hasheddan/k8scr

Stars
114
Rank 301,969 (Top 7 %)
Language
Go
License
Apache License 2.0
Created about 3 years ago
Updated over 1 year ago

hasheddan/k8scr

hasheddan

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Kubernetes Container Registry

k8scr

A kubectl plugin for pushing OCI images through the Kubernetes API server.

Quickstart

Build k8scr

make build

Move to location in PATH

sudo mv ./build/k8scr /usr/local/bin/kubectl-k8scr

Deploy simple in-memory registry into cluster

kubectl apply -f distribution.yaml

Optional: tail logs to observe results of next step with kubectl logs k8scr -f.

Push image to registry

kubectl k8scr push crossplane/crossplane:v1.2.1

Usage

Usage: k8scr <command>

Push and pull images through the Kubernetes API server.

Flags:
  -h, --help                   Show context-sensitive help.
      --kubeconfig=STRING      Override default kubeconfig path.
  -n, --namespace="default"    Namespace of registry Pod.
  -r, --registry="k8scr"       Name of registry Pod.

Commands:
  push <image>

  pull <image>

How Does This Work?

k8scr uses go-containerregistry to push and pull images, but passes in an http.RoundTripper that reconstructs OCI distribution compliant requests so that they pass through the Kubernetes API server Pod proxy endpoint, before eventually calling the underlying transport constructed from a user's kubeconfig. This allows for pushing and pulling directly to and from an OCI image registry running in a Kubernetes cluster without having to expose it publicly or privately. Any user with access to the cluster and pods/proxy RBAC permissions for the registry Pod is able to push and pull.

What Else Can It Do?

Pretty much any of the operations go-containerregistry supports could also be supported here as the transport is pluggable. I'll likely move it upstream or offer it as a stand-alone library if there is enough interest.

veneer

A library for representing OCI image layers in an abstract filesystem

k8s-cr-validator

@kubernetes custom resource validation example

crisscross

@crossplane Providers as a Function (PaaF)

crossfaas

fpgk8s

The easiest way to use FPGAs on @kubernetes.

crossplane-offline

A set of tools and documentation for learning @crossplane without a network connection.

vault-plugin-secrets-covert

An example HashiCorp Vault plugin for storing secrets in a Go map.

crank

The next generation package manager for @crossplane

waterlooContracts

kc-provider-github

@github provider for @crossplane - Kubecon NA 2020

danielmangum.com

crossflux

@crossplane and @fluxcd

HashedDan.github.io

athodyd

Table-driven integration tests for Kubernetes controllers and CustomResourceDefinitions.

stack-kubernetes-remote

security-context

An examination of (almost) every possible configuration of Kubernetes security context. (WIP)

crosscd-archive

Infrastructure environments continuously deployed by @crossplaneio

certainly

can i haz certs? certainly!

my-org

Cloud Native Platform for MyOrg.

cignal

lucidball

airtable-go

Go client for the Airtable Standard API

xp-package-ports

Ports of @crossplane packages to the v2 format.

quisc

A QUIC implementation in RISC-V assembly

kaboose

zigsbi

Rust implementation of @riscv Service Binary Interface

crocket

CoAP Over WebSockets Forward-Proxy

capi-configs

@crossplane configuration packages for @kubernetes-sigs CAPI

k8s-rust-mutating-webhook

An example of writing a @kubernetes mutating webhook in @rust-lang.

podslate

The universal podcast URL translator.

tepl

Tweet Eval Print Loop

stream-build-on-upbound

banterzone-media

stack-cluster-api

A Crossplane stack for provisioning and connecting to new Kubernetes clusters using the Cluster API project

riside

A @riscv IDE in the browser.

zicoprobe

picoprobe, but @zephyrproject-rtos