CetusGuard is a tool that allows to protect the Docker daemon socket by filtering the calls to its API endpoints.

CetusGuard

CetusGuard is a tool that allows to protect the Docker daemon socket by filtering the calls to its API endpoints.

Some highlights:

  • It is written in a memory safe language.
  • Has a small codebase that can be easily audited.
  • Has zero dependencies to mitigate supply chain attacks.

Docker daemon security

Unless you opt in to rootless mode (which has some limitations), the daemon requires root and any service that has access to its API can escalate privileges.

The daemon by default exposes its API through a non-networked Unix socket that can be restricted by file system permissions and for networked use the daemon supports being exposed over SSH or TCP with TLS client authentication. However, you still have to fully trust any service you give access to its API.

CetusGuard solves this problem by acting as a proxy between the daemon and the services that consume its API, allowing for example read-only access to some endpoints.

Usage

CetusGuard is distributed as a Docker image available on Docker Hub and as a statically linked binary available in the releases section of the project.

A collection of examples for experimenting with CetusGuard, including some real world scenarios with Traefik and Netdata, can be found in the ./examples/ directory.

These are the supported options:

  -backend-addr string
        Container daemon socket to connect to (env CETUSGUARD_BACKEND_ADDR, CONTAINER_HOST, DOCKER_HOST) (default "unix:///var/run/docker.sock")
  -backend-tls-cacert string
        Path to the backend TLS certificate used to verify the daemon identity (env CETUSGUARD_BACKEND_TLS_CACERT)
  -backend-tls-cert string
        Path to the backend TLS certificate used to authenticate with the daemon (env CETUSGUARD_BACKEND_TLS_CERT)
  -backend-tls-key string
        Path to the backend TLS key used to authenticate with the daemon (env CETUSGUARD_BACKEND_TLS_KEY)
  -frontend-addr value
        Address to bind the server to, can be specified multiple times (env CETUSGUARD_FRONTEND_ADDR) (default ["tcp://127.0.0.1:2375"])
  -frontend-tls-cacert string
        Path to the frontend TLS certificate used to verify the identity of clients (env CETUSGUARD_FRONTEND_TLS_CACERT)
  -frontend-tls-cert string
        Path to the frontend TLS certificate (env CETUSGUARD_FRONTEND_TLS_CERT)
  -frontend-tls-key string
        Path to the frontend TLS key (env CETUSGUARD_FRONTEND_TLS_KEY)
  -log-level int
        The minimum entry level to log, from 0 to 7 (env CETUSGUARD_LOG_LEVEL) (default 6)
  -no-builtin-rules
        Do not load the built-in rules (env CETUSGUARD_NO_BUILTIN_RULES)
  -rules value
        Filter rules separated by new lines, can be specified multiple times (env CETUSGUARD_RULES)
  -rules-file value
        Filter rules file, can be specified multiple times (env CETUSGUARD_RULES_FILE)
  -version
        Show version number and quit

Filter rules

By default, only a few common harmless endpoints are allowed, /_ping, /info and /version.

All other endpoints are denied and must be explicitly allowed through a rule syntax defined by the following ABNF grammar:

blank   = ( SP / HTAB )
method  = 1*%x41-5A                             ; HTTP method
methods = method *( "," method )                ; HTTP method list
pattern = 1*UNICODE                             ; Target path regex
rule    = *blank methods 1*blank pattern *blank ; Rule

Only requests that match the specified HTTP methods and target path regex will be allowed.

There are some variables specified by surrounding % that can be used to compose rule patterns, the full list and their values can be found in the rule.go file.

Lines beginning with ! are ignored.

Some example rules are:

! Ping
GET,HEAD %API_PREFIX_PING%

! Get version
GET %API_PREFIX_VERSION%

! Get system information
GET %API_PREFIX_INFO%

! Get data usage information
GET %API_PREFIX_SYSTEM%/df

! Monitor events
GET %API_PREFIX_EVENTS%

! List containers
GET %API_PREFIX_CONTAINERS%/json

! Inspect a container 
GET %API_PREFIX_CONTAINERS%/%CONTAINER_ID_OR_NAME%/json

License

MIT License © Héctor Molinero Fernández.

