martinclaus / image-registry-checker Goto Github PK
View Code? Open in Web Editor NEWWebservice to check is a container image exists in a registry
License: MIT License
Webservice to check is a container image exists in a registry
License: MIT License
Deploying this application as a Kubernetes service basically works,
---
apiVersion: v1
kind: Namespace
metadata:
name: registry-checker
---
apiVersion: v1
kind: Pod
metadata:
name: registry-checker
namespace: registry-checker
labels:
app.kubernetes.io/name: registry-checker
spec:
nodeSelector:
node.kubernetes.io/microk8s-controlplane: microk8s-controlplane
containers:
- name: registry-checker
image: image-registry-checker-v2023.05.09
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: registry-nodeport-service
namespace: registry-checker
spec:
type: NodePort
selector:
app.kubernetes.io/name: registry-checker
ports:
- protocol: TCP
port: 8080
nodePort: 31385
targetPort: 80
but not if a proper pod/container security context is applied,
---
apiVersion: v1
kind: Pod
metadata:
name: registry-checker
namespace: registry-checker
labels:
app.kubernetes.io/name: registry-checker
spec:
nodeSelector:
node.kubernetes.io/microk8s-controlplane: microk8s-controlplane
securityContext:
runAsUser: 1001
runAsGroup: 1001
runAsNonRoot: true
containers:
- name: registry-checker
image: image-registry-checker-v2023.05.09
ports:
- containerPort: 80
protocol: TCP
which causes the following startup error,
$ microk8s kubectl logs registry-checker -n registry-checker
2023-05-10T09:06:38.967Z INFO image_registry_checker > Cannot read environment from .env: path not found
thread 'main' panicked at 'error binding to 0.0.0.0:80: error creating server listener: Permission denied (os error 13)', /usr/local/cargo/registry/src/github.com-1ecc6299db9ec823/warp-0.3.3/src/server.rs:213:27
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
Would it be possible to come up with an implementation that runs as non root user as well? Otherwise I probably need to fiddle with Linux capabilities. ๐ค I am not familiar with Rust, but I think the chosen socket approach is the problem.
The reason for non-zero exit codes of crane should be logged to provide more insight into the reason why looking up an image might fail. See #3 for a case in point where this might be useful.
Include scanning for vulnerabilities in the CI pipeline, e.g. using trivy.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.