├── .circleci
└── config.yml
├── .github
├── ISSUE_TEMPLATE
│ ├── bug_report.md
│ └── issue.md
├── actions
│ ├── build_ceph
│ │ └── action.yaml
│ ├── build_envoy
│ │ └── action.yaml
│ ├── build_push
│ │ └── action.yaml
│ ├── prepare_build_params
│ │ └── action.yaml
│ ├── prepare_matrix
│ │ └── action.yaml
│ ├── setup
│ │ └── action.yaml
│ └── trivy_scan
│ │ └── action.yaml
└── workflows
│ ├── main.yaml
│ └── update.yaml
├── .gitignore
├── LICENSE
├── README.md
├── admission
├── .dockerignore
├── .gitignore
├── Dockerfile
├── Makefile
├── PROJECT
├── README.md
├── TAG
├── cmd
│ ├── root.go
│ └── run.go
├── config
│ ├── certmanager
│ │ ├── certificate.yaml
│ │ ├── kustomization.yaml
│ │ └── kustomizeconfig.yaml
│ ├── crd
│ │ └── bases
│ │ │ └── .gitignore
│ ├── default
│ │ ├── kustomization.yaml
│ │ ├── manager_auth_proxy_patch.yaml
│ │ └── manager_config_patch.yaml
│ ├── manager
│ │ ├── controller_manager_config.yaml
│ │ ├── kustomization.yaml
│ │ └── manager.yaml
│ ├── prometheus
│ │ ├── kustomization.yaml
│ │ └── monitor.yaml
│ ├── rbac
│ │ ├── auth_proxy_client_clusterrole.yaml
│ │ ├── auth_proxy_role.yaml
│ │ ├── auth_proxy_role_binding.yaml
│ │ ├── auth_proxy_service.yaml
│ │ ├── kustomization.yaml
│ │ ├── leader_election_role.yaml
│ │ ├── leader_election_role_binding.yaml
│ │ ├── role.yaml
│ │ └── role_binding.yaml
│ └── webhook
│ │ └── manifests.yaml
├── docs
│ └── configuration.md
├── go.mod
├── go.sum
├── hack
│ └── boilerplate.go.txt
├── hooks
│ ├── config.go
│ ├── const.go
│ ├── mutate_httpproxy.go
│ ├── mutate_httpproxy_test.go
│ ├── mutate_pod.go
│ ├── mutate_pod_test.go
│ ├── suite_test.go
│ ├── validate_application.go
│ ├── validate_application_test.go
│ ├── validate_delete.go
│ ├── validate_delete_test.go
│ ├── validate_deployment_replica_count.go
│ ├── validate_deployment_replica_count_scale.go
│ ├── validate_deployment_replica_count_scale_test.go
│ ├── validate_deployment_replica_count_test.go
│ ├── validate_grafanadashboard.go
│ ├── validate_grafanadashboard_test.go
│ ├── validate_httpproxy.go
│ ├── validate_httpproxy_test.go
│ ├── validate_pod.go
│ ├── validate_pod_test.go
│ ├── validate_preventdelete.go
│ └── validate_preventdelete_test.go
└── main.go
├── alertmanager
├── .dockerignore
├── Dockerfile
├── README.md
└── TAG
├── alloy
├── Dockerfile
├── README.md
├── TAG
└── force-flush-partial-line.patch
├── argo-rollouts
├── .dockerignore
├── Dockerfile
├── README.md
└── TAG
├── argocd-image-updater
├── .dockerignore
├── Dockerfile
├── README.md
└── TAG
├── argocd
├── .dockerignore
├── BRANCH
├── Dockerfile
├── README.md
└── TAG
├── bird
├── .dockerignore
├── BRANCH
├── Dockerfile
├── README.md
├── TAG
└── bird-copyright
├── blackbox_exporter
├── .dockerignore
├── Dockerfile
└── TAG
├── bmc-log-collector
├── BRANCH
├── Dockerfile
├── Makefile
├── README.md
├── TAG
├── bmc-user.go
├── bmc-user_test.go
├── docs
│ └── design.md
├── go.mod
├── go.sum
├── log-collector.go
├── log-collector_test.go
├── log-pointer.go
├── log-pointer_test.go
├── machines-list.go
├── machines-list_test.go
├── main.go
├── main_test.go
├── metrics.go
├── metrics_test.go
├── request-to-bmc.go
├── request-to-bmc_test.go
├── suite_test.go
├── test_helper.go
└── testdata
│ ├── configmap
│ ├── damaged.json
│ ├── empty.json
│ ├── log-collector-test.json
│ ├── machines-list-test.json
│ ├── serverlist-1.json
│ ├── serverlist-2.json
│ ├── serverlist-3.json
│ ├── serverlist.json
│ └── serverlist2.json
│ ├── etc
│ ├── bmc-user-error.json
│ └── bmc-user.json
│ ├── output_log_collector
│ └── 683FPQ3
│ ├── redfish_response
│ ├── 483FPQ3-1.json
│ ├── 483FPQ3-2.json
│ ├── 483FPQ3-3.json
│ ├── 483FPQ3-4.json
│ ├── 483FPQ3-5.json
│ ├── 683FPQ3-1.json
│ ├── 683FPQ3-2.json
│ ├── 683FPQ3-3.json
│ ├── HN3CLP3-1.json
│ ├── HN3CLP3-2.json
│ ├── HN3CLP3-3.json
│ ├── J7N6MW3-1.json
│ ├── J7N6MW3-2.json
│ ├── J7N6MW3-3.json
│ ├── JQ5M8K3-1.json
│ ├── JQ5M8K3-2.json
│ └── JQ5M8K3-3.json
│ └── ssl
│ ├── localCA.crt
│ ├── localCA.csr
│ ├── localCA.key
│ ├── localCA.srl
│ ├── localhost.crt
│ ├── localhost.csr
│ ├── localhost.csx
│ └── localhost.key
├── bmc-reverse-proxy
├── Dockerfile
├── Makefile
├── README.md
├── TAG
├── bmc-reverse-proxy.yaml
├── go.mod
├── go.sum
└── pkg
│ └── bmc-reverse-proxy
│ ├── main.go
│ └── main_test.go
├── bpf-map-pressure-exporter
├── .dockerignore
├── Dockerfile
├── Makefile
├── README.md
├── TAG
├── collector.go
├── collector_test.go
├── config.go
├── config_test.go
├── fetcher.go
├── fetcher_test.go
├── go.mod
├── go.sum
├── log.go
├── main.go
├── main_test.go
└── testdata
│ ├── config.yaml
│ ├── invalid.yaml
│ └── no-fetch-interval.yaml
├── bpftrace
├── .gitignore
├── Dockerfile
├── Makefile
└── TAG
├── cadvisor
├── .dockerignore
├── Dockerfile
├── README.md
└── TAG
├── cep-checker
├── .gitignore
├── Dockerfile
├── Makefile
├── README.md
├── TAG
├── e2e
│ ├── Makefile
│ ├── cep-checker.yaml
│ ├── curl.yaml
│ ├── job.yaml
│ ├── kind.yaml
│ ├── pod.yaml
│ ├── run_test.go
│ └── suite_test.go
├── go.mod
├── go.sum
└── main.go
├── ceph-extra-exporter
├── Dockerfile
├── Makefile
├── README.md
├── TAG
├── collector.go
├── collector_test.go
├── executer.go
├── executer_test.go
├── go.mod
├── go.sum
├── log.go
├── main.go
├── main_test.go
└── testdata
│ ├── autoscale_status.json
│ ├── bucket_stats.json
│ └── osd_df.json
├── ceph
├── .dockerignore
├── BRANCH
├── Dockerfile
├── README.md
├── TAG
├── build.sh
└── exporter.patch
├── cephcsi
├── BRANCH
├── Dockerfile
└── TAG
├── cert-manager
├── .dockerignore
├── BRANCH
├── Dockerfile
├── README.md
└── TAG
├── chrony
├── .dockerignore
├── BRANCH
├── Dockerfile
├── README.md
├── TAG
└── chrony.conf.example
├── cilium-certgen
├── .dockerignore
├── BRANCH
├── Dockerfile
├── README.md
└── TAG
├── cilium-operator-generic
├── .dockerignore
├── BRANCH
├── Dockerfile
├── README.md
└── TAG
├── cilium
├── .dockerignore
├── .gitignore
├── BRANCH
├── Dockerfile
├── Makefile
├── README.md
├── TAG
└── e2e
│ ├── Makefile
│ └── values.yaml
├── configmap-reload
├── .dockerignore
├── Dockerfile
├── README.md
└── TAG
├── contour
├── .dockerignore
├── BRANCH
├── Dockerfile
├── README.md
└── TAG
├── coredns
├── .dockerignore
├── BRANCH
├── Dockerfile
├── README.md
└── TAG
├── csa_update.svg
├── csi-addons-controller
├── BRANCH
├── Dockerfile
└── TAG
├── csi-addons-sidecar
├── BRANCH
├── Dockerfile
└── TAG
├── csi-attacher
├── BRANCH
├── Dockerfile
└── TAG
├── csi-node-driver-registrar
├── BRANCH
├── Dockerfile
└── TAG
├── csi-provisioner
├── BRANCH
├── Dockerfile
└── TAG
├── csi-resizer
├── BRANCH
├── Dockerfile
└── TAG
├── csi-snapshotter
├── BRANCH
├── Dockerfile
└── TAG
├── dex
├── .dockerignore
├── BRANCH
├── Dockerfile
├── README.md
└── TAG
├── envoy
├── .dockerignore
├── BRANCH
├── Dockerfile
├── Makefile
├── README.md
├── TAG
├── envoy.yaml
├── go.mod
├── go.sum
└── pkg
│ └── probe
│ ├── cmd
│ ├── root.go
│ └── root_test.go
│ └── main.go
├── etcd
├── .dockerignore
├── BRANCH
├── Dockerfile
├── README.md
├── TAG
└── install-tools
├── external-dns
├── .dockerignore
├── Dockerfile
├── README.md
└── TAG
├── fluent-bit
├── .dockerignore
├── Dockerfile
├── README.md
└── TAG
├── generate_matrix
├── golang-all
├── golang-1.22-jammy
│ ├── .dockerignore
│ ├── BRANCH
│ ├── Dockerfile
│ ├── NO_TAG_BRANCH_CONSISTENCY
│ ├── README.md
│ └── TAG
├── golang-1.22-noble
│ ├── .dockerignore
│ ├── BRANCH
│ ├── Dockerfile
│ ├── NO_TAG_BRANCH_CONSISTENCY
│ ├── README.md
│ └── TAG
├── golang-1.23-jammy
│ ├── .dockerignore
│ ├── BRANCH
│ ├── Dockerfile
│ ├── NO_TAG_BRANCH_CONSISTENCY
│ ├── README.md
│ └── TAG
├── golang-1.23-noble
│ ├── .dockerignore
│ ├── BRANCH
│ ├── Dockerfile
│ ├── NO_TAG_BRANCH_CONSISTENCY
│ ├── README.md
│ └── TAG
├── golang-1.24-jammy
│ ├── .dockerignore
│ ├── BRANCH
│ ├── Dockerfile
│ ├── NO_TAG_BRANCH_CONSISTENCY
│ ├── README.md
│ └── TAG
└── golang-1.24-noble
│ ├── .dockerignore
│ ├── BRANCH
│ ├── Dockerfile
│ ├── NO_TAG_BRANCH_CONSISTENCY
│ ├── README.md
│ └── TAG
├── gorush
├── .dockerignore
├── BRANCH
├── Dockerfile
├── README.md
└── TAG
├── grafana-operator
├── Dockerfile
├── README.md
├── TAG
└── grafana-status-fix.patch
├── grafana
├── .dockerignore
├── Dockerfile
├── README.md
└── TAG
├── haproxy
├── .dockerignore
├── BRANCH
├── Dockerfile
├── README.md
├── TAG
└── docker-entrypoint.sh
├── heartbeat
├── .gitignore
├── Dockerfile
├── Makefile
├── TAG
├── go.mod
├── go.sum
└── main.go
├── hubble-relay
├── .dockerignore
├── BRANCH
├── Dockerfile
├── Makefile
├── README.md
└── TAG
├── hubble-ui
├── .gitignore
├── BRANCH
├── Dockerfile
├── Makefile
├── README.md
└── TAG
├── hubble
├── BRANCH
├── Dockerfile
├── README.md
└── TAG
├── kube-metrics-adapter
├── Dockerfile
├── README.md
└── TAG
├── kube-state-metrics
├── .dockerignore
├── Dockerfile
├── README.md
└── TAG
├── kube-storage-version-migrator
├── .dockerignore
├── Dockerfile
├── README.md
└── TAG
├── kubernetes
├── .dockerignore
├── BRANCH
├── Dockerfile
├── README.md
└── TAG
├── kubernetes_update.svg
├── local-pv-provisioner
├── .dockerignore
├── .gitignore
├── Dockerfile
├── Makefile
├── PROJECT
├── README.md
├── TAG
├── cmd
│ ├── root.go
│ └── run.go
├── config
│ └── rbac
│ │ └── role.yaml
├── controllers
│ ├── deleter.go
│ ├── deleter_test.go
│ ├── device_detector.go
│ ├── device_detector_test.go
│ ├── fs.go
│ ├── fs_test.go
│ ├── local_device.go
│ ├── local_device_test.go
│ ├── persistent_volume.go
│ ├── persistent_volume_test.go
│ └── suite_test.go
├── e2etest
│ ├── Makefile
│ ├── ci-setup-kvm.sh
│ ├── suite_test.go
│ └── testdata
│ │ ├── local-pv-provisioner.yaml
│ │ ├── test-pod-block.yaml
│ │ └── test-pod-fs.yaml
├── go.mod
├── go.sum
├── hack
│ └── boilerplate.go.txt
└── main.go
├── loki
├── Dockerfile
├── README.md
├── TAG
└── log-per-chunk-flush.patch
├── machines-endpoints
├── Dockerfile
├── Makefile
├── README.md
├── TAG
├── go.mod
├── go.sum
├── machines-endpoints.yaml
└── pkg
│ └── machines-endpoints
│ ├── main.go
│ └── main_test.go
├── maintenance.md
├── memcached-exporter
├── Dockerfile
├── README.md
└── TAG
├── memcached
├── Dockerfile
├── README.md
└── TAG
├── meows-dctest-runner
├── .dockerignore
├── BRANCH
├── Dockerfile
├── README.md
├── TAG
└── include-bird
├── meows-neco-runner
├── BRANCH
├── Dockerfile
├── README.md
├── TAG
└── install-necocli
├── no_need_update.svg
├── opentelemetry-collector
├── .dockerignore
├── Dockerfile
├── TAG
└── manifest.yaml
├── pause
├── .dockerignore
├── BRANCH
├── Dockerfile
├── README.md
└── TAG
├── pod-delete-rate-limiter
├── .dockerignore
├── .gitignore
├── Dockerfile
├── Makefile
├── README.md
├── TAG
├── cmd
│ └── main.go
├── config
│ ├── certmanager
│ │ ├── certificate.yaml
│ │ ├── kustomization.yaml
│ │ └── kustomizeconfig.yaml
│ ├── default
│ │ ├── kustomization.yaml
│ │ ├── manager_auth_proxy_patch.yaml
│ │ ├── manager_config_patch.yaml
│ │ ├── manager_webhook_patch.yaml
│ │ └── webhookcainjection_patch.yaml
│ ├── manager
│ │ ├── kustomization.yaml
│ │ └── manager.yaml
│ ├── prometheus
│ │ ├── kustomization.yaml
│ │ └── monitor.yaml
│ ├── rbac
│ │ ├── auth_proxy_client_clusterrole.yaml
│ │ ├── auth_proxy_role.yaml
│ │ ├── auth_proxy_role_binding.yaml
│ │ ├── auth_proxy_service.yaml
│ │ ├── kustomization.yaml
│ │ ├── leader_election_role.yaml
│ │ ├── leader_election_role_binding.yaml
│ │ ├── role_binding.yaml
│ │ └── service_account.yaml
│ └── webhook
│ │ ├── kustomization.yaml
│ │ ├── kustomizeconfig.yaml
│ │ ├── manifests.yaml
│ │ └── service.yaml
├── go.mod
├── go.sum
├── hack
│ └── boilerplate.go.txt
└── hooks
│ ├── rate_limiter.go
│ └── rate_limiter_test.go
├── pomerium
├── Dockerfile
├── README.md
└── TAG
├── prometheus-adapter
├── Dockerfile
├── README.md
└── TAG
├── prometheus-config-reloader
├── .dockerignore
├── Dockerfile
├── README.md
└── TAG
├── promtail-debug
├── Dockerfile
├── README.md
├── TAG
└── a.patch
├── promtail
├── Dockerfile
├── README.md
├── TAG
└── force-flush-partial-line.patch
├── pushgateway
├── .dockerignore
├── Dockerfile
├── README.md
└── TAG
├── pyroscope
├── .gitignore
├── Dockerfile
├── Makefile
└── TAG
├── redis
├── .dockerignore
├── BRANCH
├── Dockerfile
├── README.md
└── TAG
├── registry
├── .dockerignore
├── BRANCH
├── Dockerfile
├── README.md
└── TAG
├── regular_update.svg
├── rook
├── BRANCH
├── Dockerfile
├── README.md
└── TAG
├── s3gw
├── .gitignore
├── Dockerfile
├── Makefile
├── README.md
├── TAG
├── allow_deny.go
├── allow_deny_test.go
├── go.mod
├── go.sum
├── handler.go
└── main.go
├── sealed-secrets
├── BRANCH
├── Dockerfile
├── README.md
└── TAG
├── serf
├── .dockerignore
├── BRANCH
├── Dockerfile
├── README.md
├── TAG
└── install-tools
├── spegel
├── .dockerignore
├── Dockerfile
├── README.md
└── TAG
├── squid-exporter
├── .gitignore
├── Dockerfile
├── Makefile
├── README.md
├── TAG
├── client.go
├── client_test.go
├── config.go
├── convert.go
├── convert_test.go
├── e2e
│ ├── Makefile
│ ├── pod.yaml
│ ├── run_test.go
│ └── suite_test.go
├── go.mod
├── go.sum
├── main.go
└── main_test.go
├── squid
├── .dockerignore
├── BRANCH
├── Dockerfile
├── README.md
└── TAG
├── stakater-reloader
├── .dockerignore
├── BRANCH
├── Dockerfile
├── README.md
└── TAG
├── tag_branch_consistency
├── tag_exists
├── tcp-keepalive
├── .dockerignore
├── .gitignore
├── BRANCH
├── Dockerfile
├── Makefile
├── README.md
├── TAG
├── cmd
│ ├── client.go
│ ├── root.go
│ └── server.go
├── go.mod
├── go.sum
├── internal
│ ├── client
│ │ ├── client.go
│ │ ├── config.go
│ │ └── metrics.go
│ ├── metrics
│ │ ├── config.go
│ │ └── metrics.go
│ └── server
│ │ ├── config.go
│ │ ├── metrics.go
│ │ └── server.go
└── main.go
├── teleport-node
├── Dockerfile
├── Makefile
├── README.md
├── TAG
├── bash-env.sh
├── hubble-env.sh
├── loki-env.sh
└── update-necocli.sh
├── tempo
├── .dockerignore
├── Dockerfile
├── README.md
└── TAG
├── testhttpd
├── .dockerignore
├── BRANCH
├── Dockerfile
├── Makefile
├── README.md
├── TAG
└── src
│ ├── .gitignore
│ ├── Makefile
│ ├── go.mod
│ ├── go.sum
│ └── testhttpd
│ └── main.go
├── tool.mk
├── trust-manager
├── .dockerignore
├── BRANCH
├── Dockerfile
├── README.md
└── TAG
├── trust-packages
├── .dockerignore
├── .gitignore
├── Dockerfile
├── Makefile
├── README.md
└── TAG
├── unbound
├── .dockerignore
├── BRANCH
├── Dockerfile
├── Makefile
├── README.md
├── TAG
├── reload-unbound
└── root.hints
├── unbound_exporter
├── .dockerignore
├── BRANCH
├── Dockerfile
├── README.md
└── TAG
├── vault
├── .dockerignore
├── BRANCH
├── Dockerfile
├── README.md
├── TAG
└── install-tools
├── victoriametrics-datasource
├── Dockerfile
├── README.md
└── TAG
├── victoriametrics-operator
├── .dockerignore
├── Dockerfile
├── README.md
└── TAG
└── victoriametrics
├── .dockerignore
├── Dockerfile
├── README.md
├── TAG
└── download_and_build.sh
/.github/ISSUE_TEMPLATE/bug_report.md:
--------------------------------------------------------------------------------
1 | ---
2 | name: Bug report
3 | about: Create a report to help us improve
4 | title: ''
5 | labels: bug
6 | assignees: ''
7 |
8 | ---
9 |
10 | **Describe the bug**
11 | A clear and concise description of what the bug is.
12 |
13 | **Environments**
14 | - Version:
15 | - OS:
16 |
17 | **To Reproduce**
18 | Steps to reproduce the behavior:
19 | 1. Go to '...'
20 | 2. Click on '....'
21 | 3. Scroll down to '....'
22 | 4. See error
23 |
24 | **Expected behavior**
25 | A clear and concise description of what you expected to happen.
26 |
27 | **Additional context**
28 | Add any other context about the problem here.
29 |
--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/issue.md:
--------------------------------------------------------------------------------
1 | ---
2 | name: Task
3 | about: Describe this issue
4 | title: ''
5 | labels: ''
6 | assignees: ''
7 |
8 | ---
9 |
10 | ## What
11 |
12 | Describe what this issue should address.
13 |
14 | ## How
15 |
16 | Describe how to address the issue.
17 |
18 | ## Checklist
19 |
20 | - [ ] Finish implentation of the issue
21 | - [ ] Test all functions
22 | - [ ] Have enough logs to trace activities
23 | - [ ] Notify developers of necessary actions
24 |
--------------------------------------------------------------------------------
/.github/actions/prepare_matrix/action.yaml:
--------------------------------------------------------------------------------
1 | name: "Prepare build matrix"
2 | description: "Prepare build matrix"
3 | inputs:
4 | matrix:
5 | description: "Candidate build jobs"
6 | required: true
7 | default: ""
8 | outputs:
9 | jobs:
10 | description: "matrix"
11 | value: ${{ steps.prepare-matrix.outputs.jobs }}
12 |
13 | runs:
14 | using: composite
15 | steps:
16 | - id: prepare-matrix
17 | shell: bash
18 | env:
19 | GH_TOKEN: ${{ github.token }}
20 | INPUT_MATRIX: ${{ inputs.matrix }}
21 | run: |
22 | if [ "${GITHUB_EVENT_NAME}" = "pull_request" ]; then
23 | export PR=$(cat "${GITHUB_EVENT_PATH}" | jq -r '.pull_request.number')
24 | else
25 | export PR=$(gh pr list --state merged --json number,mergeCommit | jq ".[] | select(.mergeCommit != null and .mergeCommit.oid == \"${GITHUB_SHA}\") | .number")
26 | fi
27 | ./generate_matrix
28 | echo "jobs=$(cat .github/outputs/__matrix.json)" >> $GITHUB_OUTPUT
29 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | *~
2 | .#*
3 | \#*#
4 | .*.swp
5 | /.vscode
6 | cover.out
7 | vendor
8 | /.idea
9 | /bin
10 | /.github/outputs
11 |
--------------------------------------------------------------------------------
/admission/.dockerignore:
--------------------------------------------------------------------------------
1 | bin
2 | *.md
3 |
--------------------------------------------------------------------------------
/admission/.gitignore:
--------------------------------------------------------------------------------
1 | /bin
2 | /testbin
3 |
--------------------------------------------------------------------------------
/admission/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM ghcr.io/cybozu/golang:1.24-noble AS build
2 | COPY . /work
3 | RUN CGO_ENABLED=0 go build -o bin/neco-admission -ldflags="-w -s" main.go
4 |
5 | FROM scratch
6 | LABEL org.opencontainers.image.source="https://github.com/cybozu/neco-containers"
7 |
8 | COPY --from=build /work/bin/neco-admission /neco-admission
9 | USER 10000:10000
10 | ENTRYPOINT ["/neco-admission"]
11 |
--------------------------------------------------------------------------------
/admission/PROJECT:
--------------------------------------------------------------------------------
1 | domain: cybozu.com
2 | layout: go.kubebuilder.io/v3
3 | projectName: admission
4 | repo: github.com/cybozu/neco-containers/admission
5 | version: 3-alpha
6 |
--------------------------------------------------------------------------------
/admission/TAG:
--------------------------------------------------------------------------------
1 | 0.32.0
2 |
--------------------------------------------------------------------------------
/admission/config/certmanager/certificate.yaml:
--------------------------------------------------------------------------------
1 | # The following manifests contain a self-signed issuer CR and a certificate CR.