Owner
Héctor Molinero Fernández
‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜‮؜
Héctor Molinero Fernández
Comments
  • Bump docker/build-push-action from 2 to 3

    Bump docker/build-push-action from 2 to 3

    Bumps docker/build-push-action from 2 to 3.

    Release notes

    Sourced from docker/build-push-action's releases.

    v3.0.0

    • Node 16 as default runtime by @​crazy-max (#564)
      • This requires a minimum Actions Runner version of v2.285.0, which is by default available in GHES 3.4 or later.
    • Standalone mode support by @​crazy-max (#601 #609)
    • chore: update dev dependencies and workflow by @​crazy-max (#571)
    • Bump @​actions/exec from 1.1.0 to 1.1.1 (#573)
    • Bump @​actions/github from 5.0.0 to 5.0.1 (#582)
    • Bump minimist from 1.2.5 to 1.2.6 (#584)
    • Bump semver from 7.3.5 to 7.3.7 (#595)
    • Bump csv-parse from 4.16.3 to 5.0.4 (#533)

    Full Changelog: https://github.com/docker/build-push-action/compare/v2.10.0...v3.0.0

    v2.10.0

    • Add imageid output and use metadata to set digest output (#569)
    • Add build-contexts input (#563)
    • Enhance outputs display (#559)

    v2.9.0

    • add-hosts input (#553 #555)
    • Fix git context subdir example and improve README (#552)
    • Add e2e tests for ACR (#548)
    • Add description on github-token option to README (#544)
    • Bump node-fetch from 2.6.1 to 2.6.7 (#549)

    v2.8.0

    • Allow specifying subdirectory with default git context (#531)
    • Add cgroup-parent, shm-size, ulimit inputs (#501)
    • Don't set outputs if empty or nil (#470)
    • docs: example to sanitize tags with metadata-action (#476)
    • docs: wrong syntax to sanitize repo slug (#475)
    • docs: test before pushing your image (#455)
    • readme: remove v1 section (#500)
    • ci: virtual env file system info (#510)
    • dev: update workflow (#499)
    • Bump @​actions/core from 1.5.0 to 1.6.0 (#160)
    • Bump ansi-regex from 5.0.0 to 5.0.1 (#469)
    • Bump tmpl from 1.0.4 to 1.0.5 (#465)
    • Bump csv-parse from 4.16.0 to 4.16.3 (#451 #459)

    v2.7.0

    • Add metadata output (#412)
    • Bump @​actions/core from 1.4.0 to 1.5.0 (#439)
    • Add note to sanitize tags (#426)
    • Cache backend API docs (#406)
    • Git context now supports subdir (#407)
    • Bump codecov/codecov-action from 1 to 2 (#415)

    v2.6.1

    • Small typo and ensure trimmed output (#400)

    ... (truncated)

    Commits
    • e551b19 Merge pull request #564 from crazy-max/node-16
    • 3554377 Merge pull request #609 from crazy-max/ci-fix-test
    • a62bc1b ci: fix standalone test
    • c208583 Merge pull request #601 from crazy-max/standalone-mode
    • fcd9124 Merge pull request #607 from docker/dependabot/github_actions/docker/metadata...
    • 0ebe720 Bump docker/metadata-action from 3 to 4
    • 38b4580 Standalone mode support
    • ba31738 Merge pull request #533 from docker/dependabot/npm_and_yarn/csv-parse-5.0.4
    • 43721d2 Update generated content
    • 5ea21bf Fix csv-parse implementation since major update
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • Bump docker/login-action from 1 to 2

    Bump docker/login-action from 1 to 2

    ⚠️ Dependabot is rebasing this PR ⚠️

    Rebasing might not happen immediately, so don't worry if this takes some time.

    Note: if you make any changes to this PR yourself, they will take precedence over the rebase.


