levias

module
v0.0.0-...-8568c7b Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 30, 2024 License: Apache-2.0

README

levias

Proof-of-concept running docker-in-docker without priviledge in Kubernetes.

Currently Pods use privilege: true in order to talk to the host to attach containers to the current pod. Ephemeral containers (stable as of k8s 1.25) gives us a mechanism to have a similar behavior using k8s API primatives.

Levias provides an alternative [moby(https://github.com/moby/moby/blob/master/api/README.md)] implementation that:

  1. Wraps the the buildkit TCP API implementation with OIDC credentials
  2. Implements a server that transforms buildkit API requests to ephemeral containers.
sequenceDiagram
    participant Pod
    participant Client as Levias Client
    Pod->>Client: docker run
    Client->>Client: Add OIDC creds
    Client->>Controller: docker run
    participant Controller as Levias Controller
    Controller->>Controller: Verify OIDC
    Controller->>Pod: Attach ephemeral container

Directories

Path Synopsis
pkg
token

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.