2 | # More document can be found at https://docs.cert-manager.io
3 | # WARNING: Targets CertManager v1.0. Check https://cert-manager.io/docs/installation/upgrading/ for breaking changes.
4 | apiVersion: cert-manager.io/v1
5 | kind: Issuer
6 | metadata:
7 | name: selfsigned-issuer
8 | namespace: system
9 | spec:
10 | selfSigned: {}
11 | ---
12 | apiVersion: cert-manager.io/v1
13 | kind: Certificate
14 | metadata:
15 | name: serving-cert # this name should match the one appeared in kustomizeconfig.yaml
16 | namespace: system
17 | spec:
18 | # $(SERVICE_NAME) and $(SERVICE_NAMESPACE) will be substituted by kustomize
19 | dnsNames:
20 | - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc
21 | - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc.cluster.local
22 | issuerRef:
23 | kind: Issuer
24 | name: selfsigned-issuer
25 | secretName: webhook-server-cert # this secret will not be prefixed, since it's not managed by kustomize
26 |
--------------------------------------------------------------------------------
/admission/config/certmanager/kustomization.yaml:
--------------------------------------------------------------------------------
1 | resources:
2 | - certificate.yaml
3 |
4 | configurations:
5 | - kustomizeconfig.yaml
6 |
--------------------------------------------------------------------------------
/admission/config/certmanager/kustomizeconfig.yaml:
--------------------------------------------------------------------------------
1 | # This configuration is for teaching kustomize how to update name ref and var substitution
2 | nameReference:
3 | - kind: Issuer
4 | group: cert-manager.io
5 | fieldSpecs:
6 | - kind: Certificate
7 | group: cert-manager.io
8 | path: spec/issuerRef/name
9 |
10 | varReference:
11 | - kind: Certificate
12 | group: cert-manager.io
13 | path: spec/commonName
14 | - kind: Certificate
15 | group: cert-manager.io
16 | path: spec/dnsNames
17 |
--------------------------------------------------------------------------------
/admission/config/crd/bases/.gitignore:
--------------------------------------------------------------------------------
1 | *
2 |
--------------------------------------------------------------------------------
/admission/config/default/manager_auth_proxy_patch.yaml:
--------------------------------------------------------------------------------
1 | # This patch inject a sidecar container which is a HTTP proxy for the
2 | # controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews.
3 | apiVersion: apps/v1
4 | kind: Deployment
5 | metadata:
6 | name: controller-manager
7 | namespace: system
8 | spec:
9 | template:
10 | spec:
11 | containers:
12 | - name: kube-rbac-proxy
13 | image: gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0
14 | args:
15 | - "--secure-listen-address=0.0.0.0:8443"
16 | - "--upstream=http://127.0.0.1:8080/"
17 | - "--logtostderr=true"
18 | - "--v=10"
19 | ports:
20 | - containerPort: 8443
21 | name: https
22 | - name: manager
23 | args:
24 | - "--health-probe-bind-address=:8081"
25 | - "--metrics-bind-address=127.0.0.1:8080"
26 | - "--leader-elect"
27 |
--------------------------------------------------------------------------------
/admission/config/default/manager_config_patch.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: controller-manager
5 | namespace: system
6 | spec:
7 | template:
8 | spec:
9 | containers:
10 | - name: manager
11 | args:
12 | - "--config=controller_manager_config.yaml"
13 | volumeMounts:
14 | - name: manager-config
15 | mountPath: /controller_manager_config.yaml
16 | subPath: controller_manager_config.yaml
17 | volumes:
18 | - name: manager-config
19 | configMap:
20 | name: manager-config
21 |
--------------------------------------------------------------------------------
/admission/config/manager/controller_manager_config.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: controller-runtime.sigs.k8s.io/v1alpha1
2 | kind: ControllerManagerConfig
3 | health:
4 | healthProbeBindAddress: :8081
5 | metrics:
6 | bindAddress: 127.0.0.1:8080
7 | webhook:
8 | port: 9443
9 | leaderElection:
10 | leaderElect: true
11 | resourceName: e497dfb7.cybozu.com
12 |
--------------------------------------------------------------------------------
/admission/config/manager/kustomization.yaml:
--------------------------------------------------------------------------------
1 | resources:
2 | - manager.yaml
3 |
4 | generatorOptions:
5 | disableNameSuffixHash: true
6 |
7 | configMapGenerator:
8 | - name: manager-config
9 | files:
10 | - controller_manager_config.yaml
11 |
--------------------------------------------------------------------------------
/admission/config/prometheus/kustomization.yaml:
--------------------------------------------------------------------------------
1 | resources:
2 | - monitor.yaml
3 |
--------------------------------------------------------------------------------
/admission/config/prometheus/monitor.yaml:
--------------------------------------------------------------------------------
1 |
2 | # Prometheus Monitor Service (Metrics)
3 | apiVersion: monitoring.coreos.com/v1
4 | kind: ServiceMonitor
5 | metadata:
6 | labels:
7 | control-plane: controller-manager
8 | name: controller-manager-metrics-monitor
9 | namespace: system
10 | spec:
11 | endpoints:
12 | - path: /metrics
13 | port: https
14 | selector:
15 | matchLabels:
16 | control-plane: controller-manager
17 |
--------------------------------------------------------------------------------
/admission/config/rbac/auth_proxy_client_clusterrole.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: rbac.authorization.k8s.io/v1
2 | kind: ClusterRole
3 | metadata:
4 | name: metrics-reader
5 | rules:
6 | - nonResourceURLs: ["/metrics"]
7 | verbs: ["get"]
8 |
--------------------------------------------------------------------------------
/admission/config/rbac/auth_proxy_role.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: rbac.authorization.k8s.io/v1
2 | kind: ClusterRole
3 | metadata:
4 | name: proxy-role
5 | rules:
6 | - apiGroups: ["authentication.k8s.io"]
7 | resources:
8 | - tokenreviews
9 | verbs: ["create"]
10 | - apiGroups: ["authorization.k8s.io"]
11 | resources:
12 | - subjectaccessreviews
13 | verbs: ["create"]
14 |
--------------------------------------------------------------------------------
/admission/config/rbac/auth_proxy_role_binding.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: rbac.authorization.k8s.io/v1
2 | kind: ClusterRoleBinding
3 | metadata:
4 | name: proxy-rolebinding
5 | roleRef:
6 | apiGroup: rbac.authorization.k8s.io
7 | kind: ClusterRole
8 | name: proxy-role
9 | subjects:
10 | - kind: ServiceAccount
11 | name: default
12 | namespace: system
13 |
--------------------------------------------------------------------------------
/admission/config/rbac/auth_proxy_service.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Service
3 | metadata:
4 | labels:
5 | control-plane: controller-manager
6 | name: controller-manager-metrics-service
7 | namespace: system
8 | spec:
9 | ports:
10 | - name: https
11 | port: 8443
12 | targetPort: https
13 | selector:
14 | control-plane: controller-manager
15 |
--------------------------------------------------------------------------------
/admission/config/rbac/kustomization.yaml:
--------------------------------------------------------------------------------
1 | resources:
2 | - role.yaml
3 | - role_binding.yaml
4 | - leader_election_role.yaml
5 | - leader_election_role_binding.yaml
6 | # Comment the following 4 lines if you want to disable
7 | # the auth proxy (https://github.com/brancz/kube-rbac-proxy)
8 | # which protects your /metrics endpoint.
9 | - auth_proxy_service.yaml
10 | - auth_proxy_role.yaml
11 | - auth_proxy_role_binding.yaml
12 | - auth_proxy_client_clusterrole.yaml
13 |
--------------------------------------------------------------------------------
/admission/config/rbac/leader_election_role.yaml:
--------------------------------------------------------------------------------
1 | # permissions to do leader election.
2 | apiVersion: rbac.authorization.k8s.io/v1
3 | kind: Role
4 | metadata:
5 | name: leader-election-role
6 | rules:
7 | - apiGroups:
8 | - ""
9 | - coordination.k8s.io
10 | resources:
11 | - configmaps
12 | - leases
13 | verbs:
14 | - get
15 | - list
16 | - watch
17 | - create
18 | - update
19 | - patch
20 | - delete
21 | - apiGroups:
22 | - ""
23 | resources:
24 | - events
25 | verbs:
26 | - create
27 | - patch
28 |
--------------------------------------------------------------------------------
/admission/config/rbac/leader_election_role_binding.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: rbac.authorization.k8s.io/v1
2 | kind: RoleBinding
3 | metadata:
4 | name: leader-election-rolebinding
5 | roleRef:
6 | apiGroup: rbac.authorization.k8s.io
7 | kind: Role
8 | name: leader-election-role
9 | subjects:
10 | - kind: ServiceAccount
11 | name: default
12 | namespace: system
13 |
--------------------------------------------------------------------------------
/admission/config/rbac/role.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: rbac.authorization.k8s.io/v1
3 | kind: ClusterRole
4 | metadata:
5 | creationTimestamp: null
6 | name: neco-admission
7 | rules:
8 | - apiGroups:
9 | - ""
10 | resources:
11 | - namespaces
12 | verbs:
13 | - get
14 | - list
15 | - watch
16 |
--------------------------------------------------------------------------------
/admission/config/rbac/role_binding.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: rbac.authorization.k8s.io/v1
2 | kind: ClusterRoleBinding
3 | metadata:
4 | name: manager-rolebinding
5 | roleRef:
6 | apiGroup: rbac.authorization.k8s.io
7 | kind: ClusterRole
8 | name: manager-role
9 | subjects:
10 | - kind: ServiceAccount
11 | name: default
12 | namespace: system
13 |
--------------------------------------------------------------------------------
/admission/hack/boilerplate.go.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cybozu/neco-containers/4a16846b052e117bac466f475329a34aa21bdbfa/admission/hack/boilerplate.go.txt
--------------------------------------------------------------------------------
/admission/hooks/const.go:
--------------------------------------------------------------------------------
1 | package hooks
2 |
3 | const (
4 | annotatePrefix = "admission.cybozu.com/"
5 | )
6 |
--------------------------------------------------------------------------------
/admission/main.go:
--------------------------------------------------------------------------------
1 | package main
2 |
3 | import "github.com/cybozu/neco-containers/admission/cmd"
4 |
5 | func main() {
6 | cmd.Execute()
7 | }
8 |
--------------------------------------------------------------------------------
/alertmanager/.dockerignore:
--------------------------------------------------------------------------------
1 | *
2 |
--------------------------------------------------------------------------------
/alertmanager/README.md:
--------------------------------------------------------------------------------
1 | Prometheus Alertmanager container
2 | =================================
3 |
4 | This repository contains Dockerfile for [alertmanager](https://github.com/prometheus/alertmanager/).
5 |
6 | ## Usage
7 |
8 | ```console
9 | # create directory to store data
10 | $ sudo mkdir -p /data
11 |
12 | $ docker run -d --read-only --cap-drop ALL --cap-add NET_BIND_SERVICE \
13 | -p 9093:9093 \
14 | --name alertmanager \
15 | --mount type=bind,source=/data,target=/data \
16 | --mount type=bind,source=/config,target=/config \
17 | --entrypoint alertmanager \
18 | ghcr.io/cybozu/alertmanager:0.27 \
19 | --config.file=/config/alertmanager.yaml
20 | ```
21 |
22 | ## Docker images
23 |
24 | Docker images are available on [ghcr.io](https://github.com/cybozu/neco-containers/pkgs/container/alertmanager)
25 |
--------------------------------------------------------------------------------
/alertmanager/TAG:
--------------------------------------------------------------------------------
1 | 0.28.1.1
2 |
--------------------------------------------------------------------------------
/alloy/README.md:
--------------------------------------------------------------------------------
1 | # Alloy container
2 |
3 | This directory provides a Dockerfile to build a alloy container
4 | that runs [`alloy`](https://github.com/grafana/alloy).
5 |
6 | ## Docker images
7 |
8 | Docker images are available on [ghcr.io](https://github.com/cybozu/neco-containers/pkgs/container/alloy)
9 |
--------------------------------------------------------------------------------
/alloy/TAG:
--------------------------------------------------------------------------------
1 | 1.8.3.1
2 |
--------------------------------------------------------------------------------
/argo-rollouts/.dockerignore:
--------------------------------------------------------------------------------
1 | *
2 |
--------------------------------------------------------------------------------
/argo-rollouts/Dockerfile:
--------------------------------------------------------------------------------
1 | # https://github.com/argoproj/argo-rollouts/blob/master/Dockerfile
2 | # Remove following steps from original Dockerfile.
3 | # - UI build stage
4 | # - Kubectl plugin image
5 |
6 | FROM ghcr.io/cybozu/golang:1.23-noble AS builder
7 |
8 | ENV ARGO_ROLLOUTS_VERSION=1.8.2
9 |
10 | WORKDIR /work
11 |
12 | RUN git clone --depth 1 --branch v${ARGO_ROLLOUTS_VERSION} https://github.com/argoproj/argo-rollouts.git
13 |
14 | WORKDIR /work/argo-rollouts
15 |
16 | RUN go mod download
17 |
18 | RUN make controller
19 |
20 | FROM gcr.io/distroless/static-debian11
21 | LABEL org.opencontainers.image.source="https://github.com/cybozu/neco-containers"
22 |
23 | COPY --from=builder /work/argo-rollouts/dist/rollouts-controller /bin/
24 | COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
25 |
26 | USER 10000:10000
27 |
28 | WORKDIR /home/argo-rollouts
29 |
30 | ENTRYPOINT [ "/bin/rollouts-controller" ]
31 |
--------------------------------------------------------------------------------
/argo-rollouts/README.md:
--------------------------------------------------------------------------------
1 | # Argo Rollouts container
2 |
3 | This directory provides a Dockerfile to build a argo-rollouts container
4 | that runs [argoproj/argo-rollouts](https://github.com/argoproj/argo-rollouts).
5 |
6 | ## Docker images
7 |
8 | Docker images are available on [ghcr.io](https://github.com/cybozu/neco-containers/pkgs/container/argo-rollouts)
9 |
--------------------------------------------------------------------------------
/argo-rollouts/TAG:
--------------------------------------------------------------------------------
1 | 1.8.2.1
2 |
--------------------------------------------------------------------------------
/argocd-image-updater/.dockerignore:
--------------------------------------------------------------------------------
1 | *
2 |
--------------------------------------------------------------------------------
/argocd-image-updater/README.md:
--------------------------------------------------------------------------------
1 | # Argo CD Image Updater Container
2 |
3 | This derectory provides a Dockerfile to build a arogocd-image-updater container
4 | that runs [argoproj-labs/argocd-image-updater](https://github.com/argoproj-labs/argocd-image-updater).
5 |
6 | ## Docker images
7 |
8 | Docker images are available on [ghcr.io/cybozu/argocd-image-updater](https://ghcr.io/cybozu/argocd-image-updater)
9 |
--------------------------------------------------------------------------------
/argocd-image-updater/TAG:
--------------------------------------------------------------------------------
1 | 0.15.2.1
2 |
--------------------------------------------------------------------------------
/argocd/.dockerignore:
--------------------------------------------------------------------------------
1 | *
2 |
--------------------------------------------------------------------------------
/argocd/BRANCH:
--------------------------------------------------------------------------------
1 | 2.13
2 |
--------------------------------------------------------------------------------
/argocd/README.md:
--------------------------------------------------------------------------------
1 | # Argo CD container
2 |
3 | This directory provides a Dockerfile to build a argocd container
4 | that runs [argoproj/argo-cd](https://github.com/argoproj/argo-cd).
5 |
6 | ## Docker images
7 |
8 | Docker images are available on [ghcr.io](https://github.com/cybozu/neco-containers/pkgs/container/argocd)
9 |
--------------------------------------------------------------------------------
/argocd/TAG:
--------------------------------------------------------------------------------
1 | 2.13.2.2
2 |
--------------------------------------------------------------------------------
/bird/.dockerignore:
--------------------------------------------------------------------------------
1 | *
2 | !bird-copyright
3 |
--------------------------------------------------------------------------------
/bird/BRANCH:
--------------------------------------------------------------------------------
1 | 2.17
2 |
--------------------------------------------------------------------------------
/bird/TAG:
--------------------------------------------------------------------------------
1 | 2.17.0.1
2 |
--------------------------------------------------------------------------------
/blackbox_exporter/.dockerignore:
--------------------------------------------------------------------------------
1 | *
2 |
--------------------------------------------------------------------------------
/blackbox_exporter/Dockerfile:
--------------------------------------------------------------------------------
1 | # blackbox-exporter container
2 |
3 | # Stage1: build from source
4 | FROM ghcr.io/cybozu/golang:1.24-noble AS build
5 |
6 | ARG BLACKBOX_EXPORTER_VERSION=0.26.0
7 | SHELL ["/bin/bash", "-o", "pipefail", "-c"]
8 | WORKDIR /blackbox_exporter
9 | RUN curl -fsSL https://github.com/prometheus/blackbox_exporter/archive/v${BLACKBOX_EXPORTER_VERSION}.tar.gz | \
10 | tar -xzf - --strip-components 1
11 |
12 | RUN make build
13 |
14 | # Stage2: setup runtime container
15 | FROM ghcr.io/cybozu/ubuntu:24.04
16 | LABEL org.opencontainers.image.source="https://github.com/cybozu/neco-containers"
17 |
18 | COPY --from=build /blackbox_exporter/blackbox_exporter /blackbox_exporter
19 | COPY --from=build /blackbox_exporter/blackbox.yml /blackbox.yml
20 | COPY --from=build /blackbox_exporter/LICENSE /LICENSE
21 |
22 | USER 10000:10000
23 | EXPOSE 9115
24 | ENTRYPOINT ["/blackbox_exporter"]
25 |
--------------------------------------------------------------------------------
/blackbox_exporter/TAG:
--------------------------------------------------------------------------------
1 | 0.26.0.1
2 |
--------------------------------------------------------------------------------
/bmc-log-collector/BRANCH:
--------------------------------------------------------------------------------
1 | 0.9
2 |
--------------------------------------------------------------------------------
/bmc-log-collector/Dockerfile:
--------------------------------------------------------------------------------
1 | # Stage1: build from source
2 | FROM ghcr.io/cybozu/golang:1.24-noble AS build
3 |
4 | COPY . /work
5 | WORKDIR /work
6 |
7 | RUN CGO_ENABLED=0 go install -ldflags="-w -s"
8 |
9 | # Stage2: setup runtime container
10 | FROM scratch
11 |
12 | LABEL org.opencontainers.image.source="https://github.com/cybozu/neco-containers"
13 |
14 | COPY --from=build /go/bin /
15 |
16 | USER 10000:10000
17 |
18 | ENTRYPOINT ["/log-collector"]
19 |
--------------------------------------------------------------------------------
/bmc-log-collector/Makefile:
--------------------------------------------------------------------------------
1 | .PHONY: all
2 | all: check-generate test
3 |
4 | .PHONY: setup
5 | setup:
6 | go install github.com/cybozu-go/golang-custom-analyzer/cmd/custom-checker@latest
7 | go install honnef.co/go/tools/cmd/staticcheck@latest
8 | go install github.com/onsi/ginkgo/v2/ginkgo
9 |
10 | .PHONY: check-generate
11 | check-generate:
12 | go mod tidy
13 | git diff --exit-code --name-only
14 |
15 | .PHONY: test
16 | test: clean
17 | test -z "$$(gofmt -s -l . | tee /dev/stderr)"
18 | staticcheck ./...
19 | test -z "$$(custom-checker -restrictpkg.packages=html/template ./... 2>&1 | tee /dev/stderr)"
20 | go vet ./...
21 | ginkgo -v --race -p .
22 |
23 | .PHONY: clean
24 | clean:
25 | rm -f testdata/output_main_test/*
26 | rm -fr testdata/pointers_get_machines
27 | rm -fr testdata/pointers_log_collector
28 | rm -fr testdata/pointers_main_test
29 |
--------------------------------------------------------------------------------
/bmc-log-collector/TAG:
--------------------------------------------------------------------------------
1 | 0.9.8
2 |
--------------------------------------------------------------------------------
/bmc-log-collector/bmc-user.go:
--------------------------------------------------------------------------------
1 | package main
2 |
3 | import (
4 | "encoding/json"
5 | "os"
6 | )
7 |
8 | // BMCPassword represents password for a BMC user.
9 | type BMCPassword struct {
10 | Raw string `json:"raw"`
11 | Hash string `json:"hash"`
12 | Salt string `json:"salt"`
13 | }
14 |
15 | // Credentials represents credentials of a BMC user.
16 | type Credentials struct {
17 | Password BMCPassword `json:"password"`
18 | }
19 |
20 | // UserConfig represents a set of BMC user credentials in JSON format.
21 | type UserConfig struct {
22 | Root Credentials `json:"root"`
23 | Repair Credentials `json:"repair"`
24 | Power Credentials `json:"power"`
25 | Support Credentials `json:"support"`
26 | }
27 |
28 | // LoadConfig loads UserConfig.