    Bumps docker/login-action from 1 to 2.

    Release notes

    Sourced from docker/login-action's releases.

    v2.0.0

    • Node 16 as default runtime by @​crazy-max (#161)
      • This requires a minimum Actions Runner version of v2.285.0, which is by default available in GHES 3.4 or later.
    • chore: update dev dependencies and workflow by @​crazy-max (#170)
    • Bump @​actions/exec from 1.1.0 to 1.1.1 (#167)
    • Bump @​actions/io from 1.1.1 to 1.1.2 (#168)
    • Bump minimist from 1.2.5 to 1.2.6 (#176)
    • Bump https-proxy-agent from 5.0.0 to 5.0.1 (#182)

    Full Changelog: https://github.com/docker/login-action/compare/v1.14.1...v2.0.0

    v1.14.1

    • Revert to Node 12 as default runtime to fix issue for GHE users (#160)

    v1.14.0

    • Update to node 16 (#158)
    • Bump @​aws-sdk/client-ecr from 3.45.0 to 3.53.0 (#157)
    • Bump @​aws-sdk/client-ecr-public from 3.45.0 to 3.53.0 (#156)

    v1.13.0

    • Handle proxy settings for aws-sdk (#152)
    • Workload identity based authentication docs for GCR and GAR (#112)
    • Test login against ACR (#49)
    • Bump @​aws-sdk/client-ecr from 3.44.0 to 3.45.0 (#132)
    • Bump @​aws-sdk/client-ecr-public from 3.43.0 to 3.45.0 (#131)

    v1.12.0

    • ECR: only set credentials if username and password are specified (#128)
    • Refactor to use aws-sdk v3 (#128)

    v1.11.0

    • ECR: switch implementation to use the AWS SDK (#126)
    • ecr input to specify whether the given registry is ECR (#123)
    • Test against Windows runner (#126)
    • Update instructions for Google registry (#127)
    • Update dev workflow (#111)
    • Small changes for GHCR doc (#86)
    • Update dev dependencies (#85)
    • Bump ansi-regex from 5.0.0 to 5.0.1 (#101)
    • Bump tmpl from 1.0.4 to 1.0.5 (#100)
    • Bump @​actions/core from 1.4.0 to 1.6.0 (#94 #103)
    • Bump codecov/codecov-action from 1 to 2 (#88)
    • Bump hosted-git-info from 2.8.8 to 2.8.9 (#83)
    • Bump node-notifier from 8.0.0 to 8.0.2 (#82)
    • Bump ws from 7.3.1 to 7.5.0 (#81)
    • Bump lodash from 4.17.20 to 4.17.21 (#80)
    • Bump y18n from 4.0.0 to 4.0.3 (#79)

    v1.10.0

    • GitHub Packages Docker Registry deprecated (#78)

    ... (truncated)

    Commits
    • 49ed152 Merge pull request #161 from crazy-max/node16-runtime
    • b61a9ce Node 16 as default runtime
    • 3a136a8 Merge pull request #182 from docker/dependabot/npm_and_yarn/https-proxy-agent...
    • b312880 Update generated content
    • 795794e Bump https-proxy-agent from 5.0.0 to 5.0.1
    • 1edf618 Merge pull request #179 from docker/dependabot/github_actions/codecov/codecov...
    • 8e66ad4 Bump codecov/codecov-action from 2 to 3
    • 7c79b59 Merge pull request #176 from docker/dependabot/npm_and_yarn/minimist-1.2.6
    • 24a38e0 Bump minimist from 1.2.5 to 1.2.6
    • 70e1ff8 Merge pull request #170 from crazy-max/eslint
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • Bump docker/setup-qemu-action from 1 to 2

    Bump docker/setup-qemu-action from 1 to 2

    Bumps docker/setup-qemu-action from 1 to 2.

