arch\ndocker.build  Build the docker image\nfmt           ensure consistent code style\ngenerate      Generate code\nhack-test     curl the admission and no-op json bodies to the webhook\nhack          build and run the webhook w/hack config\nhelm.build    Build helm chart\nhelm.docs     Generate helm docs\nhelp          displays this help message\nlint          run golangci-lint\ntest          Run tests\n```\n\nEnsure tests and linters pass with `make lint test`.\n\nThe webhook can be run locally with `make hack` and then `make hack-test` to submit sample responses to the webhook.\n\nContributing\n===\nWe welcome contributions! Feel free to help make the harbor-container-webhook better.\n\nCode of Conduct\n===\nharbor-container-webhook is governed by the [Contributer Covenant v1.4.1](CODE_OF_CONDUCT.md)\n\nFor more information please contact opensource@indeed.com.\n\nLicense\n===\nThe harbor-container-webhook is open source under the [Apache 2](LICENSE) license.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Findeedeng%2Fharbor-container-webhook","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Findeedeng%2Fharbor-container-webhook","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Findeedeng%2Fharbor-container-webhook/lists"}