29 | func LoadBMCUserConfig(userFile string) (*UserConfig, error) {
30 | fd, err := os.Open(userFile)
31 | if err != nil {
32 | return nil, err
33 | }
34 | defer fd.Close()
35 |
36 | bmcUsers := new(UserConfig)
37 | err = json.NewDecoder(fd).Decode(bmcUsers)
38 | if err != nil {
39 | return nil, err
40 | }
41 | return bmcUsers, nil
42 | }
43 |
--------------------------------------------------------------------------------
/bmc-log-collector/bmc-user_test.go:
--------------------------------------------------------------------------------
1 | package main
2 |
3 | import (
4 | . "github.com/onsi/ginkgo/v2"
5 | . "github.com/onsi/gomega"
6 | )
7 |
8 | var _ = Describe("Get User from bmc-user.json", Ordered, func() {
9 | Context("Normal", func() {
10 | It("Read JSON file", func() {
11 | user, err := LoadBMCUserConfig("testdata/etc/bmc-user.json")
12 | Expect(err).NotTo(HaveOccurred())
13 | Expect(user.Support.Password.Raw).To(Equal(basicAuthPassword))
14 | })
15 | })
16 |
17 | Context("Abnormal", func() {
18 | It("Read no existing file", func() {
19 | _, err := LoadBMCUserConfig("testdata/etc/no-exist.json")
20 | Expect(err).To(HaveOccurred())
21 | })
22 |
23 | It("no support user in json file", func() {
24 | _, err := LoadBMCUserConfig("testdata/etc/bmc-user-err.json")
25 | Expect(err).To(HaveOccurred())
26 | })
27 | })
28 | })
29 |
--------------------------------------------------------------------------------
/bmc-log-collector/machines-list.go:
--------------------------------------------------------------------------------
1 | package main
2 |
3 | import (
4 | "encoding/json"
5 | "io"
6 | "os"
7 | )
8 |
9 | type Machine struct {
10 | Serial string `json:"serial"`
11 | BmcIP string `json:"bmc_ipv4"`
12 | NodeIP string `json:"node_ipv4"`
13 | }
14 |
15 | // Get BMC list from JSON file
16 | func readMachineList(filename string) ([]Machine, error) {
17 | var ml []Machine
18 |
19 | fd, err := os.Open(filename)
20 | if err != nil {
21 | return ml, err
22 | }
23 | defer fd.Close()
24 |
25 | byteData, err := io.ReadAll(fd)
26 | if err != nil {
27 | return ml, err
28 | }
29 |
30 | err = json.Unmarshal(byteData, &ml)
31 | if err != nil {
32 | return ml, err
33 | }
34 |
35 | return ml, nil
36 | }
37 |
--------------------------------------------------------------------------------
/bmc-log-collector/request-to-bmc.go:
--------------------------------------------------------------------------------
1 | package main
2 |
3 | import (
4 | "context"
5 | "io"
6 | "net/http"
7 | )
8 |
9 | // Get from Redfish API on BMC REST service
10 | func requestToBmc(ctx context.Context, username string, password string, client *http.Client, url string) ([]byte, int, error) {
11 | req, err := http.NewRequest("GET", url, nil)
12 | if err != nil {
13 | return nil, 0, err
14 | }
15 | req.SetBasicAuth(username, password)
16 | req = req.WithContext(ctx)
17 | resp, err := client.Do(req)
18 | if err != nil {
19 | return nil, 0, err
20 | }
21 | defer resp.Body.Close()
22 |
23 | buf, err := io.ReadAll(resp.Body)
24 | if err != nil {
25 | return nil, resp.StatusCode, err
26 | }
27 |
28 | return buf, resp.StatusCode, nil
29 | }
30 |
--------------------------------------------------------------------------------
/bmc-log-collector/suite_test.go:
--------------------------------------------------------------------------------
1 | package main_test
2 |
3 | import (
4 | "testing"
5 |
6 | . "github.com/onsi/ginkgo/v2"
7 | . "github.com/onsi/gomega"
8 | )
9 |
10 | func TestBmcLogCollector(t *testing.T) {
11 | RegisterFailHandler(Fail)
12 | RunSpecs(t, "BmcLogCollector Suite")
13 | }
14 |
--------------------------------------------------------------------------------
/bmc-log-collector/testdata/configmap/damaged.json:
--------------------------------------------------------------------------------
1 | [{"serial":"683FPQ3","bmc_ipv4":"127.0.0.1:7180","node_ipv4":"10.69.0.6"}
2 |
--------------------------------------------------------------------------------
/bmc-log-collector/testdata/configmap/empty.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cybozu/neco-containers/4a16846b052e117bac466f475329a34aa21bdbfa/bmc-log-collector/testdata/configmap/empty.json
--------------------------------------------------------------------------------
/bmc-log-collector/testdata/configmap/log-collector-test.json:
--------------------------------------------------------------------------------
1 | [{"serial":"683FPQ3","bmc_ipv4":"127.0.0.1:8180","node_ipv4":"10.69.0.6"}]
2 |
--------------------------------------------------------------------------------
/bmc-log-collector/testdata/configmap/machines-list-test.json:
--------------------------------------------------------------------------------
1 | [{"serial":"server1","bmc_ipv4":"192.168.0.1","node_ipv4":"172.16.0.1"},{"serial":"server2","bmc_ipv4":"192.168.0.2","node_ipv4":"172.16.0.2"},{"serial":"server3","bmc_ipv4":"192.168.0.3","node_ipv4":"172.16.0.3"},{"serial":"server4","bmc_ipv4":"192.168.0.4","node_ipv4":"172.16.0.4"},{"serial":"server5","bmc_ipv4":"192.168.0.5","node_ipv4":"172.16.0.5"}]
2 |
--------------------------------------------------------------------------------
/bmc-log-collector/testdata/configmap/serverlist-1.json:
--------------------------------------------------------------------------------
1 | [{"serial":"683FPQ3","bmc_ipv4":"127.0.0.1:7180","node_ipv4":"10.69.0.6"},{"serial":"J7N6MW3","bmc_ipv4":"127.0.0.1:7380","node_ipv4":"10.69.0.8"}]
2 |
--------------------------------------------------------------------------------
/bmc-log-collector/testdata/configmap/serverlist-2.json:
--------------------------------------------------------------------------------
1 | [{"serial":"683FPQ3","bmc_ipv4":"127.0.0.1:7180","node_ipv4":"10.69.0.6"},{"serial":"J7N6MW3","bmc_ipv4":"127.0.0.1:7380","node_ipv4":"10.69.0.8"}]
2 |
--------------------------------------------------------------------------------
/bmc-log-collector/testdata/configmap/serverlist-3.json:
--------------------------------------------------------------------------------
1 | [{"serial":"683FPQ3","bmc_ipv4":"127.0.0.1:7180","node_ipv4":"10.69.0.6"},{"serial":"J7N6MW3","bmc_ipv4":"127.0.0.1:7380","node_ipv4":"10.69.0.8"}]
2 |
--------------------------------------------------------------------------------
/bmc-log-collector/testdata/configmap/serverlist.json:
--------------------------------------------------------------------------------
1 | [{"serial":"683FPQ3","bmc_ipv4":"127.0.0.1:7180","node_ipv4":"10.69.0.6"},{"serial":"HN3CLP3","bmc_ipv4":"127.0.0.1:7280","node_ipv4":"10.69.0.7"}]
2 |
--------------------------------------------------------------------------------
/bmc-log-collector/testdata/configmap/serverlist2.json:
--------------------------------------------------------------------------------
1 | [{"serial":"683FPQ3","bmc_ipv4":"127.0.0.1:7180","node_ipv4":"10.69.0.6"},{"serial":"HN3CLP3","bmc_ipv4":"127.0.0.1:7280","node_ipv4":"10.69.0.7"},{"serial":"J7N6MW3","bmc_ipv4":"127.0.0.1:7380","node_ipv4":"10.69.0.8"},{"serial":"483FPQ3","bmc_ipv4":"127.0.0.1:7480","node_ipv4":"10.69.0.9"},{"serial":"JQ5M8K3","bmc_ipv4":"127.0.0.1:7580","node_ipv4":"10.69.0.10"}]
2 |
--------------------------------------------------------------------------------
/bmc-log-collector/testdata/etc/bmc-user-error.json:
--------------------------------------------------------------------------------
1 | {
2 | "root": {
3 | "password": {
4 | "hash": "ABC",
5 | "salt": "123"
6 | }
7 | },
8 | "repair": {
9 | "password": {
10 | "hash": "XYZ",
11 | "salt": "456"
12 | }
13 | },
14 | "power": {
15 | "password": {
16 | "raw": "789"
17 | }
18 | }
19 | }
20 |
--------------------------------------------------------------------------------
/bmc-log-collector/testdata/etc/bmc-user.json:
--------------------------------------------------------------------------------
1 | {
2 | "root": {
3 | "password": {
4 | "hash": "ABC",
5 | "salt": "123"
6 | }
7 | },
8 | "repair": {
9 | "password": {
10 | "hash": "XYZ",
11 | "salt": "456"
12 | }
13 | },
14 | "power": {
15 | "password": {
16 | "raw": "789"
17 | }
18 | },
19 | "support": {
20 | "password": {
21 | "raw": "raw password for support user"
22 | }
23 | }
24 | }
25 |
--------------------------------------------------------------------------------
/bmc-log-collector/testdata/redfish_response/683FPQ3-1.json:
--------------------------------------------------------------------------------
1 | {"@odata.context":"/redfish/v1/$metadata#LogEntryCollection.LogEntryCollection","@odata.id":"/redfish/v1/Managers/iDRAC.Embedded.1/LogServices/Sel/Entries","@odata.type":"#LogEntryCollection.LogEntryCollection","Description":"System Event Logs for this manager","Members":[{"@odata.id":"/redfish/v1/Managers/iDRAC.Embedded.1/LogServices/Sel/Entries/1","@odata.type":"#LogEntry.v1_15_0.LogEntry","Created":"2022-08-31T09:53:17-05:00","Description":"Log Entry 1","EntryCode":"Assert","EntryType":"SEL","GeneratorId":"0x0020","Id":"1","Message":"Log cleared.","MessageArgs":[],"MessageArgs@odata.count":0,"MessageId":"6f02ffff","Name":"Log Entry 1","SensorNumber":114,"SensorType":"Event Logging Disabled","Severity":"OK"}],"Members@odata.count":1,"Name":"Log Entry Collection"}
2 |
--------------------------------------------------------------------------------
/bmc-log-collector/testdata/redfish_response/HN3CLP3-1.json:
--------------------------------------------------------------------------------
1 | {"@odata.context":"/redfish/v1/$metadata#LogEntryCollection.LogEntryCollection","@odata.id":"/redfish/v1/Managers/iDRAC.Embedded.1/LogServices/Sel/Entries","@odata.type":"#LogEntryCollection.LogEntryCollection","Description":"System Event Logs for this manager","Members":[{"@odata.id":"/redfish/v1/Managers/iDRAC.Embedded.1/LogServices/Sel/Entries/1","@odata.type":"#LogEntry.v1_6_1.LogEntry","Created":"2022-06-07T17:04:48-05:00","Description":"Log Entry 1","EntryCode":"Assert","EntryType":"SEL","GeneratorId":"0x0020","Id":"1","Links":{},"Message":"Log cleared.","MessageArgs":[],"MessageArgs@odata.count":0,"MessageId":"6f02ffff","Name":"Log Entry 1","SensorNumber":114,"SensorType":"Event Logging Disabled","Severity":"OK"}],"Members@odata.count":1,"Name":"Log Entry Collection"}
2 |
--------------------------------------------------------------------------------
/bmc-log-collector/testdata/ssl/localCA.csr:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE REQUEST-----
2 | MIICpTCCAY0CAQAwYDELMAkGA1UEBhMCanAxDjAMBgNVBAgMBUNoaWJhMRIwEAYD
3 | VQQHDAlJbnphaS1zaGkxEjAQBgNVBAoMCSJUS1IgSW5jIjELMAkGA1UECwwCaHEx
4 | DDAKBgNVBAMMA2xhYjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMmQ
5 | nWnnbdz2yB1B4BuoByUDRFeG3yOMOGsOJ2DB7Fj2DsHttSuzHSlji/2x6Ayr85H8
6 | H5nBsXmzKZ5H+prmt1Qq8DpKDJ6RPm1+lz/gijX86Xu0ivvvM7rsFXIog50n8S3b
7 | 1auSdbukxP+Zu5rziNgh1xNzvzBbTfJ8ShGak1QT15BUTuBYjcpL1QErbDWUPunG
8 | GKjXiWfSFCEvgdi2EvPL0Kob2CcQrfQF4m0Xlx0YKUtHo7OjFNVsR5JFAtKJDTji
9 | qrxMLDjByhVUg6fXLcRVODcr9IKTMQhgJAVT/j14F8dYQ5i0kiDMQhkRVtWhfo0e
10 | uOiRBhdirfIf5z5vmC0CAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQAls6OxsrBh
11 | ybl/TbS7SdGvpTmJnBNgcHS438BZCdtOar8vjBV5u5w67XGUC/Qhh91Oy3TaoUk+
12 | zUhcQwrJEMxmqclLDoiT70qJm2F3SwAzXW4db+6IZZ6rb1Fsf45VI/Ghqmxd6HzV
13 | jqWTdQy1A86O6nyo2ejcaRZipgDfDLEkdvXIHTYJhtxlAa4hRd3HSpUw0icIanFO
14 | /EXomsarE/xINT8DIN0Z7KBosxRh11FbQec+8X4Xx4Gf8WL7vs+9ioLJAvB8G+qs
15 | Ht9J/qUD11DN/es/qZio6L/91/RyHQf3v8KdCqYGXALYe8V3BiXDfsEm6CmFr+ev
16 | Kd3AWQaLAsYx
17 | -----END CERTIFICATE REQUEST-----
18 |
--------------------------------------------------------------------------------
/bmc-log-collector/testdata/ssl/localCA.srl:
--------------------------------------------------------------------------------
1 | 421468BA684397E62C558B527BC5D95FA69C7D15
2 |
--------------------------------------------------------------------------------
/bmc-log-collector/testdata/ssl/localhost.csr:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE REQUEST-----
2 | MIICqzCCAZMCAQAwZjELMAkGA1UEBhMCanAxDjAMBgNVBAgMBUNoaWJhMRIwEAYD
3 | VQQHDAlJbnphaS1zaGkxEjAQBgNVBAoMCSJUS1IgSW5jIjELMAkGA1UECwwCaHEx
4 | EjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
5 | ggEBAOim7ixg4leZvAp2V4RrAsE5AlnKPbkf5sMEdBY3QeWV4XfsjtnplDqQokCf
6 | tvZ1BYLU9OLHuvnwZ+R7blk9OKzMubkFyRN5IATji15XBtIhly4oi8/nqpZOhOYj
7 | z8Nli0S1+4iN09/Yr0oPDwFNMuOy5H1QLCQxuqG5gLS4KIanONfrhoM9mv9Tca1A
8 | l/nzmRbP+CRxNPR1uKa8M4eFDfIJ19rvwJMRg6AsEfinSyQ+aVQU3WqtZOO3XtFX
9 | H2POgccWquts6sZYloynEWicyq5PPLw+kwpvAspJ9RkEu2mUQzcFJTSmuvfJClg+
10 | 5d8gkTiafOtj/sybwPu+7GCywSsCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQBZ
11 | ssbEfCWe48dJCAsbvxuC/M1IglHgW99B4D4AArdQOyRltUV4qe9qRjVSH6eesImY
12 | NRXG/5OuRiQaEetmviyGxenJC9MZG667h/9Y7Ot5P78d8hRe+Gvq6/M7OdNuOTFj
13 | M2QU1V14GKeNixrMV0fl5BtFoQ9Rrayz9H79cAEDOnFb1D62B7TMXijbFuTOrAQe
14 | Ve05kURipqaWnfvDRdYRBfeEEIh0lrHlqhHknnzF5mGCCCO3mUWlshosrCiMlG7A
15 | GUcTR2qsjT7qSitD8pU9t3M85/v85Ug64hsTn/bm8tHJYezu79Vs8WEzrOiVUAGG
16 | PppwbXBfk1wyfd3F2PX1
17 | -----END CERTIFICATE REQUEST-----
18 |
--------------------------------------------------------------------------------
/bmc-log-collector/testdata/ssl/localhost.csx:
--------------------------------------------------------------------------------
1 | subjectAltName = DNS:localhost, DNS:localhost.localdomain, IP:127.0.0.1, DNS:app, DNS:app.localdomain
2 |
--------------------------------------------------------------------------------
/bmc-reverse-proxy/Dockerfile:
--------------------------------------------------------------------------------
1 | # bmc-reverse-proxy container
2 |
3 | # Stage1: build from source
4 | FROM ghcr.io/cybozu/golang:1.23-noble AS build
5 |
6 | COPY . /work
7 |
8 | WORKDIR /work
9 |
10 | RUN CGO_ENABLED=0 go install -ldflags="-w -s" ./pkg/bmc-reverse-proxy
11 |
12 | # Stage2: setup runtime container
13 | FROM scratch
14 | LABEL org.opencontainers.image.source="https://github.com/cybozu/neco-containers"
15 |
16 | COPY --from=build /go/bin /
17 |
18 | USER 10000:10000
19 | EXPOSE 8443 5900
20 |
21 | ENTRYPOINT ["/bmc-reverse-proxy"]
22 |
--------------------------------------------------------------------------------
/bmc-reverse-proxy/Makefile:
--------------------------------------------------------------------------------
1 | SUDO = sudo
2 | SUDO_GO = $(SUDO) $(shell which go)
3 |
4 | .PHONY: all
5 | all: check-generate test
6 |
7 | .PHONY: setup
8 | setup:
9 | go install github.com/cybozu-go/golang-custom-analyzer/cmd/custom-checker@latest
10 | go install honnef.co/go/tools/cmd/staticcheck@latest
11 |
12 | .PHONY: check-generate
13 | check-generate:
14 | go mod tidy
15 | git diff --exit-code --name-only
16 |
17 | .PHONY: test
18 | test:
19 | test -z "$$(gofmt -s -l . | tee /dev/stderr)"
20 | staticcheck ./...
21 | test -z "$$(custom-checker -restrictpkg.packages=html/template,log ./... 2>&1 | tee /dev/stderr)"
22 | go vet ./...
23 | $(SUDO_GO) test -race -v ./...
24 |
--------------------------------------------------------------------------------
/bmc-reverse-proxy/TAG:
--------------------------------------------------------------------------------
1 | 0.1.31
2 |
--------------------------------------------------------------------------------
/bpf-map-pressure-exporter/.dockerignore:
--------------------------------------------------------------------------------
1 | testdata
2 | *.md
3 | *_test.go
4 |
--------------------------------------------------------------------------------
/bpf-map-pressure-exporter/Dockerfile:
--------------------------------------------------------------------------------
1 | # bpf-map-pressure-exporter container
2 |
3 | # Stage1: build from source
4 | FROM ghcr.io/cybozu/golang:1.24-noble AS build
5 | COPY . /work/src
6 | WORKDIR /work/src
7 | RUN CGO_ENABLED=0 go build -ldflags="-w -s" -o bpf-map-pressure-exporter
8 |
9 | # Stage2: setup runtime container
10 | FROM scratch
11 | LABEL org.opencontainers.image.source="https://github.com/cybozu/neco-containers"
12 |
13 | COPY --from=build /work/src/bpf-map-pressure-exporter /
14 | EXPOSE 8080/tcp
15 | ENTRYPOINT ["/bpf-map-pressure-exporter"]
16 |
--------------------------------------------------------------------------------
/bpf-map-pressure-exporter/Makefile:
--------------------------------------------------------------------------------
1 | SUDO = sudo
2 |
3 | .PHONY: all
4 | all: check-generate test
5 |
6 | .PHONY: check-generate
7 | check-generate:
8 | go mod tidy
9 | git diff --exit-code --name-only
10 |
11 | .PHONY: test
12 | test: staticcheck custom-checker
13 | test -z "$$(gofmt -s -l . | tee /dev/stderr)"
14 | $(STATICCHECK) ./...
15 | test -z "$$($(CUSTOM_CHECKER) -restrictpkg.packages=html/template,log ./... 2>&1 | tee /dev/stderr)"
16 | go vet ./...
17 | go test -c ./...
18 | $(SUDO) ./bpf-map-pressure-exporter.test -test.v
19 | rm -f ./bpf-map-pressure-exporter.test
20 |
21 | include ../tool.mk
22 |
--------------------------------------------------------------------------------
/bpf-map-pressure-exporter/TAG:
--------------------------------------------------------------------------------
1 | 1.0.5
2 |
--------------------------------------------------------------------------------
/bpf-map-pressure-exporter/collector.go:
--------------------------------------------------------------------------------
1 | package main
2 |
3 | import (
4 | "strconv"
5 |
6 | "github.com/prometheus/client_golang/prometheus"
7 | )
8 |
9 | type bpfMapPressureCollector struct {
10 | describe *prometheus.Desc
11 | fetcher IBpfMapPressureFetcher
12 | }
13 |
14 | func newCollector(fetcher IBpfMapPressureFetcher) *bpfMapPressureCollector {
15 | return &bpfMapPressureCollector{
16 | describe: prometheus.NewDesc(
17 | "bpf_map_pressure",
18 | "bpf map pressure",
19 | []string{"map_id", "map_name"},
20 | nil,
21 | ),
22 | fetcher: fetcher,
23 | }
24 | }
25 |
26 | func (c *bpfMapPressureCollector) Describe(ch chan<- *prometheus.Desc) {
27 | ch <- c.describe
28 | }
29 |
30 | func (c *bpfMapPressureCollector) Collect(ch chan<- prometheus.Metric) {
31 | for _, val := range c.fetcher.GetMetrics() {
32 | ch <- prometheus.MustNewConstMetric(
33 | c.describe,
34 | prometheus.GaugeValue,
35 | val.mapPressure,
36 | strconv.FormatUint(uint64(val.mapId), 10), val.mapName,
37 | )
38 | }
39 | }
40 |
--------------------------------------------------------------------------------
/bpf-map-pressure-exporter/config.go:
--------------------------------------------------------------------------------
1 | package main
2 |
3 | import (
4 | "os"
5 | "time"
6 |
7 | "gopkg.in/yaml.v3"
8 | )
9 |
10 | const defaultFetchInterval = 30 * time.Second
11 |
12 | type Config struct {
13 | MapNames []string `yaml:"mapNames"`
14 | FetchInterval time.Duration `yaml:"fetchInterval"`
15 | }
16 |
17 | func loadConfig(path string) (*Config, error) {
18 | f, err := os.Open(path)
19 | if err != nil {
20 | return nil, err
21 | }
22 | defer f.Close()
23 | var cfg Config
24 | if err := yaml.NewDecoder(f).Decode(&cfg); err != nil {
25 | return nil, err
26 | }
27 | if cfg.FetchInterval == 0 {
28 | cfg.FetchInterval = defaultFetchInterval
29 | }
30 | return &cfg, nil
31 | }
32 |
--------------------------------------------------------------------------------
/bpf-map-pressure-exporter/go.mod:
--------------------------------------------------------------------------------
1 | module github.com/cybozu/neco-containers/bpf-map-pressure-exporter
2 |
3 | go 1.23.0
4 |
5 | toolchain go1.24.1
6 |
7 | require (
8 | github.com/cilium/ebpf v0.17.3
9 | github.com/cybozu-go/log v1.7.0
10 | github.com/prometheus/client_golang v1.21.1
11 | github.com/stretchr/testify v1.10.0
12 | golang.org/x/sync v0.12.0
13 | gopkg.in/yaml.v3 v3.0.1
14 | )
15 |
16 | require (
17 | github.com/beorn7/perks v1.0.1 // indirect
18 | github.com/cespare/xxhash/v2 v2.3.0 // indirect
19 | github.com/davecgh/go-spew v1.1.1 // indirect
20 | github.com/klauspost/compress v1.17.11 // indirect
21 | github.com/kylelemons/godebug v1.1.0 // indirect
22 | github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
23 | github.com/pmezard/go-difflib v1.0.0 // indirect
24 | github.com/prometheus/client_model v0.6.1 // indirect
25 | github.com/prometheus/common v0.62.0 // indirect
26 | github.com/prometheus/procfs v0.15.1 // indirect
27 | golang.org/x/sys v0.30.0 // indirect
28 | google.golang.org/protobuf v1.36.1 // indirect
29 | )
30 |
--------------------------------------------------------------------------------
/bpf-map-pressure-exporter/log.go:
--------------------------------------------------------------------------------
1 | package main
2 |
3 | import "github.com/cybozu-go/log"
4 |
5 | var logger *log.Logger
6 |
7 | func init() {
8 | logger = log.NewLogger()
9 | logger.SetFormatter(log.JSONFormat{})
10 | }
11 |
--------------------------------------------------------------------------------
/bpf-map-pressure-exporter/testdata/config.yaml:
--------------------------------------------------------------------------------
1 | mapNames:
2 | - hoge
3 | - fuga
4 | - piyo
5 | fetchInterval: 1m
6 |
--------------------------------------------------------------------------------
/bpf-map-pressure-exporter/testdata/invalid.yaml:
--------------------------------------------------------------------------------
1 | hoge
2 | fuga
3 |
--------------------------------------------------------------------------------
/bpf-map-pressure-exporter/testdata/no-fetch-interval.yaml:
--------------------------------------------------------------------------------
1 | mapNames:
2 | - hoge
3 | - fuga
4 | - piyo
5 |
--------------------------------------------------------------------------------
/bpftrace/.gitignore:
--------------------------------------------------------------------------------
1 | src
2 |
--------------------------------------------------------------------------------
/bpftrace/TAG:
--------------------------------------------------------------------------------
1 | 0.22.1.1
2 |
--------------------------------------------------------------------------------
/cadvisor/.dockerignore:
--------------------------------------------------------------------------------
1 | *
2 |
--------------------------------------------------------------------------------
/cadvisor/Dockerfile:
--------------------------------------------------------------------------------
1 | # cadvisor container
2 |
3 | # Stage1: build from source
4 | FROM ghcr.io/cybozu/golang:1.24-noble AS build
5 |
6 | ARG CADVISOR_VERSION=0.52.1
7 |
8 | SHELL ["/bin/bash", "-o", "pipefail", "-c"]
9 |
10 | WORKDIR /go/src/github.com/google/cadvisor
11 | RUN curl -fsSL -o cadvisor.tar.gz "https://github.com/google/cadvisor/archive/v${CADVISOR_VERSION}.tar.gz" \
12 | && tar -x -z --strip-components 1 -f cadvisor.tar.gz \
13 | && rm -f cadvisor.tar.gz \
14 | && cd cmd \
15 | && CGO_ENABLED=0 go build -tags netgo -ldflags="-w -s" -o cadvisor .
