https://github.com/fairwindsops/saffire

[alpha] Controller to override image sources in the event that an image cannot be pulled.
https://github.com/fairwindsops/saffire

docker-registry fairwinds-incubator kubernetes

Last synced: 1 day ago
JSON representation

[alpha] Controller to override image sources in the event that an image cannot be pulled.

• Host: GitHub
• URL: https://github.com/fairwindsops/saffire
• Owner: FairwindsOps
• License: apache-2.0
• Created: 2020-06-12T20:15:36.000Z (over 4 years ago)
• Default Branch: main
• Last Pushed: 2025-01-06T13:44:42.000Z (23 days ago)
• Last Synced: 2025-01-20T17:13:16.530Z (9 days ago)
• Topics: docker-registry, fairwinds-incubator, kubernetes
• Language: Go
• Homepage: https://fairwinds.com
• Size: 256 KB
• Stars: 115
• Watchers: 14
• Forks: 6
• Open Issues: 3
• Metadata Files:
  • Readme: README.md
  • License: LICENSE
  • Code of conduct: CODE_OF_CONDUCT.md
  • Codeowners: CODEOWNERS

Awesome Lists containing this project

README

        


    

    


    

        

    

    

        

    

    

      

    

    

      

    



A controller to override image sources in the event that an image cannot be pulled.

**Want to learn more?** Reach out on [the Slack channel](https://fairwindscommunity.slack.com/messages/saffire) ([request invite](https://join.slack.com/t/fairwindscommunity/shared_invite/zt-e3c6vj4l-3lIH6dvKqzWII5fSSFDi1g)), send an email to `[email protected]`, or join us     for [office hours on Zoom](https://fairwindscommunity.slack.com/messages/office-hours)

Built using [kubebuilder](https://github.com/kubernetes-sigs/kubebuilder)

## Alpha Software

At this time, saffire is currently in _alpha_. This means that we could change literally anything at any time without notice. Keep an eye out for major changes, and hopefully a v1 release at some point.

## Why?

The image repository for docker images is a single point of failure for many clusters. As seen in the past with [rate limiting on Docker Hub]() and several high-profile [Quay.io outages](), these images being unavailable can produce disastrous consequences for Kubernetes cluster operators.

The intent of saffire is to provide operators with a method of automatically switching image repositories when `imagePullErrors` occur.

## How?

This works via controller and a CRD called an `AlternateImageSource`. The `AlternateImageSource` specifies a set of `equivalentRepositories`. These repositories *must* have the exact same image tags pushed to them. In order to achieve this, we recommend pushing images to both repositories from your CI pipeline. Here's an example `AlternateImageSource`

```

apiVersion: saffire.fairwinds.com/v1alpha1

kind: AlternateImageSource

metadata:

  name: alternateimagesource-sample

spec:

  imageSourceReplacements:

    - equivalentRepositories:

        - quay.io/fairwinds/docker-demo

        - ehazlett/docker-demo

```

This indicates that `quay.io/fairwinds/docker-demo` and `ehazlett/docker-demo` have the exact same image tags in both.

Once the controller and this `AlternateImageSource` are installed in your cluster, if any pod experiences an `ImgagePullError` in that namespace and the image matches one of these repositories, saffire will find the top level controller of that pod and patch it to set the image as one of the other repositories in the `equivalentRepositories` field (currently this only applies to deployments).