Kubernetes Container Registry

k8scr

A kubectl plugin for pushing OCI images through the Kubernetes API server.

Quickstart

  1. Build kubectl-k8scr
make build
  1. Move to location in PATH
sudo mv ./kubectl-k8scr /usr/local/bin
  1. Deploy simple in-memory registry into cluster
kubectl apply -f distribution.yaml

Optional: tail logs to observe results of next step with kubectl logs k8scr -f.

  1. Push image to registry
kubectl k8scr push crossplane/crossplane:v1.2.1

Usage

Usage: k8scr <command>

Push and pull images through the Kubernetes API server.

Flags:
  -h, --help                   Show context-sensitive help.
      --kubeconfig=STRING      Override default kubeconfig path.
  -n, --namespace="default"    Namespace of registry Pod.
  -r, --registry="k8scr"       Name of registry Pod.

Commands:
  push <image>

  pull <image>

How Does This Work?

k8scr uses go-containerregistry to push and pull images, but passes in an http.RoundTripper that reconstructs OCI distribution compliant requests so that they pass through the Kubernetes API server Pod proxy endpoint, before eventually calling the underlying transport constructed from a user's kubeconfig. This allows for pushing and pulling directly to and from an OCI image registry running in a Kubernetes cluster without having to expose it publicly or privately. Any user with access to the cluster and pods/proxy RBAC permissions for the registry Pod is able to push and pull.

What Else Can It Do?

Pretty much any of the operations go-containerregistry supports could also be supported here as the transport is pluggable. I'll likely move it upstream or offer it as a stand-alone library if there is enough interest.

Owner
Daniel Mangum
A complex system that works is invariably found to have evolved from a simple system that worked.
Daniel Mangum
https://github.com/hasheddan/k8scr
Comments
  • What does -load mean in the image directive in the makefile?

    What does -load mean in the image directive in the makefile? 

    image:
	@docker build . -f distribution.Dockerfile -t hasheddan/k8scr-distribution:latest --load

    What does -load mean in the image directive in the makefile? 🔼

  • 403 forbidden in gke cluster

    403 forbidden in gke cluster

    I am getting a 403 forbidden access on trying to push to registry (distribution) deployed in a gke cluster. However, same setup works fine on a kind cluster. Do I need to define any specific rbac rules here?

    gke version: 1.22.8-gke.202

  • Thanks for your project, little questions here

    Thanks for your project, little questions here

    Hi, i am a beginner in kubernetes. Thanks for your project, I learned that K8S-API-Server has a Proxy feature. I read the source code of this project and drew the diagram of its implementation. Do I understand it correctly?

    1111111
  • Setup initial CI and build pipeline

    Setup initial CI and build pipeline

    Sets up an initial CI and build pipeline. Artifacts are uploaded alongside the action run after build. Does not yet support building the distribution image or any release activities.

  • Use with containerd

    Use with containerd

    Hi, it seems that this project has a dependency on docker that I cannot run in my organisation. Any chance for supporting containerd? My use-case is local crossplane package development on m1 Mac.

  • Make binaries avaiable

    Make binaries avaiable

    I would like to write a guide that leverages k8scr to make Crossplane fully offline available. With the current setup users would need to clone this repo and run make build. I would like to simplify the setup that it doesn't involve any go build or make build. A simple script to curl would be fine.

  • Usage with external registry

    Usage with external registry

    I am running an instance of harbor on a VM outside my cluster, I can't go around that. Also, I have a few ci pipelines that use kaniko as a way to build and push images. Is there a way to use this project to replicate the push function of kaniko (without docker-daemon)? My team has been looking for an alternative for a while.

    Thank you very much for this project.

  • Is this useful?

    Is this useful?

    I wrote k8scr quickly as a way to get OCI images into registries running in Kubernetes clusters because it was relevant to work I do with Crossplane. However, I imagine it could be generally useful for folks, and some have already shown interest. There are a variety of ways the scope of this project could be expanded, such as making the in-cluster registry component a little more automated (i.e. automatically deploy tiny temporary registry just to get image to whatever its final destination in the cluster is). Anyway, I am happy to expand / maintain this project if folks find it useful, so I would love to get some feedback as to what people want to see and how they may be using it already. Feel free to comment below or, if necessary, reach out privately to @hasheddan.

Related tags
DevOps Tools go kubernetes cli kubectl
Kubernetes Container Registry

k8scr A kubectl plugin for pushing OCI images through the Kubernetes API server. Quickstart Build kubectl-k8scr make build Move to location in PATH s

Dec 15, 2022
Kubernetes controller for backing up public container images to our own registry repository

image-clone-controller Kubernetes controller which watches applications (Deployment and DaemonSet) and "caches" the images (public container images) b

Aug 28, 2022
Container Registry Synchronization made easy and fast

?? booster - Makes synchronization of container images between registries faster.