16 |
17 | # Stage2: setup runtime container
18 | FROM scratch
19 | LABEL org.opencontainers.image.source="https://github.com/cybozu/neco-containers"
20 |
21 | COPY --from=build /go/src/github.com/google/cadvisor/cmd/cadvisor /cadvisor
22 | COPY --from=build /go/src/github.com/google/cadvisor/LICENSE /LICENSE
23 |
24 | EXPOSE 8080
25 |
26 | ENTRYPOINT ["/cadvisor", "-logtostderr"]
27 |
--------------------------------------------------------------------------------
/cadvisor/README.md:
--------------------------------------------------------------------------------
1 | cadvisor
2 | ========
3 |
4 | cAdvisor (Container Advisor) provides container users an understanding of the resource usage and performance characteristics of their running containers.
5 |
6 | - [cAdvisor](https://github.com/google/cadvisor)
7 |
8 | Docker images
9 | -------------
10 |
11 | Docker images are available on [ghcr.io](https://github.com/cybozu/neco-containers/pkgs/container/cadvisor)
12 |
--------------------------------------------------------------------------------
/cadvisor/TAG:
--------------------------------------------------------------------------------
1 | 0.52.1.1
2 |
--------------------------------------------------------------------------------
/cep-checker/.gitignore:
--------------------------------------------------------------------------------
1 | cep-checker
2 | bin
3 |
--------------------------------------------------------------------------------
/cep-checker/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM ghcr.io/cybozu/golang:1.24-noble AS build
2 | COPY . /work/src
3 | WORKDIR /work/src
4 | RUN CGO_ENABLED=0 go build -ldflags="-w -s" -o cep-checker
5 |
6 | FROM scratch
7 | LABEL org.opencontainers.image.source="https://github.com/cybozu/neco-containers"
8 |
9 | COPY --from=build /work/src/cep-checker /
10 | EXPOSE 8080/tcp
11 | ENTRYPOINT ["/cep-checker"]
12 |
--------------------------------------------------------------------------------
/cep-checker/Makefile:
--------------------------------------------------------------------------------
1 |
2 | .PHONEY: build
3 | build:
4 | CGO_ENABLED=0 go build -ldflags="-w -s" -o cep-checker .
5 |
6 | .PHONEY: test
7 | test:
8 | $(MAKE) -C e2e setup
9 | $(MAKE) -C e2e start
10 | $(MAKE) -C e2e install-cilium
11 | $(MAKE) -C e2e test
12 | $(MAKE) -C e2e stop
13 |
14 | .PHONEY: docker-build
15 | docker-build:
16 | docker build -t ghcr.io/cybozu/cep-checker:dev .
17 |
--------------------------------------------------------------------------------
/cep-checker/README.md:
--------------------------------------------------------------------------------
1 | # cep-checker
2 |
3 | cep-checker checks the consistency between Pod and CiliumEndpoint.
4 |
5 | ## Usage
6 |
7 | ```
8 | $ ./cep-checker -h
9 | cep-checker checks missing Pods or CiliumEndpoints
10 |
11 | Usage:
12 | cep-checker [flags]
13 |
14 | Flags:
15 | -h, --help help for cep-checker
16 | -i, --interval duration Interval to check missing CEPs or Pods (default 30s)
17 | -m, --metrics-server string Metrics server address and port (default "0.0.0.0:8080")
18 | -v, --version version for cep-checker
19 | ```
20 |
21 | ## Metrics
22 |
23 | ```
24 | // Gauge
25 | cep_checker_missing{name="cep name", namespace="namespace", resource="cep"}
26 | cep_checker_missing{name="pod name", namespace="namespace", resource="pod"}
27 | ```
28 |
--------------------------------------------------------------------------------
/cep-checker/TAG:
--------------------------------------------------------------------------------
1 | 1.0.4
2 |
--------------------------------------------------------------------------------
/cep-checker/e2e/curl.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Pod
3 | metadata:
4 | name: curl
5 | namespace: default
6 | spec:
7 | containers:
8 | - name: ubuntu
9 | image: ghcr.io/cybozu/ubuntu:22.04
10 | command: ["/bin/sleep", "3650d"]
11 | imagePullPolicy: IfNotPresent
12 | securityContext:
13 | runAsUser: 1000
14 | runAsGroup: 1000
15 | sysctls:
16 | - name: net.ipv4.ping_group_range
17 | value: 0 10000
18 | restartPolicy: Always
--------------------------------------------------------------------------------
/cep-checker/e2e/job.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: batch/v1
2 | kind: Job
3 | metadata:
4 | name: test
5 | namespace: test
6 | spec:
7 | template:
8 | spec:
9 | containers:
10 | - name: ubuntu
11 | image: ghcr.io/cybozu/ubuntu:22.04
12 | command: ["/bin/sleep", "10m"]
13 | restartPolicy: Never
14 | backoffLimit: 4
--------------------------------------------------------------------------------
/cep-checker/e2e/kind.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kind.x-k8s.io/v1alpha4
2 | kind: Cluster
3 | networking:
4 | disableDefaultCNI: true
5 | nodes:
6 | - role: control-plane
7 |
--------------------------------------------------------------------------------
/cep-checker/e2e/pod.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Pod
3 | metadata:
4 | name: test
5 | namespace: test
6 | spec:
7 | containers:
8 | - name: ubuntu
9 | image: ghcr.io/cybozu/ubuntu:22.04
10 | command: ["/bin/sleep", "3650d"]
11 | imagePullPolicy: IfNotPresent
12 | securityContext:
13 | runAsUser: 1000
14 | runAsGroup: 1000
15 | sysctls:
16 | - name: net.ipv4.ping_group_range
17 | value: 0 10000
18 | restartPolicy: Always
19 |
--------------------------------------------------------------------------------
/cep-checker/e2e/run_test.go:
--------------------------------------------------------------------------------
1 | package e2e
2 |
3 | import (
4 | "bytes"
5 | "fmt"
6 | "os/exec"
7 | )
8 |
9 | func kubectl(input []byte, args ...string) ([]byte, error) {
10 | stdout := new(bytes.Buffer)
11 | stderr := new(bytes.Buffer)
12 | cmd := exec.Command("../bin/kubectl", args...)
13 | cmd.Stdout = stdout
14 | cmd.Stderr = stderr
15 | if input != nil {
16 | cmd.Stdin = bytes.NewReader(input)
17 | }
18 | err := cmd.Run()
19 | if err == nil {
20 | return stdout.Bytes(), nil
21 | }
22 | return nil, fmt.Errorf("kubectl failed with %s: stderr=%s", err, stderr)
23 | }
24 |
--------------------------------------------------------------------------------
/ceph-extra-exporter/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM ghcr.io/cybozu/golang:1.23-noble AS builder
2 |
3 | WORKDIR /work
4 |
5 | COPY . .
6 |
7 | RUN go build -o ceph-extra-exporter
8 |
9 | FROM ghcr.io/cybozu/ceph:19.2.2.1
10 | LABEL org.opencontainers.image.source="https://github.com/cybozu/neco-containers"
11 |
12 | COPY --from=builder /work/ceph-extra-exporter /
13 |
14 | USER 1001:1001
15 | EXPOSE 8080/tcp
16 |
17 | ENTRYPOINT [ "/ceph-extra-exporter" ]
18 |
--------------------------------------------------------------------------------
/ceph-extra-exporter/Makefile:
--------------------------------------------------------------------------------
1 | SUDO = sudo
2 | SUDO_GO = $(SUDO) $(shell which go)
3 |
4 | .PHONY: all
5 | all: check-generate test
6 |
7 | .PHONY: check-generate
8 | check-generate:
9 | go mod tidy
10 | git diff --exit-code --name-only
11 |
12 | .PHONY: test
13 | test: staticcheck custom-checker
14 | test -z "$$(gofmt -s -l . | tee /dev/stderr)"
15 | $(STATICCHECK) ./...
16 | test -z "$$($(CUSTOM_CHECKER) -restrictpkg.packages=html/template,log ./... 2>&1 | tee /dev/stderr)"
17 | go vet ./...
18 | $(SUDO_GO) test -race -v ./...
19 |
20 | include ../tool.mk
21 |
--------------------------------------------------------------------------------
/ceph-extra-exporter/TAG:
--------------------------------------------------------------------------------
1 | 0.3.7
2 |
--------------------------------------------------------------------------------
/ceph-extra-exporter/go.mod:
--------------------------------------------------------------------------------
1 | module github.com/cybozu/neco-containers/ceph-extra-exporter
2 |
3 | go 1.23.3
4 |
5 | require (
6 | github.com/prometheus/client_golang v1.21.1
7 | github.com/stretchr/testify v1.10.0
8 | )
9 |
10 | require (
11 | github.com/beorn7/perks v1.0.1 // indirect
12 | github.com/cespare/xxhash/v2 v2.3.0 // indirect
13 | github.com/davecgh/go-spew v1.1.1 // indirect
14 | github.com/klauspost/compress v1.18.0 // indirect
15 | github.com/kr/text v0.2.0 // indirect
16 | github.com/kylelemons/godebug v1.1.0 // indirect
17 | github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
18 | github.com/pmezard/go-difflib v1.0.0 // indirect
19 | github.com/prometheus/client_model v0.6.1 // indirect
20 | github.com/prometheus/common v0.62.0 // indirect
21 | github.com/prometheus/procfs v0.15.1 // indirect
22 | github.com/rogpeppe/go-internal v1.12.0 // indirect
23 | golang.org/x/sys v0.31.0 // indirect
24 | google.golang.org/protobuf v1.36.5 // indirect
25 | gopkg.in/yaml.v3 v3.0.1 // indirect
26 | )
27 |
--------------------------------------------------------------------------------
/ceph-extra-exporter/log.go:
--------------------------------------------------------------------------------
1 | package main
2 |
3 | import (
4 | "log/slog"
5 | "os"
6 | )
7 |
8 | var logger *slog.Logger
9 |
10 | func init() {
11 | hostname, err := os.Hostname()
12 | if err != nil {
13 | panic(err)
14 | }
15 |
16 | logger = slog.New(slog.NewJSONHandler(os.Stderr, &slog.HandlerOptions{
17 | ReplaceAttr: func(groups []string, a slog.Attr) slog.Attr {
18 | switch a.Key {
19 | case slog.TimeKey:
20 | a.Key = "logged_at"
21 | case slog.LevelKey:
22 | a.Key = "severity"
23 | case slog.MessageKey:
24 | a.Key = "message"
25 | }
26 | return a
27 | },
28 | })).With(slog.String("utsname", hostname))
29 | }
30 |
--------------------------------------------------------------------------------
/ceph/.dockerignore:
--------------------------------------------------------------------------------
1 | # avoid the error like below
2 | # ERROR: failed to solve: error from sender: open ceph/src/ceph/debian/tmp/foo.bar: permission denied
3 | src/ceph
4 |
--------------------------------------------------------------------------------
/ceph/BRANCH:
--------------------------------------------------------------------------------
1 | 19.2
2 |
--------------------------------------------------------------------------------
/ceph/README.md:
--------------------------------------------------------------------------------
1 | Ceph container
2 | ==============
3 |
4 | Build Docker container image for [Ceph][], a distributed object, block, and file storage platform.
5 |
6 | Usage
7 | -----
8 |
9 | This container image assumes to be used by Rook.
10 | To use in Rook, you need to write a manifest of the custom resource CephCluster with this image.
11 |
12 | [Ceph]: https://github.com/ceph/ceph
13 |
14 | Docker images
15 | -------------
16 |
17 | Docker images are available on [ghcr.io](https://github.com/cybozu/neco-containers/pkgs/container/ceph)
18 |
--------------------------------------------------------------------------------
/ceph/TAG:
--------------------------------------------------------------------------------
1 | 19.2.2.1
2 |
--------------------------------------------------------------------------------
/cephcsi/BRANCH:
--------------------------------------------------------------------------------
1 | 3.14
2 |
--------------------------------------------------------------------------------
/cephcsi/TAG:
--------------------------------------------------------------------------------
1 | 3.14.0.1
2 |
--------------------------------------------------------------------------------
/cert-manager/.dockerignore:
--------------------------------------------------------------------------------
1 | *
2 | !work
3 |
--------------------------------------------------------------------------------
/cert-manager/BRANCH:
--------------------------------------------------------------------------------
1 | 1.17
2 |
--------------------------------------------------------------------------------
/cert-manager/README.md:
--------------------------------------------------------------------------------
1 | cert-manager container
2 | ======================
3 |
4 | This directory provides a Dockerfile to build a Docker container
5 | that runs [cert-manager](https://github.com/cert-manager/cert-manager).
6 |
7 | Usage
8 | -----
9 |
10 | ### Start `cert-manager`
11 |
12 | Run the container
13 |
14 | ```console
15 | $ docker run -d --read-only --name=cert-manager-controller \
16 | ghcr.io/cybozu/cert-manager:1.17 controller
17 | ```
18 |
19 | License
20 | -------
21 |
22 | [LICENSES](https://github.com/cert-manager/cert-manager/blob/master/LICENSES) is a file bundled with all LICENSE files under the `vendor` directory.
23 |
24 | Docker images
25 | -------------
26 |
27 | Docker images are available on [ghcr.io](https://github.com/cybozu/neco-containers/pkgs/container/cert-manager)
28 |
--------------------------------------------------------------------------------
/cert-manager/TAG:
--------------------------------------------------------------------------------
1 | 1.17.1.1
2 |
--------------------------------------------------------------------------------
/chrony/.dockerignore:
--------------------------------------------------------------------------------
1 | *
2 | !chrony.conf.example
3 |
--------------------------------------------------------------------------------
/chrony/BRANCH:
--------------------------------------------------------------------------------
1 | 4.6
2 |
--------------------------------------------------------------------------------
/chrony/README.md:
--------------------------------------------------------------------------------
1 | [Chrony][] container
2 | ================
3 |
4 | Build Docker container image for [Chrony][] NTP server/client.
5 |
6 | Features
7 | --------
8 |
9 | - Chrony based on Ubuntu.
10 | - Multi-stage build to minimize the container size.
11 |
12 | Usage
13 | -----
14 |
15 | ### Start `chronyd`
16 |
17 | 1. Prepare chrony.conf
18 | 1. Run the container
19 | ```console
20 | $ docker run -d --read-only --name=chrony \
21 | --mount type=bind,source=/your/chrony.conf,target=/etc/chrony.conf,readonly \
22 | --mount type=tmpfs,destination=/run/chrony,tmpfs-mode=700 \
23 | --mount type=tmpfs,destination=/var/lib/chrony,tmpfs-mode=755 \
24 | --publish=123:123/udp \
25 | --cap-drop ALL \
26 | --cap-add SYS_TIME \
27 | --cap-add NET_BIND_SERVICE \
28 | ghcr.io/cybozu/chrony:4.6
29 | ```
30 |
31 | ### Use `chronyc`
32 |
33 | ```console
34 | $ docker exec -it chrony chronyc tracking
35 | ```
36 |
37 | [Chrony]: https://chrony.tuxfamily.org/
38 |
39 | Docker images
40 | -------------
41 |
42 | Docker images are available on [ghcr.io](https://github.com/cybozu/neco-containers/pkgs/container/chrony)
43 |
--------------------------------------------------------------------------------
/chrony/TAG:
--------------------------------------------------------------------------------
1 | 4.6.1.2
2 |
--------------------------------------------------------------------------------
/chrony/chrony.conf.example:
--------------------------------------------------------------------------------
1 | # Use public NTP servers from the pool.ntp.org project.
2 | pool pool.ntp.org iburst
3 |
4 | # Record the rate at which the system clock gains/losses time.
5 | driftfile /var/lib/chrony/drift
6 |
7 | # Allow the system clock to be stepped in the first three updates
8 | # if its offset is larger than 1 second.
9 | makestep 1.0 3
10 |
11 | # Enable kernel synchronization of the real-time clock (RTC).
12 | rtcsync
13 |
14 | # Allowing command operation from arbitrary address for debugging.
15 | # Don't use these settings at production environments.
16 | # cmdallow all
17 | # bindcmdaddress 0.0.0.0
18 | # bindcmdaddress ::
19 |
--------------------------------------------------------------------------------
/cilium-certgen/.dockerignore:
--------------------------------------------------------------------------------
1 | *
2 | !TAG
3 |
--------------------------------------------------------------------------------
/cilium-certgen/BRANCH:
--------------------------------------------------------------------------------
1 | 0.1
2 |
--------------------------------------------------------------------------------
/cilium-certgen/Dockerfile:
--------------------------------------------------------------------------------
1 | ARG BASE_IMAGE=scratch
2 | ARG GOLANG_IMAGE=ghcr.io/cybozu/golang:1.23-jammy
3 |
4 | # Stage1: build
5 | FROM ${GOLANG_IMAGE} as build
6 |
7 | COPY TAG /
8 |
9 | WORKDIR /go/src/github.com/cilium/certgen
10 | RUN VERSION=$(cut -d \. -f 1,2,3 < /TAG ) \
11 | && curl -fsSL "https://github.com/cilium/certgen/archive/v${VERSION}.tar.gz" | \
12 | tar xzf - --strip-components 1 \
13 | && CGO_ENABLED=0 go build -o cilium-certgen main.go
14 |
15 | # Stage2: runtime
16 | FROM ${BASE_IMAGE}
17 | LABEL org.opencontainers.image.source="https://github.com/cybozu/neco-containers"
18 |
19 | COPY --from=build /go/src/github.com/cilium/certgen/cilium-certgen /usr/bin/cilium-certgen
20 | COPY --from=build /go/src/github.com/cilium/certgen/LICENSE /LICENSE
21 |
22 | USER 10000:10000
23 |
24 | ENTRYPOINT ["/usr/bin/cilium-certgen"]
25 |
--------------------------------------------------------------------------------
/cilium-certgen/README.md:
--------------------------------------------------------------------------------
1 | Cilium certgen container
2 | ================
3 |
4 | This directory provides the Dockerfile for building a container image containing [cilium-certgen](https://github.com/cilium/certgen). The image includes only the `cilium-certgen` binary.
5 |
6 | Docker images
7 | -------------
8 |
9 | Docker images are available on [ghcr.io](https://ghcr.io/cybozu/cilium-certgen)
10 |
--------------------------------------------------------------------------------
/cilium-certgen/TAG:
--------------------------------------------------------------------------------
1 | 0.1.15.1
2 |
--------------------------------------------------------------------------------
/cilium-operator-generic/.dockerignore:
--------------------------------------------------------------------------------
1 | *
2 | !TAG
3 | !*.patch
4 |
--------------------------------------------------------------------------------
/cilium-operator-generic/BRANCH:
--------------------------------------------------------------------------------
1 | 1.15
2 |
--------------------------------------------------------------------------------
/cilium-operator-generic/README.md:
--------------------------------------------------------------------------------
1 | Cilium operator container
2 | ================
3 |
4 | This directory provides the Dockerfile for building a container image containing Cilium's [operator-generic](https://github.com/cilium/cilium). The image includes only the `cilium-operator` binary.
5 |
6 | Docker images
7 | -------------
8 |
9 | Docker images are available on [ghcr.io](https://ghcr.io/cybozu/cilium-operator-generic)
10 |
--------------------------------------------------------------------------------
/cilium-operator-generic/TAG:
--------------------------------------------------------------------------------
1 | 1.15.13.2
2 |
--------------------------------------------------------------------------------
/cilium/.dockerignore:
--------------------------------------------------------------------------------
1 | *
2 | !TAG
3 | !src/cilium
4 | !src/image-tools
5 | !src/proxy
6 | !src/workspace
7 | !*.patch
8 |
--------------------------------------------------------------------------------
/cilium/.gitignore:
--------------------------------------------------------------------------------
1 | e2e/bin
2 | src
3 |
--------------------------------------------------------------------------------
/cilium/BRANCH:
--------------------------------------------------------------------------------
1 | 1.15
2 |
--------------------------------------------------------------------------------
/cilium/README.md:
--------------------------------------------------------------------------------
1 | Cilium container
2 | ================
3 |
4 | This directory provides the Dockerfile for building a container image containing [cilium-agent](https://github.com/cilium/cilium) and related binaries: `cilium`, `envoy`, `cilium-health` and `hubble-cli`.
5 |
6 | Docker images
7 | -------------
8 |
9 | Docker images are available on [ghcr.io](https://github.com/cybozu/neco-containers/pkgs/container/cilium)
10 |
--------------------------------------------------------------------------------
/cilium/TAG:
--------------------------------------------------------------------------------
1 | 1.15.13.3
2 |
--------------------------------------------------------------------------------
/cilium/e2e/values.yaml:
--------------------------------------------------------------------------------
1 | autoDirectNodeRoutes: true
2 | devices: eth+
3 | enableIPv6Masquerade: false
4 | hubble:
5 | enabled: true
6 | relay:
7 | enabled: true
8 | image:
9 | useDigest: false
10 | image:
11 | pullPolicy: Never
12 | useDigest: false
13 | ipv4NativeRoutingCIDR: 10.244.0.0/16
14 | ipv6:
15 | enabled: false
16 | kubeProxyReplacement: true
17 | loadBalancer:
18 | acceleration: disabled
19 | dsrDispatch: geneve
20 | mode: dsr
21 | routingMode: native
22 | tunnelProtocol: geneve
23 |
--------------------------------------------------------------------------------
/configmap-reload/.dockerignore:
--------------------------------------------------------------------------------
1 | *
2 |
--------------------------------------------------------------------------------
/configmap-reload/Dockerfile:
--------------------------------------------------------------------------------
1 | # configmap-reload container
2 |
3 | # Stage1: build from source
4 | FROM ghcr.io/cybozu/golang:1.24-noble AS build
5 |
6 | ARG CONFIGMAP_RELOAD_VERSION=0.14.0
7 |
8 | # Workaround https://github.com/ksonnet/ksonnet/issues/298#issuecomment-360531855
9 | ENV USER=root
10 | SHELL ["/bin/bash", "-o", "pipefail", "-c"]
11 |
12 | WORKDIR /go/src/github.com/jimmidyson/configmap-reload
13 | RUN curl -fsSL -o configmap-reload.tar.gz "https://github.com/jimmidyson/configmap-reload/archive/v${CONFIGMAP_RELOAD_VERSION}.tar.gz" \
14 | && tar -x -z --strip-components 1 -f configmap-reload.tar.gz \
15 | && rm -f configmap-reload.tar.gz \
16 | && CGO_ENABLED=0 go install --installsuffix cgo -ldflags="-w -s -extldflags '-static'" ./
17 |
18 | # Stage2: setup runtime container
19 | FROM scratch
20 | LABEL org.opencontainers.image.source="https://github.com/cybozu/neco-containers"
21 |
22 | COPY --from=build /go/bin/configmap-reload /configmap-reload
23 | COPY --from=build /go/src/github.com/jimmidyson/configmap-reload/LICENSE.txt /LICENSE.txt
24 |
25 | USER 10000:10000
26 |
27 | ENTRYPOINT ["/configmap-reload"]
28 |
--------------------------------------------------------------------------------
/configmap-reload/README.md:
--------------------------------------------------------------------------------
1 | configmap-reload
2 | ================
3 |
4 | Simple binary to trigger a reload when a Kubernetes ConfigMap is updated
5 |
6 | - [configmap-reload](https://github.com/jimmidyson/configmap-reload)
7 |
8 | Docker images
9 | -------------
10 |
11 | Docker images are available on [ghcr.io](https://github.com/cybozu/neco-containers/pkgs/container/configmap-reload)
12 |
--------------------------------------------------------------------------------
/configmap-reload/TAG:
--------------------------------------------------------------------------------
1 | 0.14.0.2
2 |
--------------------------------------------------------------------------------
/contour/.dockerignore:
--------------------------------------------------------------------------------
1 | *
2 |
--------------------------------------------------------------------------------
/contour/BRANCH:
--------------------------------------------------------------------------------
1 | 1.30
2 |
--------------------------------------------------------------------------------
/contour/Dockerfile:
--------------------------------------------------------------------------------
1 | # Contour container image
2 |
3 | # Stage1: build from source
4 | FROM ghcr.io/cybozu/golang:1.24-noble AS build
5 |
6 | ARG CONTOUR_VERSION=1.30.2
7 |
8 | SHELL ["/bin/bash", "-o", "pipefail", "-c"]
9 | RUN curl -sSLf https://github.com/projectcontour/contour/archive/v${CONTOUR_VERSION}.tar.gz | \
10 | tar zxf - -C /work/ \
11 | && mv contour-${CONTOUR_VERSION} /work/contour
12 |
13 | WORKDIR /work/contour/
14 |
15 | RUN make build \
16 | CGO_ENABLED=0 \
17 | GOOS=linux
18 |
19 | # Stage2: setup runtime container
20 | FROM scratch
21 | LABEL org.opencontainers.image.source="https://github.com/cybozu/neco-containers"
22 |
23 | COPY --from=build /work/contour/contour /bin/contour
24 | COPY --from=build /work/contour/LICENSE /LICENSE
25 |
26 | USER 10000:10000
27 |
28 | ENTRYPOINT ["/bin/contour"]
29 |
--------------------------------------------------------------------------------
/contour/README.md:
--------------------------------------------------------------------------------
1 | Contour container
2 | =================
3 |
4 | Build Docker container image for [Contour][], Kubernetes ingress controller using Lyft's Envoy proxy.
