kubernetes-mimic

module

v0.0.0-...-fde7ecd Latest Latest Go to latest Published: May 4, 2021 License: MIT

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/cryptk/kubernetes-mimic

Links

Open Source Insights

README ¶

kubernetes-mimic

Kubernetes Mimic is a Mutating Webhook that will watch for pod creation and update events in a Kubernetes cluster and automatically adjust their container images to pull from an image mirror as opposed to upstream servers.

It aims to make using an internal image mirror simple and hassle-free. It can even automatically auto-discover configured repository mirrors from Harbor.

This project is still in it's early stages, and as such, documentation is less than ideal.

Integrations

Currently Mimic can only integrate with Harbor for autodiscovery of Proxy Cache projects. When this integration is enabled, Mimic will watch for pods being created with an Image that is pulled from a source that is also available as a public Proxy Cache in Harbor and will update the Image source as necessary to pull the image from the Harbor cache instead.

There are plans to also support Artifactory. Any other desired integrations should be requested by opening an issue

Image building

Mimic can be built into a docker image using all of the normal techniques. Assuming you are wanting a Linux AMD64 Docker image, you can build it with the following command from within the base of the repository.

docker build -t mimic:latest .

Deployment

Currently the deployment is manual, and there are example manifests in the manifests folder. As the project matures, the deployment of Mimic will be handled via Helm ( #14 ).

The process is as follows:

Create a Kubernetes Namespace to deploy Mimic into

kubectl apply -f ./deploy/manifests/namespace

Generate SSL certificates used for communication between the kubernetes API layer and the webhook. Please note that this script presently has no provisions for setting the context or kubeconfig location:

./deploy/scripts/webhook-create-signed-cert.sh --service mimic --secret mimic-certs --namespace mimic

Add the CA Bundle for the generated certificate to the mutating webhook configuration. Please note that this script presently has no provisions for setting the context or kubeconfig location:

./deploy/scripts/webhook-patch-ca-bundle.sh ./deploy/manifests/templates/mutatingwebhookconfiguration.yaml ./deploy/manifests/mutatingwebhookconfiguration-cabundle.yaml

Deploy the rest of the required resources

kubectl apply -f ./deploy/manifests

Configuration

Mimic accepts it's configuration via environment variables.

Variable	Default	Description
MIMIC_LISTENPORT	8443	What port should the Mimic API server listen on
MIMIC_LISTENHOST	"0.0.0.0"	What host should the Mimic API server listen on
MIMIC_LOGLEVEL	"info"	What level should mimic log at. Valid options are trace, debug, info, warn, error, fatal and panic
MIMIC_LOGFORMAT	"text"	What format should the logs be rendered in. Valid options are text, json
MIMIC_CERTIFICATE_SOURCE	kubernetes	Where to load TLS certificates from. Currently the only valid option is "kubernetes" which will load the TLS certificates from a kubernetes secret
MIMIC_WATCHMIRRORS	true	Should sources be watched for updates and new mirrors automatically. Sources that support watching can also be toggled individually
MIMIC_KUBERNETES_ENABLED	true	Should the Kubernetes integration be enabled
MIMIC_KUBERNETES_NAMESPACE	""	What Namespace should Mimic look for it's resources in. If this is not specified, Mimic will attempt to autodiscover what namespace it is in automatically
MIMIC_KUBERNETES_CERTSECRET	"mimic-certs"	The name of the Kubernetes Secret that holds the TLS certificates for the webhook server
MIMIC_KUBERNETES_CONFIGMAP	"mimic-mirrors"	The name of the Kubernetes ConfigMap that holds the mirror configuration. Please see the example configmap
MIMIC_KUBERNETES_WATCH	true	Should Mimic watch the ConfigMap to automatically pull in changes as opposed to requiring an application restart to load new changes
MIMIC_HARBOR_ENABLED	false	Should Mimic attempt to auto-discover docker mirrors configured within a Harbor installation
MIMIC_HARBOR_API_HOST	""	Hostname that Mimic should use for communications with the Harbor API
MIMIC_HARBOR_REGISTRYURL	""	Hostname that Harbor serves it's repository mirrors from. If this is left blank, Mimic will attempt to autodiscover this from the Harbor API
MIMIC_HARBOR_ROBOT_USERNAME	""	Robot account username from Harbor. Needed to autodiscover the Registry URL from the Harbor API
MIMIC_HARBOR_ROBOT_PASSWORD	""	Robot account password from Harbor. Needed to autodiscover the Registry URL from the Harbor API

Testing

If you have docker installed, you can deploy Mimic into a KiND cluster pretty easily with

go run mage.go deploy

and you can then clean everything up with:

go run mage.go clean

if you install mage then you can execute the targets directly with:

mage deploy and mage clean

Feel free to check out the other targets with:

mage -l

Directories ¶

Path	Synopsis
cmd
internal
config Package config manages the configuration options for Mimic.	Package config manages the configuration options for Mimic.
harbor/client
harbor/client/artifact
harbor/client/auditlog
harbor/client/gc
harbor/client/icon
harbor/client/ping
harbor/client/preheat
harbor/client/project
harbor/client/replication
harbor/client/repository
harbor/client/retention
harbor/client/robot
harbor/client/robotv1
harbor/client/scan
harbor/client/scan_all
harbor/client/systeminfo
harbor/models
sources
sources/harbor
sources/kubernetes
utils

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL