kim - The Kubernetes Image Manager
STATUS: EXPERIMENT - Let us know what you think
This project is a continuation of the experiment started with k3c
, however, unlike the original aim/design for k3c
,
it IS NOT meant to be a replacement or re-build of the containerd/CRI.
kim
is a Kubernetes-aware CLI that will install a small builder backend consisting of a BuildKit
daemon bound to the Kubelet's underlying containerd socket (for building images) along with a small server-side agent
that the CLI leverages for image management (think push, pull, etc) rather than talking to the backing containerd/CRI
directly. kim
enables building images locally, natively on your k3s
cluster.
A familiar UX
There really is nothing better than the classic Docker UX of build/push/pull/tag
.
This tool copies the same UX as classic Docker (think Docker v1.12). The intention
is to follow the same style but not be a 100% drop in replacement. Behaviour and
arguments have been changed to better match the behavior of the Kubernetes ecosystem.
A single binary
kim
, similar to k3s
and old school docker, is packaged as a single binary, because nothing is easier for
distribution than a static binary.
Built on Kubernetes Tech (and others)
Fundamentally kim
is a built on the Container Runtime Interface (CRI),
containerd, and buildkit.
Architecture
kim
enables building k3s
-local images by installing a DaemonSet Pod that runs both buildkitd
and kim agent
and exposing the gRPC endpoints for these active agents in your cluster via a Service. Once installed, the kim
CLI
can inspect your installation and communicate with the backend daemons for image building and manipulation with merely
the KUBECONFIG that was available when installing the builder. When building kim
will talk directly to the buildkit
service but all other interactions with the underlying containerd/CRI are mediated by the kim agent
(primarily
because the containerd
"smart client" code assumes a certain level of co-locality with the containerd
installation).
Building
# more to come on this front but builds are currently a very manual affair
# git clone --branch=main https://github.com/rancher/kim.git ~/Projects/rancher/kim
# cd ~/Projects/rancher/kim
go generate # only necessary when modifying the gRPC protobuf IDL, see Dockerfile for pre-reqs
make ORG=<your-dockerhub-org> build publish
Running
Have a working k3s
installation with a working $HOME/.kube/config
or $KUBECONFIG
, then:
# Installation on a single-node cluster is automatic
# Installation on a multi-node cluster, targeting a Node named "my-builder-node"
kim builder install --selector k3s.io/hostname=my-builder-node
kim
currently works against a single builder Node so you must specify a narrow selector when
installing on multi-node clusters. Upon successful installation this node will acquire the "builder" role.
Build images like you would with the Docker CLI:
$ ./bin/kim --help
Kubernetes Image Manager -- in ur kubernetes buildin ur imagez
Usage:
kim [OPTIONS] COMMAND
kim [command]
Examples:
kim image build --tag your/image:tag .
Available Commands:
builder Manage Builder(s)
help Help about any command
image Manage Images
Images Shortcuts:
build Build an image
images List images
pull Pull an image
push Push an image
rmi Remove an image
tag Tag an image
Flags:
-x, --context string kubeconfig context for authentication
--debug
--debug-level int
-h, --help help for kim
-k, --kubeconfig string kubeconfig for authentication
-n, --namespace string namespace (default "kube-image")
-v, --version version for kim
Use "kim [command] --help" for more information about a command.
Roadmap
- Automated functional/integration tests to be invoked from CI to catch/prevent regressions.
- Image export/import, save/load functionality.
- Smarter automatic-ish bootstrap for non-k3s installations (think EKS support)
- Scheduling image content to non-builder (or simply, other) nodes in the cluster
License
Copyright (c) 2020-2021 Rancher Labs, Inc.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.