5 |
6 | Usage
7 | -----
8 |
9 | ### Start `contour`
10 |
11 | Run the container
12 |
13 | ```console
14 | $ docker run -d --read-only --name=contour \
15 | ghcr.io/cybozu/contour:1.30 serve
16 | ```
17 |
18 | [Contour]: https://github.com/heptio/contour
19 |
20 | Docker images
21 | -------------
22 |
23 | Docker images are available on [ghcr.io](https://github.com/cybozu/neco-containers/pkgs/container/contour)
24 |
--------------------------------------------------------------------------------
/contour/TAG:
--------------------------------------------------------------------------------
1 | 1.30.2.1
2 |
--------------------------------------------------------------------------------
/coredns/.dockerignore:
--------------------------------------------------------------------------------
1 | *
2 |
--------------------------------------------------------------------------------
/coredns/BRANCH:
--------------------------------------------------------------------------------
1 | 1.12
2 |
--------------------------------------------------------------------------------
/coredns/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM ghcr.io/cybozu/golang:1.23-noble AS build
2 |
3 | ARG COREDNS_VERSION=1.12.0
4 |
5 | SHELL ["/bin/bash", "-o", "pipefail", "-c"]
6 | RUN curl -sSLf https://github.com/coredns/coredns/archive/v${COREDNS_VERSION}.tar.gz | \
7 | tar zxf - -C /work/ \
8 | && mkdir -p /go/src/github.com/coredns/ \
9 | && mv coredns-${COREDNS_VERSION} /go/src/github.com/coredns/coredns
10 |
11 | WORKDIR /go/src/github.com/coredns/coredns/
12 | RUN make
13 |
14 | FROM ghcr.io/cybozu/ubuntu:24.04
15 | LABEL org.opencontainers.image.source="https://github.com/cybozu/neco-containers"
16 |
17 | COPY --from=build /go/src/github.com/coredns/coredns/LICENSE /usr/local/coredns/LICENSE
18 | COPY --from=build /go/src/github.com/coredns/coredns/coredns /usr/local/coredns/bin/coredns
19 | ENV PATH=/usr/local/coredns/bin:"$PATH"
20 |
21 | USER 10000:10000
22 | EXPOSE 1053 1053/udp
23 | ENTRYPOINT ["coredns"]
24 |
--------------------------------------------------------------------------------
/coredns/README.md:
--------------------------------------------------------------------------------
1 | # CoreDNS container
2 |
3 | [CoreDNS](https://coredns.io/) is DNS server typically used on Kubernetes.
4 |
5 | ## Usage
6 |
7 | To launch server with specific config file.
8 |
9 | $ docker run ghcr.io/cybozu/coredns:1.12 -v Corefile:/etc/coredns/Corefile -- \
10 | -conf /etc/coredns/Corefile
11 |
12 | ## Docker images
13 |
14 | Docker images are available on [ghcr.io](https://github.com/cybozu/neco-containers/pkgs/container/coredns)
15 |
--------------------------------------------------------------------------------
/coredns/TAG:
--------------------------------------------------------------------------------
1 | 1.12.0.1
2 |
--------------------------------------------------------------------------------
/csa_update.svg:
--------------------------------------------------------------------------------
1 |
8 |
--------------------------------------------------------------------------------
/csi-addons-controller/BRANCH:
--------------------------------------------------------------------------------
1 | 0.12
2 |
--------------------------------------------------------------------------------
/csi-addons-controller/Dockerfile:
--------------------------------------------------------------------------------
1 | ARG SRC_DIR=/work/go/src/github.com/csi-addons/kubernetes-csi-addons
2 | # Build the manager binary
3 | FROM ghcr.io/cybozu/golang:1.24-noble AS builder
4 |
5 | ARG SRC_DIR
6 | ARG VERSION=0.12.0
7 |
8 | SHELL ["/bin/bash", "-o", "pipefail", "-c"]
9 |
10 | RUN git clone -b v${VERSION} --depth=1 https://github.com/csi-addons/kubernetes-csi-addons.git ${SRC_DIR}
11 |
12 | ENV CGO_ENABLED=0
13 | WORKDIR ${SRC_DIR}
14 |
15 | # Build
16 | RUN make build
17 |
18 | # Use distroless as minimal base image to package the manager binary
19 | # Refer to https://github.com/GoogleContainerTools/distroless for more details
20 | FROM gcr.io/distroless/static:nonroot
21 | ARG SRC_DIR
22 | WORKDIR /
23 | COPY --from=builder ${SRC_DIR}/bin/csi-addons-manager .
24 | USER 65532:65532
25 |
26 | ENTRYPOINT ["/csi-addons-manager"]
27 |
--------------------------------------------------------------------------------
/csi-addons-controller/TAG:
--------------------------------------------------------------------------------
1 | 0.12.0.1
2 |
--------------------------------------------------------------------------------
/csi-addons-sidecar/BRANCH:
--------------------------------------------------------------------------------
1 | 0.12
2 |
--------------------------------------------------------------------------------
/csi-addons-sidecar/Dockerfile:
--------------------------------------------------------------------------------
1 | ARG SRC_DIR=/work/go/src/github.com/csi-addons/kubernetes-csi-addons
2 | # Build the sidecar binary
3 | FROM ghcr.io/cybozu/golang:1.24-noble AS builder
4 |
5 | ARG SRC_DIR
6 | ARG VERSION=0.12.0
7 |
8 | SHELL ["/bin/bash", "-o", "pipefail", "-c"]
9 |
10 | RUN git clone -b v${VERSION} --depth=1 https://github.com/csi-addons/kubernetes-csi-addons.git ${SRC_DIR}
11 |
12 | ENV CGO_ENABLED=0
13 | WORKDIR ${SRC_DIR}
14 |
15 | # Build the sidecar and csi-addons tool for admin usage and testing
16 | RUN make build
17 |
18 | # Use distroless as minimal base image to package the sidecar binary
19 | # Refer to https://github.com/GoogleContainerTools/distroless for more details
20 | # DL3007 ignored as it asks to pin the version explicitly to a release tag
21 | # hadolint ignore=DL3007
22 | FROM gcr.io/distroless/static:latest
23 | ARG SRC_DIR
24 | WORKDIR /
25 | COPY --from=builder ${SRC_DIR}/bin/csi-addons-sidecar /usr/sbin/
26 | COPY --from=builder ${SRC_DIR}/bin/csi-addons /usr/bin/
27 |
28 | ENTRYPOINT ["/usr/sbin/csi-addons-sidecar"]
29 |
--------------------------------------------------------------------------------
/csi-addons-sidecar/TAG:
--------------------------------------------------------------------------------
1 | 0.12.0.1
2 |
--------------------------------------------------------------------------------
/csi-attacher/BRANCH:
--------------------------------------------------------------------------------
1 | 4.8
2 |
--------------------------------------------------------------------------------
/csi-attacher/Dockerfile:
--------------------------------------------------------------------------------
1 | # Stage1: build from source
2 | FROM ghcr.io/cybozu/golang:1.24-noble AS build
3 |
4 | ARG SRC_DIR=/work/go/src/github.com/kubernetes-csi/external-attacher
5 | ARG VERSION=4.8.0
6 |
7 | SHELL ["/bin/bash", "-o", "pipefail", "-c"]
8 |
9 | RUN git clone -b v${VERSION} --depth=1 https://github.com/kubernetes-csi/external-attacher.git ${SRC_DIR}
10 |
11 | WORKDIR ${SRC_DIR}
12 |
13 | RUN make
14 |
15 | # Stage2: setup runtime container
16 | FROM ghcr.io/cybozu/ubuntu:22.04
17 | LABEL org.opencontainers.image.source="https://github.com/cybozu/neco-containers"
18 |
19 | ARG SRC_DIR=/work/go/src/github.com/kubernetes-csi/external-attacher
20 | LABEL description="CSI External Attacher"
21 |
22 | COPY --from=build ${SRC_DIR}/bin/csi-attacher /
23 | ENTRYPOINT ["/csi-attacher"]
24 |
--------------------------------------------------------------------------------
/csi-attacher/TAG:
--------------------------------------------------------------------------------
1 | 4.8.0.2
2 |
--------------------------------------------------------------------------------
/csi-node-driver-registrar/BRANCH:
--------------------------------------------------------------------------------
1 | 2.13
2 |
--------------------------------------------------------------------------------
/csi-node-driver-registrar/Dockerfile:
--------------------------------------------------------------------------------
1 | # Stage1: build from source
2 | FROM ghcr.io/cybozu/golang:1.24-noble AS build
3 |
4 | ARG SRC_DIR=/work/go/src/github.com/kubernetes-csi/node-driver-registrar
5 | ARG VERSION=2.13.0
6 |
7 | SHELL ["/bin/bash", "-o", "pipefail", "-c"]
8 |
9 | RUN git clone -b v${VERSION} --depth=1 https://github.com/kubernetes-csi/node-driver-registrar.git ${SRC_DIR}
10 |
11 | WORKDIR ${SRC_DIR}
12 |
13 | RUN make
14 |
15 | # Stage2: setup runtime container
16 | FROM ghcr.io/cybozu/ubuntu:22.04
17 | LABEL org.opencontainers.image.source="https://github.com/cybozu/neco-containers"
18 |
19 | ARG SRC_DIR=/work/go/src/github.com/kubernetes-csi/node-driver-registrar
20 | LABEL description="CSI Node driver registrar"
21 |
22 | COPY --from=build ${SRC_DIR}/bin/csi-node-driver-registrar /
23 | ENTRYPOINT ["/csi-node-driver-registrar"]
24 |
--------------------------------------------------------------------------------
/csi-node-driver-registrar/TAG:
--------------------------------------------------------------------------------
1 | 2.13.0.2
2 |
--------------------------------------------------------------------------------
/csi-provisioner/BRANCH:
--------------------------------------------------------------------------------
1 | 5.1
2 |
--------------------------------------------------------------------------------
/csi-provisioner/Dockerfile:
--------------------------------------------------------------------------------
1 | # Stage1: build from source
2 | FROM ghcr.io/cybozu/golang:1.24-noble AS build
3 |
4 | ARG SRC_DIR=/work/go/src/github.com/kubernetes-csi/external-provisioner
5 | ARG VERSION=5.1.0
6 |
7 | SHELL ["/bin/bash", "-o", "pipefail", "-c"]
8 |
9 | RUN git clone -b v${VERSION} --depth=1 https://github.com/kubernetes-csi/external-provisioner.git ${SRC_DIR}
10 |
11 | WORKDIR ${SRC_DIR}
12 |
13 | RUN make
14 |
15 | # Stage2: setup runtime container
16 | FROM ghcr.io/cybozu/ubuntu:22.04
17 | LABEL org.opencontainers.image.source="https://github.com/cybozu/neco-containers"
18 |
19 | ARG SRC_DIR=/work/go/src/github.com/kubernetes-csi/external-provisioner
20 | LABEL description="CSI External Provisioner"
21 |
22 | COPY --from=build ${SRC_DIR}/bin/csi-provisioner /
23 | ENTRYPOINT ["/csi-provisioner"]
24 |
--------------------------------------------------------------------------------
/csi-provisioner/TAG:
--------------------------------------------------------------------------------
1 | 5.1.0.2
2 |
--------------------------------------------------------------------------------
/csi-resizer/BRANCH:
--------------------------------------------------------------------------------
1 | 1.13
2 |
--------------------------------------------------------------------------------
/csi-resizer/Dockerfile:
--------------------------------------------------------------------------------
1 | # Stage1: build from source
2 | FROM ghcr.io/cybozu/golang:1.24-noble AS build
3 |
4 | ARG SRC_DIR=/work/go/src/github.com/kubernetes-csi/external-resizer
5 | ARG VERSION=1.13.1
6 |
7 | SHELL ["/bin/bash", "-o", "pipefail", "-c"]
8 |
9 | RUN git clone -b v${VERSION} --depth=1 https://github.com/kubernetes-csi/external-resizer.git ${SRC_DIR}
10 |
11 | WORKDIR ${SRC_DIR}
12 |
13 | RUN make
14 |
15 | # Stage2: setup runtime container
16 | FROM ghcr.io/cybozu/ubuntu:22.04
17 | LABEL org.opencontainers.image.source="https://github.com/cybozu/neco-containers"
18 |
19 | ARG SRC_DIR=/work/go/src/github.com/kubernetes-csi/external-resizer
20 | LABEL description="CSI External Resizer"
21 |
22 | COPY --from=build ${SRC_DIR}/bin/csi-resizer /
23 | ENTRYPOINT ["/csi-resizer"]
24 |
--------------------------------------------------------------------------------
/csi-resizer/TAG:
--------------------------------------------------------------------------------
1 | 1.13.1.2
2 |
--------------------------------------------------------------------------------
/csi-snapshotter/BRANCH:
--------------------------------------------------------------------------------
1 | 8.2
2 |
--------------------------------------------------------------------------------
/csi-snapshotter/Dockerfile:
--------------------------------------------------------------------------------
1 | # Stage1: build from source
2 | FROM ghcr.io/cybozu/golang:1.24-noble AS build
3 |
4 | ARG SRC_DIR=/work/go/src/github.com/kubernetes-csi/external-snapshotter
5 | ARG VERSION=8.2.0
6 |
7 | SHELL ["/bin/bash", "-o", "pipefail", "-c"]
8 |
9 | RUN git clone -b v${VERSION} --depth=1 https://github.com/kubernetes-csi/external-snapshotter.git ${SRC_DIR}
10 |
11 | WORKDIR ${SRC_DIR}
12 |
13 | RUN make
14 |
15 | # Stage2: setup runtime container
16 | FROM ghcr.io/cybozu/ubuntu:22.04
17 | LABEL org.opencontainers.image.source="https://github.com/cybozu/neco-containers"
18 |
19 | ARG SRC_DIR=/work/go/src/github.com/kubernetes-csi/external-snapshotter
20 | LABEL description="CSI External Snapshotter Sidecar"
21 |
22 | COPY --from=build ${SRC_DIR}/bin/csi-snapshotter /
23 | ENTRYPOINT ["/csi-snapshotter"]
24 |
--------------------------------------------------------------------------------
/csi-snapshotter/TAG:
--------------------------------------------------------------------------------
1 | 8.2.0.2
2 |
--------------------------------------------------------------------------------
/dex/.dockerignore:
--------------------------------------------------------------------------------
1 | *
2 |
--------------------------------------------------------------------------------
/dex/BRANCH:
--------------------------------------------------------------------------------
1 | 2.41
2 |
--------------------------------------------------------------------------------
/dex/Dockerfile:
--------------------------------------------------------------------------------
1 | # dex container image
2 |
3 | # Stage1: build from source
4 | FROM ghcr.io/cybozu/golang:1.23-jammy AS build
5 |
6 | ARG DEX_VERSION=2.41.1
7 |
8 | WORKDIR /work/dex/
9 | SHELL ["/bin/bash", "-o", "pipefail", "-c"]
10 | RUN curl -sSLf https://github.com/dexidp/dex/archive/v${DEX_VERSION}.tar.gz | \
11 | tar zxf - -C /work/dex --strip-components 1
12 |
13 | RUN make bin/dex VERSION=v${DEX_VERSION}
14 |
15 | # Stage2: setup runtime container
16 | FROM ghcr.io/cybozu/ubuntu:22.04
17 | LABEL org.opencontainers.image.source="https://github.com/cybozu/neco-containers"
18 |
19 | COPY --from=build /work/dex/bin/dex /usr/local/bin/dex
20 | COPY --from=build /work/dex/LICENSE /usr/local/share/doc/dex/LICENSE
21 | COPY --from=build /work/dex/web /web
22 |
23 | USER 10000:10000
24 |
25 | # the lines below follow the old upstream Dockerfile: https://github.com/dexidp/dex/blob/2dccdc2a1a4f5cb6562b54225a8615280e5ac109/Dockerfile
26 | # if you want to use this outside of Neco, please edit ENTRYPOINT and COMMAND appropriately
27 | ENTRYPOINT ["dex"]
28 | CMD ["version"]
29 |
--------------------------------------------------------------------------------
/dex/README.md:
--------------------------------------------------------------------------------
1 | # dex container
2 |
3 | Build Docker container image for [dex][], which is OpenID Connect Identity (OIDC) and OAuth 2.0 Provider with Pluggable Connectors.
4 |
5 | ## Usage
6 |
7 | ### Start `dex`
8 |
9 | Run the container
10 |
11 | ```bash
12 | docker run -d --read-only --name=dex \
13 | ghcr.io/cybozu/dex:2.41
14 | ```
15 |
16 | [dex]: https://github.com/dexidp/dex
17 |
18 | ## Docker images
19 |
20 | Docker images are available on [ghcr.io](https://github.com/cybozu/neco-containers/pkgs/container/dex)
21 |
--------------------------------------------------------------------------------
/dex/TAG:
--------------------------------------------------------------------------------
1 | 2.41.1.1
2 |
--------------------------------------------------------------------------------
/envoy/.dockerignore:
--------------------------------------------------------------------------------
1 | *
2 | !workspace
3 | !envoy.yaml
4 | !pkg
5 | !go.mod
6 | !go.sum
7 |
--------------------------------------------------------------------------------
/envoy/BRANCH:
--------------------------------------------------------------------------------
1 | 1.31
2 |
--------------------------------------------------------------------------------
/envoy/Dockerfile:
--------------------------------------------------------------------------------
1 | # Envoy container
2 |
3 | # Stage1: build from source
4 | FROM ghcr.io/cybozu/golang:1.24-noble AS build
5 |
6 | COPY . /work
7 |
8 | WORKDIR /work
9 |
10 | RUN CGO_ENABLED=0 go install -ldflags="-w -s" ./pkg/probe
11 |
12 | # Stage2: setup runtime container
13 | FROM ghcr.io/cybozu/ubuntu:24.04
14 | LABEL org.opencontainers.image.source="https://github.com/cybozu/neco-containers"
15 |
16 | COPY workspace/envoy /usr/local/bin/envoy
17 | COPY workspace/docker-entrypoint.sh /docker-entrypoint.sh
18 | COPY workspace/LICENSE /usr/local/share/doc/envoy/LICENSE
19 | COPY envoy.yaml /etc/envoy/envoy.yaml
20 | COPY --from=build /go/bin/probe /usr/local/bin/probe
21 |
22 | EXPOSE 9901
23 |
24 | USER nobody
25 | ENTRYPOINT ["/docker-entrypoint.sh"]
26 | CMD ["envoy", "-c", "/etc/envoy/envoy.yaml"]
27 |
--------------------------------------------------------------------------------
/envoy/Makefile:
--------------------------------------------------------------------------------
1 | SUDO = sudo
2 | SUDO_GO = $(SUDO) $(shell which go)
3 |
4 | .PHONY: all
5 | all: check-generate test
6 |
7 | .PHONY: setup
8 | setup:
9 | go install honnef.co/go/tools/cmd/staticcheck@latest
10 |
11 | .PHONY: check-generate
12 | check-generate:
13 | go mod tidy
14 | git diff --exit-code --name-only
15 |
16 | .PHONY: test
17 | test:
18 | test -z "$$(gofmt -s -l . | tee /dev/stderr)"
19 | staticcheck ./...
20 | go vet ./...
21 | $(SUDO_GO) test -race -v ./...
22 |
--------------------------------------------------------------------------------
/envoy/TAG:
--------------------------------------------------------------------------------
1 | 1.31.5.1
2 |
--------------------------------------------------------------------------------
/envoy/envoy.yaml:
--------------------------------------------------------------------------------
1 | admin:
2 | access_log_path: /dev/null
3 | address:
4 | socket_address:
5 | protocol: TCP
6 | address: 127.0.0.1
7 | port_value: 9901
8 |
--------------------------------------------------------------------------------
/envoy/pkg/probe/main.go:
--------------------------------------------------------------------------------
1 | package main
2 |
3 | import "github.com/cybozu/neco-containers/envoy/pkg/probe/cmd"
4 |
5 | func main() {
6 | cmd.Execute()
7 | }
8 |
--------------------------------------------------------------------------------
/etcd/.dockerignore:
--------------------------------------------------------------------------------
1 | *
2 | !install-tools
3 |
--------------------------------------------------------------------------------
/etcd/BRANCH:
--------------------------------------------------------------------------------
1 | 3.5
2 |
--------------------------------------------------------------------------------
/etcd/Dockerfile:
--------------------------------------------------------------------------------
1 | # etcd container
2 |
3 | # Stage1: build from source
4 | FROM ghcr.io/cybozu/golang:1.23-noble AS build
5 |
6 | ARG ETCD_VERSION=3.5.18
7 |
8 | SHELL ["/bin/bash", "-o", "pipefail", "-c"]
9 | RUN curl -sSLf https://github.com/etcd-io/etcd/archive/v${ETCD_VERSION}.tar.gz | \
10 | tar zxf - \
11 | && mv etcd-${ETCD_VERSION} etcd
12 |
13 | WORKDIR /work/etcd
14 | RUN ./build.sh
15 |
16 | # Stage2: setup runtime container
17 | FROM ghcr.io/cybozu/ubuntu:24.04
18 | LABEL org.opencontainers.image.source="https://github.com/cybozu/neco-containers"
19 |
20 | COPY --from=build /work/etcd/bin /usr/local/etcd/bin
21 | COPY --from=build /work/etcd/LICENSE /usr/local/etcd/LICENSE
22 | COPY install-tools /usr/local/etcd/install-tools
23 |
24 | ENV PATH=/usr/local/etcd/bin:"$PATH"
25 |
26 | EXPOSE 2379 2380
27 |
28 | RUN mkdir -p /var/lib/etcd && chown 10000:10000 /var/lib/etcd
29 | USER 10000:10000
30 | VOLUME /var/lib/etcd
31 |
32 | ENTRYPOINT ["/usr/local/etcd/bin/etcd", "--data-dir", "/var/lib/etcd"]
33 |
--------------------------------------------------------------------------------
/etcd/README.md:
--------------------------------------------------------------------------------
1 | etcd-container
2 | ==============
3 |
4 | [etcd](https://github.com/etcd-io/etcd) is a distributed reliable key-value
5 | store provided by CoreOS. This repository provides a Dockerfile which contains
6 | `etcd` server and `etcdctl` for the client usage.
