baski

module
v0.1.0-beta.6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 12, 2023 License: Apache-2.0

README

Baski - Build And Scan Kubernetes Images

Build on Tag

A binary for building and scanning (with Trivy) a Kubernetes image using the eschercloud-image-builder repo. Once the image has been built, the CVE results will be pushed to GitHub Pages. Simply provide the required GitHub flags/config file, and it will do the rest for you.

Scope

⚠️Currently in beta at the moment.

Supported clouds

Cloud Provider
Openstack

More clouds could be supported but may not be maintained by EscherCloudAI.

EscherCloudAI will put the framework in place to the best of their availability/ability to facilitate more clouds being added.

Usage

Run the binary with a config file or see the help for a list of flags. In the example config, not all fields are required and any fields that are not required are left blank - unless the fields are enabled by a bool, for example in the Nvidia options where none are required if enable-nvidia-support is set to false,

The following are valid locations for the baski.yaml config file are:

/tmp/
/etc/baski/
$HOME/.baski/
More info

For more flags and more info, run baski --help

Running locally

If you wish to run it locally then you can either build the binary and run it, or you can run it in docker by doing the following:

docker build -t baski:v0.0.0 -f docker/Dockerfile .

docker run --name baski -it --rm --env OS_CLOUD=some-cloud -v /path/to/openstack/clouds.yaml:/home/baski/.config/openstack/clouds.yaml -v /path/to/baski.yaml:/tmp/baski.yaml baski:v0.0.0

#Then from in here
baski build / scan / sign
GitHub Pages - Deprecated

You will need to set up your target repo for the GitHub Pages in advanced. It only requires a gh-pages branch for this to work. GitHub Pages should be configured to point to a docs directory as this is where the resulting static site will be placed.

TODO

  • Make this work for more than just Openstack so that it's more useful to the community around the Kubernetes Image Builder?
  • Remove dependency on GitHub Pages in the publish section - have this generate an artifact instead
  • Add metrics/telemetry to the process
  • Create all option to allow whole process?

License

The scripts and documentation in this project are released under the Apache v2 License.

Directories

Path Synopsis
cmd
baski command
hack
check_license command
pkg
cmd
cmd/build
cmd/publish
cmd/scan
cmd/sign
cmd/util/completion
cmd/util/config
cmd/util/data
cmd/util/flags
cmd/util/sign
constants
file
git
openstack
ssh
system
trivy

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.