Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/sighupio/fury-distribution-container-image-sync
This is a simple mechanism that pulls and pushes container images based on a configuration file (yaml).
https://github.com/sighupio/fury-distribution-container-image-sync
container-images docker fury-distribution registry skopeo
Last synced: about 1 month ago
JSON representation
This is a simple mechanism that pulls and pushes container images based on a configuration file (yaml).
- Host: GitHub
- URL: https://github.com/sighupio/fury-distribution-container-image-sync
- Owner: sighupio
- Created: 2021-01-05T11:00:28.000Z (almost 4 years ago)
- Default Branch: main
- Last Pushed: 2024-11-14T16:32:27.000Z (about 1 month ago)
- Last Synced: 2024-11-14T16:33:28.592Z (about 1 month ago)
- Topics: container-images, docker, fury-distribution, registry, skopeo
- Language: Shell
- Homepage:
- Size: 7.6 MB
- Stars: 4
- Watchers: 10
- Forks: 1
- Open Issues: 4
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
Kubernetes Fury Distribution
Container Image Sync
# Table of contents
- [Introduction](#introduction)
- [How it works](#how-it-works)
- [Automated sync execution](#automated-sync-execution)
- [Vulnerability detection and patching](#vulns-detect-and-patch)
## Introduction
This is a simple mechanism that pulls and pushes or builds container images based on a configuration file (`yaml`).
The main goal for this repository is to have a central location used to sync on our public SIGHUP registry all the
upstream images used by all the Fury modules.
The goal of this repository is twofold: build custom images and sync upstream ones used by all the Fury modules on
our public SIGHUP registry.
Features:
- Configurable via YAML files
- Build custom images
- Skips images if the layers between src and dest are the same using `skopeo`
- Everything is executed with bash script `single_sync_v3.sh` that by default will sync all image architectures
- Execute the vulnerability detection and patching of synced images with amd64 and arm64 architectures
## How it works
Inside the folder `modules/` there is a subfolder for each KFD module with an `images.yml` file.
Each `images.yml` file has to have a root attribute: `images` and its value is an array of objects:
```yaml
- name: # Simple description of the image
source: # Source image. Where to pull the image
tag: # Tags to sync
- "xxx"
destination:
- # Destination registry
```
or (when building):
```yaml
- name: # Simple description of the image
source: # Local name used by the newly built image
build: # Build parameters
context: # Path where the Dockerfile is stored (relative to images.yml file)
args: # Build arguments
- name: # Build argument name
value: # Build argument value
tag: # New image tag
- "xxx"
destination:
- # Destination registry
```
Example `images.yml`:
```yaml
- name: Alpine
source: docker.io/library/alpine
tag:
- "3"
- "3.12"
- "3.13"
- "3.14"
destinations:
- registry.sighup.io/fury/alpine
- name: Grafana
source: grafana
build:
context: custom/grafana
args:
- name: GF_INSTALL_PLUGINS
value: grafana-piechart-panel
tag:
- "8.5.5"
destinations:
- registry.sighup.io/fury/grafana/grafana
```
This automation runs once a day: `"0 2 * * *"` and every time someone pushes to the `main` branch.
## Vulnerability detection and patching
The reports of vulnerability scanning and patching are available in the dedicate [worflow run](https://github.com/sighupio/fury-distribution-container-image-sync/actions/workflows/cve-scan-and-patching.yml) page.
On each `workflow run`, navigate to the **Artefacts** section where you can find:
- the `cve-reports-vX.Y.Z` artefact (zip file) that includes the pre patching and post patching vulnerabilities reports for KFD version `X.Y.Z`.
- the `cve-patch-reports-by-image` artefact (zip file) that includes the patching report by image for all the images used in all the supported KFD versions.