7 |
8 | Usage
9 | -----
10 |
11 | To launch `etcd` by `docker run`:
12 |
13 | $ docker volume create etcd
14 | $ docker run -p 2379:2379 -p 2380:2380 --name etcd-1 \
15 | --mount type=volume,src=etcd,target=/var/lib/etcd \
16 | ghcr.io/cybozu/etcd:3.5 \
17 | --advertise-client-urls http://0.0.0.0:2379 \
18 | --listen-client-urls http://0.0.0.0:2379
19 |
20 | To use `etcdctl`, first install it in a host directory `DIR`:
21 |
22 | $ docker run --rm -u root:root \
23 | --entrypoint /usr/local/etcd/install-tools \
24 | --mount type=bind,src=DIR,target=/host \
25 | ghcr.io/cybozu/etcd:3.5
26 |
27 | Then run `etcdctl` as follows:
28 |
29 | $ DIR/etcdctl get /
30 |
31 | Docker images
32 | -------------
33 |
34 | Docker images are available on [ghcr.io](https://github.com/cybozu/neco-containers/pkgs/container/etcd)
35 |
--------------------------------------------------------------------------------
/etcd/TAG:
--------------------------------------------------------------------------------
1 | 3.5.18.1
2 |
--------------------------------------------------------------------------------
/etcd/install-tools:
--------------------------------------------------------------------------------
1 | #!/bin/sh -e
2 |
3 | DEST=/host
4 |
5 | cp --remove-destination /usr/local/etcd/bin/etcdctl $DEST/etcdctl
6 | chmod 755 $DEST/etcdctl
7 |
--------------------------------------------------------------------------------
/external-dns/.dockerignore:
--------------------------------------------------------------------------------
1 | *
2 |
--------------------------------------------------------------------------------
/external-dns/Dockerfile:
--------------------------------------------------------------------------------
1 | # ExternalDNS container image
2 |
3 | # Stage1: build from source
4 | FROM ghcr.io/cybozu/golang:1.24-noble AS build
5 |
6 | ARG EXTERNALDNS_VERSION=0.15.1
7 |
8 | SHELL ["/bin/bash", "-o", "pipefail", "-c"]
9 | RUN curl -sSLf https://github.com/kubernetes-sigs/external-dns/archive/v${EXTERNALDNS_VERSION}.tar.gz | \
10 | tar zxf - -C /work/ \
11 | && mv external-dns-${EXTERNALDNS_VERSION} /work/external-dns
12 |
13 | WORKDIR /work/external-dns/
14 |
15 | RUN make build
16 |
17 | # Stage2: setup runtime container
18 | FROM ghcr.io/cybozu/ubuntu:24.04
19 | LABEL org.opencontainers.image.source="https://github.com/cybozu/neco-containers"
20 |
21 | COPY --from=build /work/external-dns/build/external-dns /usr/local/external-dns/bin/external-dns
22 | COPY --from=build /work/external-dns/LICENSE.md /usr/local/external-dns/LICENSE.md
23 | ENV PATH=/usr/local/external-dns/bin:"$PATH"
24 |
25 | USER 10000:10000
26 |
27 | ENTRYPOINT ["external-dns"]
28 |
--------------------------------------------------------------------------------
/external-dns/README.md:
--------------------------------------------------------------------------------
1 | ExternalDNS container
2 | =====================
3 |
4 | Build Docker container image for [ExternalDNS][], which synchronizes exposed Kubernetes Services and Ingresses with DNS providers.
5 |
6 |
7 | Usage
8 | -----
9 |
10 | ### Start `external-dns`
11 |
12 | Run the container
13 |
14 | ```console
15 | $ docker run -d --read-only --name=external-dns \
16 | ghcr.io/cybozu/external-dns:0.15.1.1 \
17 | --registry=txt --txt-owner-id ... --provider ...
18 | ```
19 |
20 | [ExternalDNS]: https://github.com/kubernetes-incubator/external-dns/
21 |
22 | Docker images
23 | -------------
24 |
25 | Docker images are available on [ghcr.io](https://github.com/cybozu/neco-containers/pkgs/container/external-dns)
26 |
--------------------------------------------------------------------------------
/external-dns/TAG:
--------------------------------------------------------------------------------
1 | 0.15.1.1
2 |
--------------------------------------------------------------------------------
/fluent-bit/.dockerignore:
--------------------------------------------------------------------------------
1 | *
2 |
--------------------------------------------------------------------------------
/fluent-bit/README.md:
--------------------------------------------------------------------------------
1 | Fluent Bit container
2 | ====================
3 |
4 | Build Docker container image for [Fluent Bit][], Log Processor and Forwarder.
5 |
6 | Docker images
7 | -------------
8 |
9 | Docker images are available on [ghcr.io](https://github.com/cybozu/neco-containers/pkgs/container/fluent-bit)
10 |
11 | [Fluent Bit]: https://fluentbit.io/
12 |
--------------------------------------------------------------------------------
/fluent-bit/TAG:
--------------------------------------------------------------------------------
1 | 3.2.8.2
2 |
--------------------------------------------------------------------------------
/golang-all/golang-1.22-jammy/.dockerignore:
--------------------------------------------------------------------------------
1 | *
2 |
--------------------------------------------------------------------------------
/golang-all/golang-1.22-jammy/BRANCH:
--------------------------------------------------------------------------------
1 | 1.22-jammy
2 |
--------------------------------------------------------------------------------
/golang-all/golang-1.22-jammy/Dockerfile:
--------------------------------------------------------------------------------
1 | # Go container
2 |
3 | FROM --platform=$TARGETPLATFORM ghcr.io/cybozu/ubuntu-dev:22.04
4 | LABEL org.opencontainers.image.source="https://github.com/cybozu/neco-containers"
5 |
6 | ARG TARGETARCH
7 | ARG GO_VERSION=1.22.12
8 |
9 | ENV GOARCH=${TARGETARCH}
10 | ENV GOPATH=/go
11 | ENV PATH=/go/bin:/usr/local/go/bin:"$PATH"
12 |
13 | RUN rm -rf /usr/local/go \
14 | && curl -sfL https://dl.google.com/go/go${GO_VERSION}.linux-${GOARCH}.tar.gz \
15 | | tar -x -z -C /usr/local -f - \
16 | && mkdir -p /go/src \
17 | && GOBIN=/usr/local/bin go install golang.org/x/tools/cmd/goimports@latest \
18 | && GOBIN=/usr/local/bin go install golang.org/x/lint/golint@latest \
19 | && GOBIN=/usr/local/bin go install honnef.co/go/tools/cmd/staticcheck@latest \
20 | && GOBIN=/usr/local/bin go install github.com/gordonklaus/ineffassign@latest \
21 | && GOBIN=/usr/local/bin go install github.com/tcnksm/ghr@latest \
22 | && GOBIN=/usr/local/bin go install github.com/cybozu-go/golang-custom-analyzer/cmd/...@latest \
23 | && rm -rf /go \
24 | && mkdir -p /go/src
25 |
26 | WORKDIR /work
27 |
28 | CMD ["/bin/bash"]
29 |
--------------------------------------------------------------------------------
/golang-all/golang-1.22-jammy/NO_TAG_BRANCH_CONSISTENCY:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cybozu/neco-containers/4a16846b052e117bac466f475329a34aa21bdbfa/golang-all/golang-1.22-jammy/NO_TAG_BRANCH_CONSISTENCY
--------------------------------------------------------------------------------
/golang-all/golang-1.22-jammy/README.md:
--------------------------------------------------------------------------------
1 | Go container
2 | ============
3 |
4 | This directory provides a Dockerfile to build a Docker container
5 | that includes [Go](https://golang.org/) language runtime and following
6 | tools:
7 |
8 | * [goimports](https://godoc.org/golang.org/x/tools/cmd/goimports)
9 | * [golint](https://github.com/golang/lint)
10 | * [staticcheck](https://staticcheck.io/)
11 | * [ineffassign](https://github.com/gordonklaus/ineffassign)
12 | * [ghr](https://github.com/tcnksm/ghr)
13 | * [golang custom analyzer](https://github.com/cybozu-go/golang-custom-analyzer)
14 |
15 | This container is based on [ghcr.io/cybozu/ubuntu-dev](https://ghcr.io/repository/cybozu/ubuntu-dev).
16 |
17 | Docker images
18 | -------------
19 |
20 | Docker images are available on [ghcr.io](https://github.com/cybozu/neco-containers/pkgs/container/golang)
21 |
--------------------------------------------------------------------------------
/golang-all/golang-1.22-jammy/TAG:
--------------------------------------------------------------------------------
1 | 1.22.12.1_jammy
2 |
--------------------------------------------------------------------------------
/golang-all/golang-1.22-noble/.dockerignore:
--------------------------------------------------------------------------------
1 | *
2 |
--------------------------------------------------------------------------------
/golang-all/golang-1.22-noble/BRANCH:
--------------------------------------------------------------------------------
1 | 1.22-noble
2 |
--------------------------------------------------------------------------------
/golang-all/golang-1.22-noble/NO_TAG_BRANCH_CONSISTENCY:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cybozu/neco-containers/4a16846b052e117bac466f475329a34aa21bdbfa/golang-all/golang-1.22-noble/NO_TAG_BRANCH_CONSISTENCY
--------------------------------------------------------------------------------
/golang-all/golang-1.22-noble/README.md:
--------------------------------------------------------------------------------
1 | Go container
2 | ============
3 |
4 | This directory provides a Dockerfile to build a Docker container
5 | that includes [Go](https://golang.org/) language runtime and following
6 | tools:
7 |
8 | * [goimports](https://godoc.org/golang.org/x/tools/cmd/goimports)
9 | * [golint](https://github.com/golang/lint)
10 | * [staticcheck](https://staticcheck.io/)
11 | * [ineffassign](https://github.com/gordonklaus/ineffassign)
12 | * [ghr](https://github.com/tcnksm/ghr)
13 | * [golang custom analyzer](https://github.com/cybozu-go/golang-custom-analyzer)
14 |
15 | This container is based on [ghcr.io/cybozu/ubuntu-dev](https://ghcr.io/repository/cybozu/ubuntu-dev).
16 |
17 | Docker images
18 | -------------
19 |
20 | Docker images are available on [ghcr.io](https://github.com/cybozu/neco-containers/pkgs/container/golang)
21 |
--------------------------------------------------------------------------------
/golang-all/golang-1.22-noble/TAG:
--------------------------------------------------------------------------------
1 | 1.22.12.2_noble
2 |
--------------------------------------------------------------------------------
/golang-all/golang-1.23-jammy/.dockerignore:
--------------------------------------------------------------------------------
1 | *
2 |
--------------------------------------------------------------------------------
/golang-all/golang-1.23-jammy/BRANCH:
--------------------------------------------------------------------------------
1 | 1.23-jammy
2 |
--------------------------------------------------------------------------------
/golang-all/golang-1.23-jammy/NO_TAG_BRANCH_CONSISTENCY:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cybozu/neco-containers/4a16846b052e117bac466f475329a34aa21bdbfa/golang-all/golang-1.23-jammy/NO_TAG_BRANCH_CONSISTENCY
--------------------------------------------------------------------------------
/golang-all/golang-1.23-jammy/README.md:
--------------------------------------------------------------------------------
1 | Go container
2 | ============
3 |
4 | This directory provides a Dockerfile to build a Docker container
5 | that includes [Go](https://golang.org/) language runtime and following
6 | tools:
7 |
8 | * [goimports](https://godoc.org/golang.org/x/tools/cmd/goimports)
9 | * [golint](https://github.com/golang/lint)
10 | * [staticcheck](https://staticcheck.io/)
11 | * [ineffassign](https://github.com/gordonklaus/ineffassign)
12 | * [ghr](https://github.com/tcnksm/ghr)
13 | * [golang custom analyzer](https://github.com/cybozu-go/golang-custom-analyzer)
14 |
15 | This container is based on [ghcr.io/cybozu/ubuntu-dev](https://ghcr.io/repository/cybozu/ubuntu-dev).
16 |
17 | Docker images
18 | -------------
19 |
20 | Docker images are available on [ghcr.io](https://github.com/cybozu/neco-containers/pkgs/container/golang)
21 |
--------------------------------------------------------------------------------
/golang-all/golang-1.23-jammy/TAG:
--------------------------------------------------------------------------------
1 | 1.23.9.1_jammy
2 |
--------------------------------------------------------------------------------
/golang-all/golang-1.23-noble/.dockerignore:
--------------------------------------------------------------------------------
1 | *
2 |
--------------------------------------------------------------------------------
/golang-all/golang-1.23-noble/BRANCH:
--------------------------------------------------------------------------------
1 | 1.23-noble
2 |
--------------------------------------------------------------------------------
/golang-all/golang-1.23-noble/NO_TAG_BRANCH_CONSISTENCY:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cybozu/neco-containers/4a16846b052e117bac466f475329a34aa21bdbfa/golang-all/golang-1.23-noble/NO_TAG_BRANCH_CONSISTENCY
--------------------------------------------------------------------------------
/golang-all/golang-1.23-noble/README.md:
--------------------------------------------------------------------------------
1 | Go container
2 | ============
3 |
4 | This directory provides a Dockerfile to build a Docker container
5 | that includes [Go](https://golang.org/) language runtime and following
6 | tools:
7 |
8 | * [goimports](https://godoc.org/golang.org/x/tools/cmd/goimports)
9 | * [golint](https://github.com/golang/lint)
10 | * [staticcheck](https://staticcheck.io/)
11 | * [ineffassign](https://github.com/gordonklaus/ineffassign)
12 | * [ghr](https://github.com/tcnksm/ghr)
13 | * [golang custom analyzer](https://github.com/cybozu-go/golang-custom-analyzer)
14 |
15 | This container is based on [ghcr.io/cybozu/ubuntu-dev](https://ghcr.io/repository/cybozu/ubuntu-dev).
16 |
17 | Docker images
18 | -------------
19 |
20 | Docker images are available on [ghcr.io](https://github.com/cybozu/neco-containers/pkgs/container/golang)
21 |
--------------------------------------------------------------------------------
/golang-all/golang-1.23-noble/TAG:
--------------------------------------------------------------------------------
1 | 1.23.9.1_noble
2 |
--------------------------------------------------------------------------------
/golang-all/golang-1.24-jammy/.dockerignore:
--------------------------------------------------------------------------------
1 | *
2 |
--------------------------------------------------------------------------------
/golang-all/golang-1.24-jammy/BRANCH:
--------------------------------------------------------------------------------
1 | 1.24-jammy
2 |
--------------------------------------------------------------------------------
/golang-all/golang-1.24-jammy/NO_TAG_BRANCH_CONSISTENCY:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cybozu/neco-containers/4a16846b052e117bac466f475329a34aa21bdbfa/golang-all/golang-1.24-jammy/NO_TAG_BRANCH_CONSISTENCY
--------------------------------------------------------------------------------
/golang-all/golang-1.24-jammy/README.md:
--------------------------------------------------------------------------------
1 | Go container
2 | ============
3 |
4 | This directory provides a Dockerfile to build a Docker container
5 | that includes [Go](https://golang.org/) language runtime and following
6 | tools:
7 |
8 | * [goimports](https://godoc.org/golang.org/x/tools/cmd/goimports)
9 | * [golint](https://github.com/golang/lint)
10 | * [staticcheck](https://staticcheck.io/)
11 | * [ineffassign](https://github.com/gordonklaus/ineffassign)
12 | * [ghr](https://github.com/tcnksm/ghr)
13 | * [golang custom analyzer](https://github.com/cybozu-go/golang-custom-analyzer)
14 |
15 | This container is based on [ghcr.io/cybozu/ubuntu-dev](https://ghcr.io/repository/cybozu/ubuntu-dev).
16 |
17 | Docker images
18 | -------------
19 |
20 | Docker images are available on [ghcr.io](https://github.com/cybozu/neco-containers/pkgs/container/golang)
21 |
--------------------------------------------------------------------------------
/golang-all/golang-1.24-jammy/TAG:
--------------------------------------------------------------------------------
1 | 1.24.3.1_jammy
2 |
--------------------------------------------------------------------------------
/golang-all/golang-1.24-noble/.dockerignore:
--------------------------------------------------------------------------------
1 | *
2 |
--------------------------------------------------------------------------------
/golang-all/golang-1.24-noble/BRANCH:
--------------------------------------------------------------------------------
1 | 1.24-noble
2 |
--------------------------------------------------------------------------------
/golang-all/golang-1.24-noble/NO_TAG_BRANCH_CONSISTENCY:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cybozu/neco-containers/4a16846b052e117bac466f475329a34aa21bdbfa/golang-all/golang-1.24-noble/NO_TAG_BRANCH_CONSISTENCY
--------------------------------------------------------------------------------
/golang-all/golang-1.24-noble/README.md:
--------------------------------------------------------------------------------
1 | Go container
2 | ============
3 |
4 | This directory provides a Dockerfile to build a Docker container
5 | that includes [Go](https://golang.org/) language runtime and following
6 | tools:
7 |
8 | * [goimports](https://godoc.org/golang.org/x/tools/cmd/goimports)
9 | * [golint](https://github.com/golang/lint)
10 | * [staticcheck](https://staticcheck.io/)
11 | * [ineffassign](https://github.com/gordonklaus/ineffassign)
12 | * [ghr](https://github.com/tcnksm/ghr)
13 | * [golang custom analyzer](https://github.com/cybozu-go/golang-custom-analyzer)
14 |
15 | This container is based on [ghcr.io/cybozu/ubuntu-dev](https://ghcr.io/repository/cybozu/ubuntu-dev).
16 |
17 | Docker images
18 | -------------
19 |
20 | Docker images are available on [ghcr.io](https://github.com/cybozu/neco-containers/pkgs/container/golang)
21 |
--------------------------------------------------------------------------------
/golang-all/golang-1.24-noble/TAG:
--------------------------------------------------------------------------------
1 | 1.24.3.1_noble
2 |
--------------------------------------------------------------------------------
/gorush/.dockerignore:
--------------------------------------------------------------------------------
1 | *
2 |
--------------------------------------------------------------------------------
/gorush/BRANCH:
--------------------------------------------------------------------------------
1 | 1.13
2 |
--------------------------------------------------------------------------------
/gorush/Dockerfile:
--------------------------------------------------------------------------------
1 | # Gorush container
2 |
3 | # Stage1: build from source
4 | FROM quay.io/cybozu/golang:1.15-bionic AS build
5 |
6 | ARG GORUSH_VERSION="1.13.0.cybozu.5"
7 |
8 | WORKDIR /work
9 | RUN git clone https://github.com/cybozu/gorush.git -b "v${GORUSH_VERSION}" . \
10 | && make build
11 |
12 | # Stage2: setup runtime container
13 | FROM quay.io/cybozu/ubuntu:20.04
14 | LABEL org.opencontainers.image.source="https://github.com/cybozu/neco-containers"
15 |
16 | COPY --from=build /work/release/gorush /usr/local/gorush/bin/gorush
17 | COPY --from=build /work/LICENSE /usr/local/gorush/LICENSE
18 |
19 | ENV PATH=/usr/local/gorush/bin:"$PATH"
20 |
21 | USER 10000:10000
22 |
23 | # Gorush
24 | EXPOSE 8088
25 |
26 | ENTRYPOINT ["/usr/local/gorush/bin/gorush"]
27 | CMD ["-c", "/config/config.yaml"]
28 |
--------------------------------------------------------------------------------
/gorush/README.md:
--------------------------------------------------------------------------------
1 | Gorush container
2 | ==================
3 |
4 | Build Docker container image for [Gorush][], which is a push notification micro server.
5 |
6 | Usage
7 | -----
8 |
9 | ### Run gorush:
10 |
11 | ```console
12 | $ docker run -d --rm --read-only \
13 | -p 8088:8088 \
14 | --name gorush \
15 | --mount type=bind,source=/home/cybozu/config,target=/config \
16 | quay.io/cybozu/gorush:1.13.0.2
17 | ```
18 |
19 | [Gorush]: https://github.com/appleboy/gorush
20 |
21 | Docker images
22 | -------------
23 |
24 | Docker images are available on [Quay.io](https://quay.io/repository/cybozu/gorush)
25 |
--------------------------------------------------------------------------------
/gorush/TAG:
--------------------------------------------------------------------------------
1 | 1.13.0.7
2 |
--------------------------------------------------------------------------------
/grafana-operator/README.md:
--------------------------------------------------------------------------------
1 | Grafana Operator container
2 | ==================
3 |
4 | [Grafana Operator](https://github.com/grafana/grafana-operator) automates deployment of Grafana instances.
5 |
6 | Usage
7 | -----
8 |
9 | Run this image with the following deployment configuration.
10 | https://github.com/grafana/grafana-operator/tree/master/deploy
11 |
12 | Docker images
13 | -------------
14 |
15 | Docker images are available on [ghcr.io](https://github.com/cybozu/neco-containers/pkgs/container/grafana-operator)
16 |
--------------------------------------------------------------------------------
/grafana-operator/TAG:
--------------------------------------------------------------------------------
1 | 5.17.1.1
2 |
--------------------------------------------------------------------------------
/grafana/.dockerignore:
--------------------------------------------------------------------------------
1 | *
2 |
--------------------------------------------------------------------------------
/grafana/README.md:
--------------------------------------------------------------------------------
1 | Grafana container
2 | ==================
3 |
4 | [Grafana](https://grafana.com/) is the dashboard for Prometheus.
5 |
6 | Docker images
7 | -------------
8 |
9 | Docker images are available on [ghcr.io](https://github.com/cybozu/neco-containers/pkgs/container/grafana)
10 |
--------------------------------------------------------------------------------
/grafana/TAG:
--------------------------------------------------------------------------------
1 | 11.6.2.1
2 |
--------------------------------------------------------------------------------
/haproxy/.dockerignore:
--------------------------------------------------------------------------------
1 | #
2 |
--------------------------------------------------------------------------------
/haproxy/BRANCH:
--------------------------------------------------------------------------------
1 | 2.6
2 |
--------------------------------------------------------------------------------
/haproxy/README.md:
--------------------------------------------------------------------------------
1 | # HA-Proxy container
2 |
3 | [HA-Proxy](https://www.haproxy.org/) is a part of ArgoCD-HA.
4 |
5 | ## Docker images
6 |
7 | HA-Proxy images are available on [ghcr.io/cybozu/haproxy](https://ghcr.io/cybozu/haproxy)
8 |
--------------------------------------------------------------------------------
/haproxy/TAG:
--------------------------------------------------------------------------------
1 | 2.6.17.1
2 |
--------------------------------------------------------------------------------
/haproxy/docker-entrypoint.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | set -e
3 |
4 | # first arg is `-f` or `--some-option`
5 | if [ "${1#-}" != "$1" ]; then
6 | set -- haproxy "$@"
7 | fi
8 |
9 | if [ "$1" = 'haproxy' ]; then
10 | shift # "haproxy"
11 | # if the user wants "haproxy", let's add a couple useful flags
12 | # -W -- "master-worker mode" (similar to the old "haproxy-systemd-wrapper"; allows for reload via "SIGUSR2")
13 | # -db -- disables background mode
14 | set -- haproxy -W -db "$@"
15 | fi
16 |
17 | exec "$@"
18 |
--------------------------------------------------------------------------------
/heartbeat/.gitignore:
--------------------------------------------------------------------------------
1 | /heartbeat
2 |
--------------------------------------------------------------------------------
/heartbeat/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM ghcr.io/cybozu/golang:1.22-jammy as build
2 |
3 | COPY / /work
4 | WORKDIR /work
5 |
6 | RUN go build -ldflags="-w -s" .
7 |
8 | # stage2: final image
9 | FROM ghcr.io/cybozu/ubuntu:22.04
10 | LABEL org.opencontainers.image.source="https://github.com/cybozu/neco-containers"
11 |
12 | COPY --from=build /work/heartbeat /usr/local/bin/heartbeat
13 | USER 10000:10000
14 |
15 | ENTRYPOINT ["/usr/local/bin/heartbeat"]
16 |
--------------------------------------------------------------------------------
/heartbeat/Makefile:
--------------------------------------------------------------------------------
1 | SUDO = sudo
2 | SUDO_GO = $(SUDO) $(shell which go)
3 |
4 | .PHONY: all
5 | all: check-generate test
6 |
7 | .PHONY: setup
8 | setup:
9 | go install github.com/cybozu-go/golang-custom-analyzer/cmd/custom-checker@latest
10 | go install honnef.co/go/tools/cmd/staticcheck@latest
11 |
12 | .PHONY: check-generate
13 | check-generate:
14 | go mod tidy
15 | git diff --exit-code --name-only
16 |
17 | .PHONY: test
18 | test:
19 | test -z "$$(gofmt -s -l . | tee /dev/stderr)"
20 | staticcheck ./...