    Release notes

    Sourced from docker/setup-qemu-action's releases.

    v2.0.0

    • Node 16 as default runtime by @​crazy-max (#48)
      • This requires a minimum Actions Runner version of v2.285.0, which is by default available in GHES 3.4 or later.
    • chore: update dev dependencies and workflow by @​crazy-max (#43 #47)
    • Bump @​actions/core from 1.3.0 to 1.6.0 (#37 #39 #41)
    • Bump @​actions/exec from 1.0.4 to 1.1.1 (#38 #46)

    Full Changelog: https://github.com/docker/setup-qemu-action/compare/v1.2.0...v2.0.0

    v1.2.0

    • Display image information (#36)
    • Bump @​actions/core from 1.2.7 to 1.3.0 (#35)

    v1.1.0

    • Remove os limitation (#30)
    • Bump @​actions/core from 1.2.6 to 1.2.7 (#29)

    v1.0.2

    • Enhance workflow (#26)
    • Container based developer flow (#19 #20)

    v1.0.1

    • Fix CVE-2020-15228
    Commits
    • 8b12248 Merge pull request #48 from crazy-max/node-16
    • 466d531 Merge pull request #50 from crazy-max/update-readme
    • 607c192 simplify usage example
    • d7849ec Node 16 as default runtime
    • 2d4bfe7 Merge pull request #47 from crazy-max/update-dev
    • 224b802 chore: update dev dependencies and workflow
    • 95bd865 Merge pull request #46 from docker/dependabot/npm_and_yarn/actions/exec-1.1.1
    • cfd091f Bump @​actions/exec from 1.1.0 to 1.1.1
    • d2a6030 Merge pull request #45 from docker/dependabot/github_actions/actions/checkout-3
    • 97dc484 Bump actions/checkout from 2 to 3
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • Bump docker/setup-buildx-action from 1 to 2

    Bump docker/setup-buildx-action from 1 to 2

    Bumps docker/setup-buildx-action from 1 to 2.

    Release notes

    Sourced from docker/setup-buildx-action's releases.

    v2.0.0

    • Node 16 as default runtime by @​crazy-max (#131)
      • This requires a minimum Actions Runner version of v2.285.0, which is by default available in GHES 3.4 or later.

    Full Changelog: https://github.com/docker/setup-buildx-action/compare/v1.7.0...v2.0.0

    v1.7.0

    • Standalone mode by @​crazy-max in (#119)
    • Update dev dependencies and workflow by @​crazy-max (#114 #130)
    • Bump tmpl from 1.0.4 to 1.0.5 (#108)
    • Bump ansi-regex from 5.0.0 to 5.0.1 (#109)
    • Bump @​actions/core from 1.5.0 to 1.6.0 (#110)
    • Bump actions/checkout from 2 to 3 (#126)
    • Bump @​actions/tool-cache from 1.7.1 to 1.7.2 (#128)
    • Bump @​actions/exec from 1.1.0 to 1.1.1 (#129)
    • Bump minimist from 1.2.5 to 1.2.6 (#132)
    • Bump codecov/codecov-action from 2 to 3 (#133)
    • Bump semver from 7.3.5 to 7.3.7 (#136)

    v1.6.0

    • Add config-inline input (#106)
    • Bump @​actions/core from 1.4.0 to 1.5.0 (#104)
    • Bump codecov/codecov-action from 1 to 2 (#101)

    v1.5.1

    • Explicit version spec for caching (#100)

    v1.5.0

    • Allow building buildx from source (#99)

    v1.4.1

    • Fix docker: invalid reference format (#97)

    v1.4.0

    • Update dev deps (#95)
    • Use built-in getExecOutput (#94)
    • Use core.getBooleanInput (#93)
    • Bump @​actions/exec from 1.0.4 to 1.1.0 (#85)
    • Bump y18n from 4.0.0 to 4.0.3 (#91)
    • Bump hosted-git-info from 2.8.8 to 2.8.9 (#89)
    • Bump ws from 7.3.1 to 7.5.0 (#90)
    • Bump @​actions/tool-cache from 1.6.1 to 1.7.1 (#82 #86)
    • Bump @​actions/core from 1.2.7 to 1.4.0 (#80 #87)

    v1.3.0

    • Display BuildKit version (#72)

    v1.2.0

    • Remove os limitation (#71)
    • Add test job for config input (#68)

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • Bump docker/metadata-action from 3 to 4

    Bump docker/metadata-action from 3 to 4

    Bumps docker/metadata-action from 3 to 4.

