Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/hasheddan/k8scr
Kubernetes Container Registry
https://github.com/hasheddan/k8scr
cli go kubectl kubernetes
Last synced: 2 months ago
JSON representation
Kubernetes Container Registry
- Host: GitHub
- URL: https://github.com/hasheddan/k8scr
- Owner: hasheddan
- License: apache-2.0
- Created: 2021-05-29T12:06:43.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2022-03-24T12:46:59.000Z (over 2 years ago)
- Last Synced: 2024-06-20T08:19:06.099Z (4 months ago)
- Topics: cli, go, kubectl, kubernetes
- Language: Go
- Homepage:
- Size: 64.5 KB
- Stars: 114
- Watchers: 8
- Forks: 7
- Open Issues: 4
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-k8s - k8scr - memory k8s container registry (Container registry)
README
# k8scr
A `kubectl` plugin for pushing OCI images through the Kubernetes API server.
## Quickstart
1. Build `k8scr`
```
make build
```
2. Move to location in `PATH`
```
sudo mv ./build/k8scr /usr/local/bin/kubectl-k8scr
```
3. Deploy simple in-memory registry into cluster
```
kubectl apply -f distribution.yaml
```
> Optional: tail logs to observe results of next step with `kubectl logs k8scr -f`.
4. Push image to registry
```
kubectl k8scr push crossplane/crossplane:v1.2.1
```
## Usage
```
Usage: k8scr
Push and pull images through the Kubernetes API server.
Flags:
-h, --help Show context-sensitive help.
--kubeconfig=STRING Override default kubeconfig path.
-n, --namespace="default" Namespace of registry Pod.
-r, --registry="k8scr" Name of registry Pod.
Commands:
push
pull
```
## How Does This Work?
`k8scr` uses
[`go-containerregistry`](https://github.com/google/go-containerregistry) to push
and pull images, but passes in an
[`http.RoundTripper`](https://golang.org/pkg/net/http/#RoundTripper) that
reconstructs [OCI
distribution](https://github.com/opencontainers/distribution-spec/blob/main/spec.md)
compliant requests so that they pass through the Kubernetes API server `Pod`
proxy endpoint, before eventually calling the underlying transport constructed
from a user's `kubeconfig`. This allows for pushing and pulling directly to and
from an OCI image registry running in a Kubernetes cluster without having to
expose it publicly or privately. Any user with access to the cluster and
`pods/proxy` RBAC permissions for the registry `Pod` is able to push and pull.
## What Else Can It Do?
Pretty much any of the operations
[`go-containerregistry`](https://github.com/google/go-containerregistry)
supports could also be supported here as the transport is pluggable. I'll likely
move it upstream or offer it as a stand-alone library if there is enough
interest.