21 | test -z "$$(custom-checker -restrictpkg.packages=html/template,log ./... 2>&1 | tee /dev/stderr)"
22 | go vet ./...
23 | $(SUDO_GO) test -race -v ./...
24 |
--------------------------------------------------------------------------------
/heartbeat/TAG:
--------------------------------------------------------------------------------
1 | 1.0.14
2 |
--------------------------------------------------------------------------------
/hubble-relay/.dockerignore:
--------------------------------------------------------------------------------
1 | *
2 | !TAG
3 |
--------------------------------------------------------------------------------
/hubble-relay/BRANCH:
--------------------------------------------------------------------------------
1 | 1.15
2 |
--------------------------------------------------------------------------------
/hubble-relay/Makefile:
--------------------------------------------------------------------------------
1 | IMAGE_TAG ?= ghcr.io/cybozu/hubble-relay:$(shell cat TAG)
2 |
3 | .PHONY: build
4 | build:
5 | docker build . --tag=$(IMAGE_TAG)
6 |
7 | .PHONY: cilium-checkout
8 | cilium-checkout:
9 | @$(MAKE) -C ../cilium checkout
10 |
11 | .PHONY: cilium-test-e2e-setup
12 | cilium-test-e2e-setup:
13 | @$(MAKE) -C ../cilium test-e2e-setup
14 |
15 | .PHONY: cilium-test-e2e-upgrade-inotify
16 | cilium-test-e2e-upgrade-inotify:
17 | @$(MAKE) -C ../cilium test-e2e-upgrade-inotify
18 |
19 | .PHONY: test-e2e
20 | test-e2e:
21 | @$(MAKE) -C ../cilium/e2e start-hubble-relay
22 | kubectl wait deployments -A --all --for condition=Available --timeout=300s
23 | kubectl wait pods -A --all --for condition=Ready --timeout=300s
24 | @$(MAKE) -C ../cilium/e2e stop
25 |
--------------------------------------------------------------------------------
/hubble-relay/README.md:
--------------------------------------------------------------------------------
1 | Cilium Hubble relay container
2 | ================
3 |
4 | This directory provides the Dockerfile for building a container image containing Cilium's [hubble-relay](https://github.com/cilium/cilium). The image includes only the `hubble-relay` binary.
5 |
6 | Docker images
7 | -------------
8 |
9 | Docker images are available on [ghcr.io](https://ghcr.io/cybozu/hubble-relay)
10 |
--------------------------------------------------------------------------------
/hubble-relay/TAG:
--------------------------------------------------------------------------------
1 | 1.15.13.1
2 |
--------------------------------------------------------------------------------
/hubble-ui/.gitignore:
--------------------------------------------------------------------------------
1 | src
2 |
--------------------------------------------------------------------------------
/hubble-ui/BRANCH:
--------------------------------------------------------------------------------
1 | 0.13
2 |
--------------------------------------------------------------------------------
/hubble-ui/README.md:
--------------------------------------------------------------------------------
1 | Cilium Hubble UI containers
2 | ================
3 |
4 | This directory provides the Dockerfile for building container images for Cilium Hubble's [hubble-ui](https://github.com/cilium/hubble-ui) and its backend `hubble-ui-backend`. Two separate images, `hubble-ui-frontend` and `hubble-ui-backend`, are built.
5 |
6 | Docker images
7 | -------------
8 |
9 | Docker images are available on ghcr.io for [hubble-ui-frontend](https://ghcr.io/cybozu/hubble-ui-frontend)) and [hubble-ui-backend](https://ghcr.io/cybozu/hubble-ui-backend)
10 |
--------------------------------------------------------------------------------
/hubble-ui/TAG:
--------------------------------------------------------------------------------
1 | 0.13.2.1
2 |
--------------------------------------------------------------------------------
/hubble/BRANCH:
--------------------------------------------------------------------------------
1 | 0.13
2 |
--------------------------------------------------------------------------------
/hubble/Dockerfile:
--------------------------------------------------------------------------------
1 | # hubble container
2 |
3 | # Stage1: build from source
4 | FROM ghcr.io/cybozu/golang:1.24-noble AS build
5 |
6 | COPY TAG /
7 |
8 | SHELL ["/bin/bash", "-o", "pipefail", "-c"]
9 |
10 | WORKDIR /go/src/github.com/cilium/hubble
11 | RUN VERSION=$(cut -d \. -f 1,2,3 < /TAG ) \
12 | && curl -fsSL -o hubble.tar.gz "https://github.com/cilium/hubble/archive/v${VERSION}.tar.gz" \
13 | && tar -x -z --strip-components 1 -f hubble.tar.gz \
14 | && rm -f hubble.tar.gz \
15 | && make clean && make hubble
16 |
17 | # Stage2: setup runtime container
18 | FROM scratch
19 | LABEL org.opencontainers.image.source="https://github.com/cybozu/neco-containers"
20 |
21 | COPY --from=build /go/src/github.com/cilium/hubble/hubble /hubble
22 | COPY --from=build /go/src/github.com/cilium/hubble/LICENSE /LICENSE
23 |
24 | USER 10000:10000
25 |
26 | ENTRYPOINT ["/hubble"]
27 |
--------------------------------------------------------------------------------
/hubble/README.md:
--------------------------------------------------------------------------------
1 | hubble
2 | ======
3 |
4 | Hubble is a fully distributed networking and security observability platform for cloud native workloads.
5 | This image containes a hubble utility to observe and inspect recent Cilium routed traffic in a cluster.
6 |
7 |
8 | - [hubble](https://github.com/cilium/hubble)
9 |
10 | Docker images
11 | -------------
12 |
13 | Docker images are available on [ghcr.io](https://ghcr.io/cybozu/hubble)
14 |
--------------------------------------------------------------------------------
/hubble/TAG:
--------------------------------------------------------------------------------
1 | 0.13.6.1
2 |
--------------------------------------------------------------------------------
/kube-metrics-adapter/Dockerfile:
--------------------------------------------------------------------------------
1 | # kube-metrics-adapter container
2 |
3 | # Stage1: build from source
4 | FROM ghcr.io/cybozu/golang:1.23-noble AS build
5 |
6 | ARG KMA_VERSION=0.2.3
7 |
8 | RUN curl -fsSL -o kma.tar.gz https://github.com/zalando-incubator/kube-metrics-adapter/archive/v${KMA_VERSION}.tar.gz \
9 | && tar -x -z --strip-components 1 -f kma.tar.gz \
10 | && rm -f kma.tar.gz \
11 | && make build.linux VERSION=${KMA_VERSION}
12 |
13 | # Stage2: setup runtime container
14 | FROM scratch
15 | LABEL org.opencontainers.image.source="https://github.com/cybozu/neco-containers"
16 |
17 | COPY --from=build /work/build/linux/kube-metrics-adapter /
18 | COPY --from=build /work/LICENSE /LICENSE
19 |
20 | USER 10000:10000
21 |
22 | ENTRYPOINT ["/kube-metrics-adapter"]
23 |
--------------------------------------------------------------------------------
/kube-metrics-adapter/README.md:
--------------------------------------------------------------------------------
1 | kube-metrics-adapter container
2 | =============================
3 |
4 | This directory provides a Dockerfile to build a Docker container that runs [kube-metrics-adapter](https://github.com/zalando-incubator/kube-metrics-adapter).
5 |
6 | Docker images
7 | -------------
8 |
9 | Docker images are available on [ghcr.io](https://github.com/cybozu/neco-containers/pkgs/container/kube-metrics-adapter)
10 |
--------------------------------------------------------------------------------
/kube-metrics-adapter/TAG:
--------------------------------------------------------------------------------
1 | 0.2.3.1
2 |
--------------------------------------------------------------------------------
/kube-state-metrics/.dockerignore:
--------------------------------------------------------------------------------
1 | *
2 |
--------------------------------------------------------------------------------
/kube-state-metrics/Dockerfile:
--------------------------------------------------------------------------------
1 | # kube-state-metrics container
2 |
3 | # Stage1: build from source
4 | FROM ghcr.io/cybozu/golang:1.23-noble AS build
5 |
6 | ARG KUBE_STATE_METRICS_VERSION=2.15.0
7 | SHELL ["/bin/bash", "-o", "pipefail", "-c"]
8 | RUN curl -fsSL https://github.com/kubernetes/kube-state-metrics/archive/v${KUBE_STATE_METRICS_VERSION}.tar.gz | \
9 | tar --strip-components=1 -xzf -
10 |
11 | RUN make build-local
12 |
13 | # Stage2: setup runtime container
14 | FROM scratch
15 | LABEL org.opencontainers.image.source="https://github.com/cybozu/neco-containers"
16 |
17 | COPY --from=build /work/kube-state-metrics /kube-state-metrics
18 | COPY --from=build /work/LICENSE /LICENSE
19 | COPY --from=build /usr/share/zoneinfo /usr/share/zoneinfo
20 |
21 | USER 10000:10000
22 | EXPOSE 8080 8081
23 | ENTRYPOINT ["/kube-state-metrics", "--port=8080", "--telemetry-port=8081"]
24 |
--------------------------------------------------------------------------------
/kube-state-metrics/README.md:
--------------------------------------------------------------------------------
1 | kube-state-metrics
2 | ==================
3 |
4 | [kube-state-metrics](https://github.com/kubernetes/kube-state-metrics) is a service that listens to the Kubernetes API server and generates prometheus metrics about the state of the objects.
5 |
6 | Usage
7 | -----
8 |
9 | ```console
10 | $ docker run -p 8080:8080 -p 8081:8081 \
11 | ghcr.io/cybozu/kube-state-metrics:2.15.0.1 \
12 | --kubeconfig=\
13 | ```
14 |
15 | Docker images
16 | -------------
17 |
18 | Docker images are available on [ghcr.io](ghcr.io](https://github.com/cybozu/neco-containers/pkgs/container/kube-state-metrics)
19 |
--------------------------------------------------------------------------------
/kube-state-metrics/TAG:
--------------------------------------------------------------------------------
1 | 2.15.0.2
2 |
--------------------------------------------------------------------------------
/kube-storage-version-migrator/.dockerignore:
--------------------------------------------------------------------------------
1 | *
2 |
--------------------------------------------------------------------------------
/kube-storage-version-migrator/README.md:
--------------------------------------------------------------------------------
1 | kube-storage-version-migrator
2 | =============================
3 |
4 | kube-storage-version-migrator migrates stored data in etcd to the latest storage version.
5 |
6 | - [kube-storage-version-migrator](https://github.com/kubernetes-sigs/kube-storage-version-migrator)
7 |
8 | Docker images
9 | -------------
10 |
11 | Three variations of Docker images are available on ghcr.io.
12 |
13 | - [storage-version-migrate-initializer](https://github.com/cybozu/neco-containers/pkgs/container/storage-version-migrate-initializer)
14 | - [storage-version-migrate-migrator](https://github.com/cybozu/neco-containers/pkgs/container/storage-version-migrate-migrator)
15 | - [storage-version-migrate-trigger](https://github.com/cybozu/neco-containers/pkgs/container/storage-version-migrate-trigger)
16 |
--------------------------------------------------------------------------------
/kube-storage-version-migrator/TAG:
--------------------------------------------------------------------------------
1 | 0.0.5.9
2 |
--------------------------------------------------------------------------------
/kubernetes/.dockerignore:
--------------------------------------------------------------------------------
1 | *
2 |
--------------------------------------------------------------------------------
/kubernetes/BRANCH:
--------------------------------------------------------------------------------
1 | 1.31
2 |
--------------------------------------------------------------------------------
/kubernetes/README.md:
--------------------------------------------------------------------------------
1 | kubernetes container
2 | ===================
3 |
4 | [kubernetes](https://github.com/kubernetes/kubernetes) image contains binaries for the Kubernetes components.
5 |
6 | Contained binaries:
7 |
8 | - kube-apiserver
9 | - kube-controller-manager
10 | - kube-proxy
11 | - kube-scheduler
12 | - kubelet
13 |
14 | Usage
15 | -----
16 |
17 | To launch `apiserver` by `docker run`:
18 |
19 | $ docker run --net=host --name apiserver -d \
20 | ghcr.io/cybozu/kubernetes:1.31 kube-apiserver \
21 | --advertise-address=192.168.1.101 \
22 | --insecure-bind-address=0.0.0.0 \
23 | --insecure-port=8080 \
24 | --enable-bootstrap-token-auth=true \
25 | --etcd-servers=http://192.168.1.101:2379,http://192.168.1.102:2379,http://192.168.1.103:2379 \
26 | --storage-backend=etcd3
27 |
28 | Docker images
29 | -------------
30 |
31 | Docker images are available on [ghcr.io](https://github.com/cybozu/neco-containers/pkgs/container/kubernetes)
32 |
--------------------------------------------------------------------------------
/kubernetes/TAG:
--------------------------------------------------------------------------------
1 | 1.31.6.1
2 |
--------------------------------------------------------------------------------
/kubernetes_update.svg:
--------------------------------------------------------------------------------
1 |
8 |
--------------------------------------------------------------------------------
/local-pv-provisioner/.dockerignore:
--------------------------------------------------------------------------------
1 | bin
2 | e2etest
3 | .dockerignore
4 | .git
5 | .github
6 | .gitignore
7 | README.md
8 |
--------------------------------------------------------------------------------
/local-pv-provisioner/.gitignore:
--------------------------------------------------------------------------------
1 | # Test binary, build with `go test -c`
2 | *.test
3 |
4 | # Output of the go coverage tool, specifically when used with LiteIDE
5 | *.out
6 |
7 | # Editors
8 | *~
9 | .*.swp
10 | .#*
11 | \#*#
12 | /.vscode
13 |
14 | # ignore tools
15 | /bin
16 | /testbin
17 | e2etest/bin
18 |
--------------------------------------------------------------------------------
/local-pv-provisioner/Dockerfile:
--------------------------------------------------------------------------------
1 | # local-pv-provisioner container
2 |
3 | # Stage1: build from source
4 | FROM ghcr.io/cybozu/golang:1.23-noble AS build
5 |
6 | COPY . /work
7 |
8 | WORKDIR /work
9 |
10 | RUN CGO_ENABLED=0 go install -ldflags="-w -s" .
11 |
12 | # Stage2: setup runtime container
13 | FROM scratch
14 | LABEL org.opencontainers.image.source="https://github.com/cybozu/neco-containers"
15 |
16 | COPY --from=build /go/bin /
17 |
18 | USER 10000:10000
19 |
20 | ENTRYPOINT ["/local-pv-provisioner"]
21 |
--------------------------------------------------------------------------------
/local-pv-provisioner/PROJECT:
--------------------------------------------------------------------------------
1 | domain: cybozu.com
2 | layout:
3 | - go.kubebuilder.io/v3
4 | projectName: local-pv-provisioner
5 | repo: github.com/cybozu/neco-containers/local-pv-provisioner
6 | resources:
7 | - controller: true
8 | group: core
9 | kind: PersistentVolume
10 | path: k8s.io/api/core/v1
11 | version: v1
12 | version: "3"
13 |
--------------------------------------------------------------------------------
/local-pv-provisioner/TAG:
--------------------------------------------------------------------------------
1 | 0.3.5
2 |
--------------------------------------------------------------------------------
/local-pv-provisioner/config/rbac/role.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: rbac.authorization.k8s.io/v1
3 | kind: ClusterRole
4 | metadata:
5 | name: local-pv-provisioner
6 | rules:
7 | - apiGroups:
8 | - ""
9 | resources:
10 | - nodes
11 | verbs:
12 | - get
13 | - list
14 | - watch
15 | - apiGroups:
16 | - ""
17 | resources:
18 | - persistentvolumes
19 | verbs:
20 | - create
21 | - delete
22 | - get
23 | - list
24 | - patch
25 | - update
26 | - watch
27 | ---
28 | apiVersion: rbac.authorization.k8s.io/v1
29 | kind: Role
30 | metadata:
31 | name: local-pv-provisioner
32 | namespace: default
33 | rules:
34 | - apiGroups:
35 | - ""
36 | resources:
37 | - configmaps
38 | verbs:
39 | - get
40 | - list
41 | - watch
42 |
--------------------------------------------------------------------------------
/local-pv-provisioner/controllers/fs_test.go:
--------------------------------------------------------------------------------
1 | package controllers
2 |
3 | import (
4 | "errors"
5 | )
6 |
7 | type notImplementedFS struct{}
8 |
9 | var _ fileSystem = ¬ImplementedFS{}
10 |
11 | func (fs *notImplementedFS) Open(name string) (file, error) {
12 | return nil, errors.New("not implemented")
13 | }
14 | func (fs *notImplementedFS) Stat(name string) (FileInfo, error) {
15 | return nil, errors.New("not implemented")
16 | }
17 | func (fs *notImplementedFS) OpenFile(name string, flag int, perm FileMode) (file, error) {
18 | return nil, errors.New("not implemented")
19 | }
20 | func (fs *notImplementedFS) Walk(root string, fn func(path string, info FileInfo, err error) error) error {
21 | return errors.New("not implemented")
22 | }
23 | func (fs *notImplementedFS) MkdirAll(path string, perm FileMode) error {
24 | return errors.New("not implemented")
25 | }
26 | func (fs *notImplementedFS) Remove(name string) error {
27 | return errors.New("not implemented")
28 | }
29 |
--------------------------------------------------------------------------------
/local-pv-provisioner/e2etest/ci-setup-kvm.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/bash -xeu
2 |
3 | set -o pipefail
4 |
5 | sudo apt-get update
6 | sudo apt-get install qemu-kvm libvirt-daemon-system libvirt-clients bridge-utils
7 | kvm-ok
8 | sudo adduser `id -un` libvirt
9 | sudo adduser `id -un` kvm
10 | virsh list --all
11 | sudo ls -la /var/run/libvirt/libvirt-sock
12 | sudo chmod 777 /var/run/libvirt/libvirt-sock
13 | sudo ls -la /var/run/libvirt/libvirt-sock
14 | ls -l /dev/kvm
15 |
--------------------------------------------------------------------------------
/local-pv-provisioner/e2etest/testdata/test-pod-block.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: batch/v1
3 | kind: Job
4 | metadata:
5 | name: test-job
6 | spec:
7 | template:
8 | spec:
9 | restartPolicy: Never
10 | containers:
11 | - name: ubuntu
12 | image: ubuntu:22.04
13 | command:
14 | - bash
15 | - -ex
16 | - -c
17 | - |
18 | dd if=/dev/urandom of=/dev/test-vol bs=1024 count=5
19 | volumeDevices:
20 | - name: test-vol
21 | devicePath: /dev/test-vol
22 | volumes:
23 | - name: test-vol
24 | persistentVolumeClaim:
25 | claimName: test-pvc-block
26 | ---
27 | apiVersion: v1
28 | kind: PersistentVolumeClaim
29 | metadata:
30 | name: test-pvc-block
31 | spec:
32 | accessModes:
33 | - ReadWriteOnce
34 | resources:
35 | requests:
36 | storage: 1Gi
37 | storageClassName: local-storage
38 | volumeMode: Block
39 |
--------------------------------------------------------------------------------
/local-pv-provisioner/e2etest/testdata/test-pod-fs.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: batch/v1
3 | kind: Job
4 | metadata:
5 | name: test-job
6 | spec:
7 | template:
8 | spec:
9 | restartPolicy: Never
10 | containers:
11 | - name: ubuntu
12 | image: ubuntu:22.04
13 | command:
14 | # Note that we don't have to write any file explicitly to
15 | # /mnt/test-vol in this Job to test lpp's zapping, because ext4 puts a
16 | # superblock at the start of the disk.
17 | # cf. https://www.kernel.org/doc/html/latest/filesystems/ext4/overview.html#layout
18 | - sleep
19 | - "1s"
20 | volumeMounts:
21 | - name: test-vol
22 | mountPath: /mnt/test-vol
23 | volumes:
24 | - name: test-vol
25 | persistentVolumeClaim:
26 | claimName: test-pvc-fs
27 | ---
28 | apiVersion: v1
29 | kind: PersistentVolumeClaim
30 | metadata:
31 | name: test-pvc-fs
32 | spec:
33 | accessModes:
34 | - ReadWriteOnce
35 | resources:
36 | requests:
37 | storage: 1Gi
38 | storageClassName: local-storage
39 | volumeMode: Filesystem
40 |
--------------------------------------------------------------------------------
/local-pv-provisioner/hack/boilerplate.go.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cybozu/neco-containers/4a16846b052e117bac466f475329a34aa21bdbfa/local-pv-provisioner/hack/boilerplate.go.txt
--------------------------------------------------------------------------------
/local-pv-provisioner/main.go:
--------------------------------------------------------------------------------
1 | package main
2 |
3 | import (
4 | "github.com/cybozu/neco-containers/local-pv-provisioner/cmd"
5 | )
6 |
7 | func main() {
8 | cmd.Execute()
9 | }
10 |
--------------------------------------------------------------------------------
/loki/README.md:
--------------------------------------------------------------------------------
1 | # Loki container
2 |
3 | This directory provides a Dockerfile to build a loki container
4 | that runs [grafana/loki](https://github.com/grafana/loki).
5 |
6 | ## Docker images
7 |
8 | Docker images are available on [ghcr.io](https://github.com/cybozu/neco-containers/pkgs/container/loki)
9 |
--------------------------------------------------------------------------------
/loki/TAG:
--------------------------------------------------------------------------------
1 | 3.4.2.1
2 |
--------------------------------------------------------------------------------
/loki/log-per-chunk-flush.patch:
--------------------------------------------------------------------------------
1 | diff --git a/pkg/ingester/flush.go b/pkg/ingester/flush.go
2 | index bffe1d2d3..541bd29c0 100644
3 | --- a/pkg/ingester/flush.go
4 | +++ b/pkg/ingester/flush.go
5 | @@ -185,6 +185,13 @@ func (i *Ingester) flushUserSeries(ctx context.Context, userID string, fp model.
6 | lbs := labels.String()
7 | level.Info(util_log.Logger).Log("msg", "flushing stream", "user", userID, "fp", fp, "immediate", immediate, "num_chunks", len(chunks), "labels", lbs)
8 |
9 | + for _, c := range chunks {
10 | + level.Info(util_log.Logger).Log(
11 | + "msg", "flushing chunk", "user", userID, "fp", fp, "immediate", immediate,
12 | + "reason", c.reason, "comp", c.chunk.CompressedSize(), "uncomp", c.chunk.UncompressedSize(),
13 | + "labels", lbs)
14 | + }
15 | +
16 | ctx = user.InjectOrgID(ctx, userID)
17 | ctx, cancelFunc := context.WithTimeout(ctx, i.cfg.FlushOpTimeout)
18 | defer cancelFunc()
19 |
--------------------------------------------------------------------------------
/machines-endpoints/Dockerfile:
--------------------------------------------------------------------------------
1 | # machines-endpoints container
2 |
3 | # Stage1: build from source
4 | FROM ghcr.io/cybozu/golang:1.23-noble AS build
5 |
6 | COPY . /work
7 |
8 | WORKDIR /work
9 |
10 | RUN CGO_ENABLED=0 go install -ldflags="-w -s" ./pkg/machines-endpoints
11 |
12 | # Stage2: setup runtime container
13 | FROM scratch
14 | LABEL org.opencontainers.image.source="https://github.com/cybozu/neco-containers"
15 |
16 | COPY --from=build /go/bin /
17 |
18 | USER 10000:10000
19 | EXPOSE 7373 7946
20 |
21 | ENTRYPOINT ["/machines-endpoints"]
22 |
--------------------------------------------------------------------------------
/machines-endpoints/Makefile:
--------------------------------------------------------------------------------
1 | SUDO = sudo
2 | SUDO_GO = $(SUDO) $(shell which go)
3 |
4 | .PHONY: all
5 | all: check-generate test
6 |
7 | .PHONY: setup
8 | setup:
9 | go install github.com/cybozu-go/golang-custom-analyzer/cmd/custom-checker@latest
10 | go install honnef.co/go/tools/cmd/staticcheck@latest
11 |
12 | .PHONY: check-generate
13 | check-generate:
14 | go mod tidy
15 | git diff --exit-code --name-only
16 |
17 | .PHONY: test
18 | test:
19 | test -z "$$(gofmt -s -l . | tee /dev/stderr)"
20 | staticcheck ./...