    Release notes

    Sourced from docker/metadata-action's releases.

    v4.0.0

    • Node 16 as default runtime by @​crazy-max (#176)
      • This requires a minimum Actions Runner version of v2.285.0, which is by default available in GHES 3.4 or later.
    • Do not sanitize before pattern matching by @​crazy-max (#201)
      • Breaking change with type=match pattern matching

    Full Changelog: https://github.com/docker/metadata-action/compare/v3.8.0...v4.0.0

    v3.8.0

    Full Changelog: https://github.com/docker/metadata-action/compare/v3.7.0...v3.8.0

    v3.7.0

    • Handle comments for multi-line inputs (#172)
    • Missing json output in action.yml (#167)
    • Update dev dependencies and workflow (#175)
    • Bump minimist from 1.2.5 to 1.2.6 (#182)
    • Bump moment from 2.29.1 to 2.29.2 (#180)
    • Bump @​actions/github from 5.0.0 to 5.0.1 (#179)
    • Bump node-fetch from 2.6.1 to 2.6.7 (#173)

    v3.6.2

    • Handle raw statement for pre-release (#155 #156)

    v3.6.1

    • Preserve quotes inside unquoted field (#153)

    v3.6.0

    • base_ref global expression (#142)
    • Trim tags and flavor inputs (#143)
    • Bump @​actions/core from 1.5.0 to 1.6.0 (#135)
    • Bump ansi-regex from 5.0.0 to 5.0.1 (#134)
    • Bump tmpl from 1.0.4 to 1.0.5 (#132)
    • Bump csv-parse from 4.16.0 to 4.16.3 (#131)

    v3.5.0

    • Add global expression date (#121)
    • Bump @​actions/core from 1.4.0 to 1.5.0 (#122)

    v3.4.1

    • Only return edge if branch matches (#115)

    v3.4.0

    • PEP 440 support (#108)

    ... (truncated)

    Upgrade guide

    Sourced from docker/metadata-action's upgrade guide.

    Upgrade notes

    v2 to v3

    • Repository has been moved to docker org. Replace crazy-max/[email protected] with docker/[email protected]
    • The default bake target has been changed: ghaction-docker-meta > docker-metadata-action

    v1 to v2

    inputs

    New Unchanged Removed
    tags images tag-sha
    flavor sep-tags tag-edge
    labels sep-labels tag-edge-branch
    tag-semver
    tag-match
    tag-match-group
    tag-latest
    tag-schedule
    tag-custom
    tag-custom-only
    label-custom

    tag-sha

    tags: |
      type=sha
    

    tag-edge / tag-edge-branch

    tags: |
      # default branch
      type=edge
    </tr></table> 
    

    ... (truncated)

    Commits
    • f206c36 Merge pull request #202 from crazy-max/v4-prep
    • a20adfa readme: set metadata-action to v4
    • 26b9439 Merge pull request #201 from crazy-max/fix-sanitization
    • 467883f Merge pull request #176 from crazy-max/node-16
    • 5edf56f Node 16 as default runtime
    • 678218f Note about image name and tag sanitization
    • e44c1fb Do not sanitize before pattern matching
    • See full diff in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
A shields.io API for your youtube channel to protect your api key
A shields.io API for your youtube channel to protect your api key

Youtube-Channel-Badge A shields.io API for your youtube channel to protect your

Dec 23, 2021
An experimental Go application that allows an SSH session to interact with the clipboard of the host machine and forward calls to open

Remote Development Manager An experimental Go application that allows an SSH session to interact with the clipboard of the host machine and forward ca

Apr 14, 2022
nerdctl daemon (Docker API)
nerdctl daemon (Docker API)

nerdctld This is a daemon offering a nerdctl.sock endpoint. It can be used with DOCKER_HOST=unix://nerdctl.sock. Normally the nerdctl tool is a CLI-on

May 3, 2022
This is a POC for a Falco Plugin allowing to gather events from a locale docker daemon.