May 12, 2022
Returns which registry from the container image name

Returns which registry from the container image name

Jan 23, 2022
KEDA is a Kubernetes-based Event Driven Autoscaling component. It provides event driven scale for any container running in Kubernetes
KEDA is a Kubernetes-based Event Driven Autoscaling component. It provides event driven scale for any container running in Kubernetes

Kubernetes-based Event Driven Autoscaling KEDA allows for fine-grained autoscaling (including to/from zero) for event driven Kubernetes workloads. KED

Jan 7, 2023
Moby Project - a collaborative project for the container ecosystem to assemble container-based systems
 Moby Project - a collaborative project for the container ecosystem to assemble container-based systems

The Moby Project Moby is an open-source project created by Docker to enable and accelerate software containerization. It provides a "Lego set" of tool

Jan 8, 2023
Boxygen is a container as code framework that allows you to build container images from code

Boxygen is a container as code framework that allows you to build container images from code, allowing integration of container image builds into other tooling such as servers or CLI tooling.

Dec 13, 2021
Amazon ECS Container Agent: a component of Amazon Elastic Container Service
 Amazon ECS Container Agent: a component of Amazon Elastic Container Service

Amazon ECS Container Agent The Amazon ECS Container Agent is a component of Amazon Elastic Container Service (Amazon ECS) and is responsible for manag

Dec 28, 2021
The Container Storage Interface (CSI) Driver for Fortress Block Storage This driver allows you to use Fortress Block Storage with your container orchestrator

fortress-csi The Container Storage Interface (CSI) Driver for Fortress Block Storage This driver allows you to use Fortress Block Storage with your co

Jan 23, 2022
Kubernetes OS Server - Kubernetes Extension API server exposing OS configuration like sysctl via Kubernetes API

KOSS is a Extension API Server which exposes OS properties and functionality using Kubernetes API, so it can be accessed using e.g. kubectl. At the moment this is highly experimental and only managing sysctl is supported. To make things actually usable, you must run KOSS binary as root on the machine you will be managing.

May 19, 2021
k8s-image-swapper Mirror images into your own registry and swap image references automatically.
 k8s-image-swapper Mirror images into your own registry and swap image references automatically.

k8s-image-swapper Mirror images into your own registry and swap image references automatically. k8s-image-swapper is a mutating webhook for Kubernetes

Dec 27, 2022
Solana Token Registry - a package that allows application to query for list of tokens

Please note: This repository is being rebuilt to accept the new volume of token additions and modifications. PR merges will be delayed. @solana/spl-to

Jan 16, 2022
A tool to check whether docker images exist in the remote registry.

Check Docker Image A tool to check whether docker images exist in the remote registry. Build project: go build -o check-image . Example usage: REGISTR

Jul 26, 2022
Common Image Registry for Testcontainers-Go
 Common Image Registry for Testcontainers-Go

Testcontainers-Go Common Image Registry Common Image Registry for Testcontainers-Go Prerequisites Go >= 1.16 Install go get github.com/nhatthm/testcon

Dec 15, 2022
Service registry/discovery implementation in Go.

go-service-registry Availabe endpoints : GET http://localhost:3000/ --> Dashboard GET http://localhost:3000/services/[serviceName] --> Get available

Feb 11, 2022
Terraform-in-Terraform: Execute Modules directly from the Terraform Registry

Terraform-In-Terraform Provider This provider allows running Terraform in Terraform. This might seem insane but there are some edge cases where it com

Dec 25, 2022
⎈ Multi pod and container log tailing for Kubernetes

stern Stern allows you to tail multiple pods on Kubernetes and multiple containers within the pod. Each result is color coded for quicker debugging. T

Nov 7, 2022
El Carro is a new project that offers a way to run Oracle databases in Kubernetes as a portable, open source, community driven, no vendor lock-in container orchestration system. El Carro provides a powerful declarative API for comprehensive and consistent configuration and deployment as well as for real-time operations and monitoring.

El Carro: The Oracle Operator for Kubernetes Run Oracle on Kubernetes with El Carro El Carro is a new project that offers a way to run Oracle database

Jan 7, 2023
A toolbox for debugging docker container and kubernetes with web UI.
 A toolbox for debugging docker container and kubernetes with web UI.

A toolbox for debugging Docker container and Kubernetes with visual web UI. You can start the debugging journey on any docker container host! You can

Oct 20, 2022