Docker Events Plugin This is a POC for a Falco Plugin allowing to gather events from a locale docker daemon. ⚠️ This is a POC, don't use in Production

Apr 15, 2022
Monitor - API endpoints for system monitoring

System monitor Golang API for accessing system stats, linux-only $ curl -s http:

Jan 12, 2022
An extensible tool for creating your own in cluster health endpoints

healthyk8s an extensible tool for creating your own "in cluster" health endpoints Why? allows for creating a health endpoint for anything - external r

Oct 26, 2021
ecsk is a CLI tool to interactively use frequently used functions of docker command in Amazon ECS. (docker run, exec, cp, logs, stop)
ecsk is a CLI tool to interactively use frequently used functions of docker command in Amazon ECS. (docker run, exec, cp, logs, stop)

English / 日本語 ecsk ECS + Task = ecsk ?? ecsk is a CLI tool to interactively use frequently used functions of docker command in Amazon ECS. (docker run

May 9, 2022
Tool to convert docker-compose files to set of simple docker commands

docker-decompose Tool to convert docker-compose files to set of simple docker commands. Install Use go get to install the latest version of the librar

Apr 12, 2022
K8s-ingress-health-bot - A K8s Ingress Health Bot is a lightweight application to check the health of the ingress endpoints for a given kubernetes namespace.

k8s-ingress-health-bot A K8s Ingress Health Bot is a lightweight application to check the health of qualified ingress endpoints for a given kubernetes

Jan 2, 2022
Xds - A simple xDS server, distributing Kubernetes service endpoints to clients

xDS Server for gRPC on Kubernetes A simple xDS server, distributing Kubernetes s

Apr 9, 2022
A Docker image that allows you to use Hetzner DNS as a DynDNS Provider

Docker Hetzner DDNS This Docker image will allow you to use the Hetzner DNS Service as a Dynamic DNS Provider (DDNS). How does it work? The Go script

May 7, 2022
Kubernetes Reboot Daemon
Kubernetes Reboot Daemon

kured - Kubernetes Reboot Daemon Introduction Kubernetes & OS Compatibility Installation Configuration Reboot Sentinel File & Period Setting a schedul

May 7, 2022
Bastionzeros Agent and Daemon!

Bzero Bastionzero Bastionzero is a simple to use zero trust access SaaS for dynamic cloud environments. Bastionzero is the most secure way to lock dow

Mar 29, 2022
A proof-of-concept project that makes accessible buildkitd daemon from macOS

buildkit-machine buildkit-machine allows you to make buildkitd daemon accessible in your macOS environment. To do so, it uses lima, which is a Linux s

Apr 28, 2022
Explore Docker registries and manipulate Docker images!
Explore Docker registries and manipulate Docker images!

L/S tags Utility and API to manipulate (analyze, synchronize and aggregate) images across different Docker registries. Example invocation $ lstags alp

Apr 22, 2022
Docker-based remote code runner / 基于 Docker 的远程代码运行器
Docker-based remote code runner / 基于 Docker 的远程代码运行器

Docker-based remote code runner / 基于 Docker 的远程代码运行器

Feb 22, 2022
Hassle-free minimal CI/CD for git repositories with docker or docker-compose projects.
Hassle-free minimal CI/CD for git repositories with docker or docker-compose projects.

GIT-PIPE Hassle-free minimal CI/CD for git repos for docker-based projects. Features: zero configuration for repos by default automatic encrypted back

Oct 8, 2021
Go-http-server-docker - Simple sample server using docker and go

go-http-server-docker Simple sample webserver using docker and go.

Jan 8, 2022
Docker-hub-rate-limit - Show pulling rate status of Docker-hub

Docker-Hub Pull Rate Status This tool shows current status of docker hub pull ra

Jan 28, 2022