21 | test -z "$$(custom-checker -restrictpkg.packages=html/template,log ./... 2>&1 | tee /dev/stderr)"
22 | go vet ./...
23 | $(SUDO_GO) test -race -v ./...
24 |
--------------------------------------------------------------------------------
/machines-endpoints/TAG:
--------------------------------------------------------------------------------
1 | 0.9.6
2 |
--------------------------------------------------------------------------------
/machines-endpoints/pkg/machines-endpoints/main_test.go:
--------------------------------------------------------------------------------
1 | package main
2 |
3 | import (
4 | "testing"
5 |
6 | "github.com/google/go-cmp/cmp"
7 | )
8 |
9 | func TestUpdateBMCLogCollectorConfigMap(t *testing.T) {
10 | var ml []Machine
11 |
12 | var m0 Machine
13 | m0.Spec.IPv4 = append(m0.Spec.IPv4, "1.1.1.1")
14 | m0.Spec.IPv4 = append(m0.Spec.IPv4, "1.2.2.2")
15 | m0.Spec.BMC.IPv4 = "1.3.3.3"
16 | m0.Spec.Serial = "ABC123"
17 | ml = append(ml, m0)
18 |
19 | var m1 Machine
20 | m1.Spec.IPv4 = append(m1.Spec.IPv4, "2.1.1.1")
21 | m1.Spec.IPv4 = append(m1.Spec.IPv4, "2.2.2.2")
22 | m1.Spec.BMC.IPv4 = "2.3.3.3"
23 | m1.Spec.Serial = "XYZ123"
24 | ml = append(ml, m1)
25 |
26 | // expectedJSON is made from ml
27 | expectedJSON := `[{"serial":"ABC123","bmc_ipv4":"1.3.3.3","node_ipv4":"1.1.1.1"},{"serial":"XYZ123","bmc_ipv4":"2.3.3.3","node_ipv4":"2.1.1.1"}]`
28 | stringJSON, err := createMachinesList(ml)
29 | if err != nil {
30 | t.Fatalf("failed create JSON data %#v", err)
31 | }
32 | if !cmp.Equal(stringJSON, expectedJSON) {
33 | t.Fatalf("Not expected JSON data %v", expectedJSON)
34 | }
35 | }
36 |
--------------------------------------------------------------------------------
/memcached-exporter/Dockerfile:
--------------------------------------------------------------------------------
1 | # memcached_exporter container
2 |
3 | # Stage1: build from source
4 | FROM ghcr.io/cybozu/golang:1.24-noble AS build
5 |
6 | ARG MEMCACHED_EXPORTER_VERSION=0.15.0
7 |
8 | WORKDIR /work
9 | SHELL ["/bin/bash", "-o", "pipefail", "-c"]
10 | RUN git clone --depth=1 -b v${MEMCACHED_EXPORTER_VERSION} https://github.com/prometheus/memcached_exporter /work/memcached_exporter
11 |
12 | WORKDIR /work/memcached_exporter
13 | RUN make build
14 |
15 | # Stage2: setup runtime container
16 | FROM scratch
17 | LABEL org.opencontainers.image.source="https://github.com/cybozu/neco-containers"
18 |
19 | COPY --from=build /work/memcached_exporter/memcached_exporter /bin/memcached_exporter
20 | COPY --from=build /work/memcached_exporter/LICENSE /LICENSE
21 |
22 | USER 10000:10000
23 | EXPOSE 9150
24 | ENTRYPOINT ["/bin/memcached_exporter"]
25 |
--------------------------------------------------------------------------------
/memcached-exporter/README.md:
--------------------------------------------------------------------------------
1 | # Memcached Exporter container
2 |
3 | This directory provides a Dockerfile to build a Memcached Exporter container
4 | that runs `memcached_exporter` in [prometheus/memcached_exporter](https://github.com/prometheus/memcached_exporter).
5 |
6 | ## Docker images
7 |
8 | Docker images are available on [ghcr.io](https://github.com/cybozu/neco-containers/pkgs/container/memcached-exporter)
9 |
--------------------------------------------------------------------------------
/memcached-exporter/TAG:
--------------------------------------------------------------------------------
1 | 0.15.0.2
2 |
--------------------------------------------------------------------------------
/memcached/README.md:
--------------------------------------------------------------------------------
1 | # Memcached container
2 |
3 | This directory provides a Dockerfile to build a Memcached container
4 | that runs `memcached` in [memcached/memcached](https://github.com/memcached/memcached).
5 |
6 | ## Docker images
7 |
8 | Docker images are available on [ghcr.io](https://github.com/cybozu/neco-containers/pkgs/container/memcached)
9 |
--------------------------------------------------------------------------------
/memcached/TAG:
--------------------------------------------------------------------------------
1 | 1.6.37.1
2 |
--------------------------------------------------------------------------------
/meows-dctest-runner/.dockerignore:
--------------------------------------------------------------------------------
1 | *
2 | !include-bird
3 |
--------------------------------------------------------------------------------
/meows-dctest-runner/BRANCH:
--------------------------------------------------------------------------------
1 | 0.20
2 |
--------------------------------------------------------------------------------
/meows-dctest-runner/README.md:
--------------------------------------------------------------------------------
1 | meows-dctest-runner container
2 | =================
3 |
4 | Build Docker container image for [meows][], which is GitHub Actions self-hosted runner for running dctest.
5 |
6 | Docker images
7 | -------------
8 |
9 | Docker images are available on [ghcr.io](https://github.com/cybozu/neco-containers/pkgs/container/meows-dctest-runner)
10 |
11 | [meows]: https://github.com/cybozu-go/meows
12 |
--------------------------------------------------------------------------------
/meows-dctest-runner/TAG:
--------------------------------------------------------------------------------
1 | 0.20.1.1
2 |
--------------------------------------------------------------------------------
/meows-dctest-runner/include-bird:
--------------------------------------------------------------------------------
1 | path-include=/usr/share/doc/bird2/*
2 |
--------------------------------------------------------------------------------
/meows-neco-runner/BRANCH:
--------------------------------------------------------------------------------
1 | 0.20
2 |
--------------------------------------------------------------------------------
/meows-neco-runner/README.md:
--------------------------------------------------------------------------------
1 | meows-neco-runner container
2 | =================
3 |
4 | Build Docker container image for [meows][], which is GitHub Actions self-hosted runner on Neco cluster.
5 |
6 | Docker images
7 | -------------
8 |
9 | Docker images are available on [ghcr.io](https://github.com/cybozu/neco-containers/pkgs/container/meows-neco-runner)
10 |
11 | [meows]: https://github.com/cybozu-go/meows
12 |
--------------------------------------------------------------------------------
/meows-neco-runner/TAG:
--------------------------------------------------------------------------------
1 | 0.20.1.1
2 |
--------------------------------------------------------------------------------
/meows-neco-runner/install-necocli:
--------------------------------------------------------------------------------
1 | #!/bin/bash -xe
2 |
3 | GITHUB_TOKEN=$1
4 |
5 | BIN_DIR=/runner/_work/bin
6 | TMP_DIR=/runner/_work/tmp
7 | mkdir -p ${BIN_DIR} ${TMP_DIR}
8 |
9 | curl -o ${TMP_DIR}/latest.json -L -H "Authorization: token ${GITHUB_TOKEN}" "https://api.github.com/repos/cybozu-go/neco/releases/latest"
10 | DOWNLOAD_URL=$(cat ${TMP_DIR}/latest.json | jq -r '.assets[]|select(.name|test("neco-operation-cli-linux_.*"))|.url')
11 |
12 | curl -o ${TMP_DIR}/necocli.deb -L -H "Authorization: token ${GITHUB_TOKEN}" -H "Accept: application/octet-stream" ${DOWNLOAD_URL}
13 | dpkg -x ${TMP_DIR}/necocli.deb ${TMP_DIR}
14 | mv ${TMP_DIR}/usr/bin/* ${BIN_DIR}
15 |
16 | echo ${BIN_DIR} >> $GITHUB_PATH
17 |
--------------------------------------------------------------------------------
/no_need_update.svg:
--------------------------------------------------------------------------------
1 |
8 |
--------------------------------------------------------------------------------
/opentelemetry-collector/.dockerignore:
--------------------------------------------------------------------------------
1 | *
2 | !manifest.yaml
3 |
--------------------------------------------------------------------------------
/opentelemetry-collector/Dockerfile:
--------------------------------------------------------------------------------
1 | # opentelemetry-collector
2 |
3 | FROM ghcr.io/cybozu/golang:1.24-noble AS build
4 |
5 | ARG OTELCOL_VERSION=0.122.1
6 | ARG OTELCOL_CONTRIB_VERSION=0.122.0
7 |
8 | WORKDIR /work
9 | COPY manifest.yaml manifest.yaml.in
10 | RUN cat manifest.yaml.in | \
11 | sed -e s/\${OTELCOL_VERSION}/${OTELCOL_VERSION}/g | \
12 | sed -e s/\${OTELCOL_CONTRIB_VERSION}/${OTELCOL_CONTRIB_VERSION}/g > manifest.yaml && \
13 | go install go.opentelemetry.io/collector/cmd/builder@v${OTELCOL_VERSION} && \
14 | builder --config manifest.yaml
15 | RUN curl -sSf -o LICENSE https://raw.githubusercontent.com/open-telemetry/opentelemetry-collector/v${OTELCOL_VERSION}/LICENSE
16 |
17 | FROM ghcr.io/cybozu/ubuntu:24.04
18 | LABEL org.opencontainers.image.source="https://github.com/cybozu/neco-containers"
19 |
20 | COPY --from=build /work/_build/otelcol /otelcol
21 | COPY --from=build /work/LICENSE /LICENSE
22 |
23 | USER 10000:10000
24 |
25 | ENTRYPOINT ["/otelcol"]
26 | # this container image does not contain default config file.
27 |
--------------------------------------------------------------------------------
/opentelemetry-collector/TAG:
--------------------------------------------------------------------------------
1 | 0.122.1.1
2 |
--------------------------------------------------------------------------------
/pause/.dockerignore:
--------------------------------------------------------------------------------
1 | *
2 |
--------------------------------------------------------------------------------
/pause/BRANCH:
--------------------------------------------------------------------------------
1 | 3.10
2 |
--------------------------------------------------------------------------------
/pause/Dockerfile:
--------------------------------------------------------------------------------
1 | # pause container
2 |
3 | # Stage1: build from source
4 | FROM ghcr.io/cybozu/ubuntu-dev:24.04 AS build
5 |
6 | ARG K8S_VERSION=1.31.6
7 | ARG PAUSE_VERSION=3.10.1
8 |
9 | RUN mkdir /work
10 |
11 | WORKDIR /work
12 |
13 | RUN curl -sSLf -O https://raw.githubusercontent.com/kubernetes/kubernetes/v${K8S_VERSION}/build/pause/linux/pause.c \
14 | && gcc -Os -Wall -Werror -static -DVERSION=v${PAUSE_VERSION} -o pause pause.c \
15 | && strip pause
16 |
17 | RUN curl -sSLf -O https://github.com/kubernetes/kubernetes/raw/v${K8S_VERSION}/LICENSE
18 |
19 |
20 | # Stage2: setup runtime container
21 | FROM scratch
22 | LABEL org.opencontainers.image.source="https://github.com/cybozu/neco-containers"
23 |
24 | COPY --from=build /work/pause /pause
25 | COPY --from=build /work/LICENSE /LICENSE
26 |
27 | USER 65535:65535
28 |
29 | ENTRYPOINT ["/pause"]
30 |
--------------------------------------------------------------------------------
/pause/README.md:
--------------------------------------------------------------------------------
1 | pause container
2 | ===============
3 |
4 | [pause container](https://github.com/kubernetes/kubernetes/tree/master/build/pause) works as the parent of all other containers in a pod.
5 |
6 | Usage
7 | -----
8 |
9 | Specify the image name for kubelet with `--pod-infra-container-image` option.
10 |
11 | Docker images
12 | -------------
13 |
14 | Docker images are available on [ghcr.io](https://github.com/cybozu/neco-containers/pkgs/container/pause)
15 |
--------------------------------------------------------------------------------
/pause/TAG:
--------------------------------------------------------------------------------
1 | 3.10.1.1
2 |
--------------------------------------------------------------------------------
/pod-delete-rate-limiter/.dockerignore:
--------------------------------------------------------------------------------
1 | # More info: https://docs.docker.com/engine/reference/builder/#dockerignore-file
2 | # Ignore build and test binaries.
3 | bin/
4 |
--------------------------------------------------------------------------------
/pod-delete-rate-limiter/.gitignore:
--------------------------------------------------------------------------------
1 | *.out
2 | /bin
3 |
--------------------------------------------------------------------------------
/pod-delete-rate-limiter/Dockerfile:
--------------------------------------------------------------------------------
1 | # pod-deletion-rate-limiter container
2 |
3 | # Stage1: build from source
4 | FROM ghcr.io/cybozu/golang:1.23-noble AS build
5 |
6 | COPY . /work
7 |
8 | WORKDIR /work
9 |
10 | RUN CGO_ENABLED=0 go build -ldflags="-w -s" -o bin/pod-delete-rate-limiter cmd/main.go
11 |
12 | # Stage2: setup runtime container
13 | FROM scratch
14 | LABEL org.opencontainers.image.source="https://github.com/cybozu/neco-containers"
15 |
16 | COPY --from=build /work/bin/pod-delete-rate-limiter /pod-delete-rate-limiter
17 |
18 | USER 10000:10000
19 |
20 | ENTRYPOINT ["/pod-delete-rate-limiter"]
21 |
--------------------------------------------------------------------------------
/pod-delete-rate-limiter/README.md:
--------------------------------------------------------------------------------
1 | pod-delete-rate-limiter
2 | =======================
3 |
4 | pod-delete-rate-limiter is a rate-limiter for Pod deletion.
5 |
6 | This program is originally written intended to rate-limit StatefulSet rolling update by rate-limiting Pod deletion with validating webhook.
7 |
8 | Options
9 | -------
10 |
11 | - `-health-probe-bind-address` The address the probe endpoint binds to. (default `:8081`)
12 | - `-limited-user` The user who is applied rate limit. (default `system:serviceaccount:kube-system:statefulset-controller`)
13 | - `-metrics-bind-address` The address the metric endpoint binds to. (default `:8080`)
14 | - `-min-interval` The minimum interval in seconds for deletion. (default `1.0`)
15 | - and zap logger related options
16 | - `-zap-devel`
17 | - `-zap-encoder`
18 | - `-zap-log-level`
19 | - `-zap-stacktrace-level`
20 | - `-zap-time-encoding`
21 |
--------------------------------------------------------------------------------
/pod-delete-rate-limiter/TAG:
--------------------------------------------------------------------------------
1 | 1.1.3
2 |
--------------------------------------------------------------------------------
/pod-delete-rate-limiter/config/certmanager/kustomization.yaml:
--------------------------------------------------------------------------------
1 | resources:
2 | - certificate.yaml
3 |
4 | configurations:
5 | - kustomizeconfig.yaml
6 |
--------------------------------------------------------------------------------
/pod-delete-rate-limiter/config/certmanager/kustomizeconfig.yaml:
--------------------------------------------------------------------------------
1 | # This configuration is for teaching kustomize how to update name ref substitution
2 | nameReference:
3 | - kind: Issuer
4 | group: cert-manager.io
5 | fieldSpecs:
6 | - kind: Certificate
7 | group: cert-manager.io
8 | path: spec/issuerRef/name
9 |
--------------------------------------------------------------------------------
/pod-delete-rate-limiter/config/default/manager_config_patch.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: controller-manager
5 | namespace: system
6 | spec:
7 | template:
8 | spec:
9 | containers:
10 | - name: manager
11 |
--------------------------------------------------------------------------------
/pod-delete-rate-limiter/config/default/manager_webhook_patch.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: controller-manager
5 | namespace: system
6 | spec:
7 | template:
8 | spec:
9 | containers:
10 | - name: manager
11 | ports:
12 | - containerPort: 9443
13 | name: webhook-server
14 | protocol: TCP
15 | volumeMounts:
16 | - mountPath: /tmp/k8s-webhook-server/serving-certs
17 | name: cert
18 | readOnly: true
19 | volumes:
20 | - name: cert
21 | secret:
22 | defaultMode: 420
23 | secretName: webhook-server-cert
24 |
--------------------------------------------------------------------------------
/pod-delete-rate-limiter/config/manager/kustomization.yaml:
--------------------------------------------------------------------------------
1 | resources:
2 | - manager.yaml
3 |
--------------------------------------------------------------------------------
/pod-delete-rate-limiter/config/prometheus/kustomization.yaml:
--------------------------------------------------------------------------------
1 | resources:
2 | - monitor.yaml
3 |
--------------------------------------------------------------------------------
/pod-delete-rate-limiter/config/prometheus/monitor.yaml:
--------------------------------------------------------------------------------
1 |
2 | # Prometheus Monitor Service (Metrics)
3 | apiVersion: monitoring.coreos.com/v1
4 | kind: ServiceMonitor
5 | metadata:
6 | labels:
7 | control-plane: controller-manager
8 | app.kubernetes.io/name: servicemonitor
9 | app.kubernetes.io/instance: controller-manager-metrics-monitor
10 | app.kubernetes.io/component: metrics
11 | app.kubernetes.io/created-by: pod-delete-rate-limiter
12 | app.kubernetes.io/part-of: pod-delete-rate-limiter
13 | app.kubernetes.io/managed-by: kustomize
14 | name: controller-manager-metrics-monitor
15 | namespace: system
16 | spec:
17 | endpoints:
18 | - path: /metrics
19 | port: https
20 | scheme: https
21 | bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
22 | tlsConfig:
23 | insecureSkipVerify: true
24 | selector:
25 | matchLabels:
26 | control-plane: controller-manager
27 |
--------------------------------------------------------------------------------
/pod-delete-rate-limiter/config/rbac/auth_proxy_client_clusterrole.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: rbac.authorization.k8s.io/v1
2 | kind: ClusterRole
3 | metadata:
4 | labels:
5 | app.kubernetes.io/name: clusterrole
6 | app.kubernetes.io/instance: metrics-reader
7 | app.kubernetes.io/component: kube-rbac-proxy
8 | app.kubernetes.io/created-by: pod-delete-rate-limiter
9 | app.kubernetes.io/part-of: pod-delete-rate-limiter
10 | app.kubernetes.io/managed-by: kustomize
11 | name: metrics-reader
12 | rules:
13 | - nonResourceURLs:
14 | - "/metrics"
15 | verbs:
16 | - get
17 |
--------------------------------------------------------------------------------
/pod-delete-rate-limiter/config/rbac/auth_proxy_role.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: rbac.authorization.k8s.io/v1
2 | kind: ClusterRole
3 | metadata:
4 | labels:
5 | app.kubernetes.io/name: clusterrole
6 | app.kubernetes.io/instance: proxy-role
7 | app.kubernetes.io/component: kube-rbac-proxy
8 | app.kubernetes.io/created-by: pod-delete-rate-limiter
9 | app.kubernetes.io/part-of: pod-delete-rate-limiter
10 | app.kubernetes.io/managed-by: kustomize
11 | name: proxy-role
12 | rules:
13 | - apiGroups:
14 | - authentication.k8s.io
15 | resources:
16 | - tokenreviews
17 | verbs:
18 | - create
19 | - apiGroups:
20 | - authorization.k8s.io
21 | resources:
22 | - subjectaccessreviews
23 | verbs:
24 | - create
25 |
--------------------------------------------------------------------------------
/pod-delete-rate-limiter/config/rbac/auth_proxy_role_binding.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: rbac.authorization.k8s.io/v1
2 | kind: ClusterRoleBinding
3 | metadata:
4 | labels:
5 | app.kubernetes.io/name: clusterrolebinding
6 | app.kubernetes.io/instance: proxy-rolebinding
7 | app.kubernetes.io/component: kube-rbac-proxy
8 | app.kubernetes.io/created-by: pod-delete-rate-limiter
9 | app.kubernetes.io/part-of: pod-delete-rate-limiter
10 | app.kubernetes.io/managed-by: kustomize
11 | name: proxy-rolebinding
12 | roleRef:
13 | apiGroup: rbac.authorization.k8s.io
14 | kind: ClusterRole
15 | name: proxy-role
16 | subjects:
17 | - kind: ServiceAccount
18 | name: controller-manager
19 | namespace: system
20 |
--------------------------------------------------------------------------------
/pod-delete-rate-limiter/config/rbac/auth_proxy_service.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Service
3 | metadata:
4 | labels:
5 | control-plane: controller-manager
6 | app.kubernetes.io/name: service
7 | app.kubernetes.io/instance: controller-manager-metrics-service
8 | app.kubernetes.io/component: kube-rbac-proxy
9 | app.kubernetes.io/created-by: pod-delete-rate-limiter
10 | app.kubernetes.io/part-of: pod-delete-rate-limiter
11 | app.kubernetes.io/managed-by: kustomize
12 | name: controller-manager-metrics-service
13 | namespace: system
14 | spec:
15 | ports:
16 | - name: https
17 | port: 8443
18 | protocol: TCP
19 | targetPort: https
20 | selector:
21 | control-plane: controller-manager
22 |
--------------------------------------------------------------------------------
/pod-delete-rate-limiter/config/rbac/kustomization.yaml:
--------------------------------------------------------------------------------
1 | resources:
2 | # All RBAC will be applied under this service account in
3 | # the deployment namespace. You may comment out this resource
4 | # if your manager will use a service account that exists at
5 | # runtime. Be sure to update RoleBinding and ClusterRoleBinding
6 | # subjects if changing service account names.
7 | - service_account.yaml
8 | #- role.yaml
9 | #- role_binding.yaml
10 | #- leader_election_role.yaml
11 | #- leader_election_role_binding.yaml
12 | # Comment the following 4 lines if you want to disable
13 | # the auth proxy (https://github.com/brancz/kube-rbac-proxy)
14 | # which protects your /metrics endpoint.
15 | #- auth_proxy_service.yaml
16 | #- auth_proxy_role.yaml
17 | #- auth_proxy_role_binding.yaml
18 | #- auth_proxy_client_clusterrole.yaml
19 |
--------------------------------------------------------------------------------
/pod-delete-rate-limiter/config/rbac/leader_election_role.yaml:
--------------------------------------------------------------------------------
1 | # permissions to do leader election.
2 | apiVersion: rbac.authorization.k8s.io/v1
3 | kind: Role
4 | metadata:
5 | labels:
6 | app.kubernetes.io/name: role
7 | app.kubernetes.io/instance: leader-election-role
8 | app.kubernetes.io/component: rbac
9 | app.kubernetes.io/created-by: pod-delete-rate-limiter
10 | app.kubernetes.io/part-of: pod-delete-rate-limiter
11 | app.kubernetes.io/managed-by: kustomize
12 | name: leader-election-role
13 | rules:
14 | - apiGroups:
15 | - ""
16 | resources:
17 | - configmaps
18 | verbs:
19 | - get
20 | - list
21 | - watch
22 | - create
23 | - update
24 | - patch
25 | - delete
26 | - apiGroups:
27 | - coordination.k8s.io
28 | resources:
29 | - leases
30 | verbs:
31 | - get
32 | - list
33 | - watch
34 | - create
35 | - update
36 | - patch
37 | - delete
38 | - apiGroups:
39 | - ""
40 | resources:
41 | - events
42 | verbs:
43 | - create
44 | - patch
45 |
--------------------------------------------------------------------------------
/pod-delete-rate-limiter/config/rbac/leader_election_role_binding.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: rbac.authorization.k8s.io/v1
2 | kind: RoleBinding
3 | metadata:
4 | labels:
5 | app.kubernetes.io/name: rolebinding
6 | app.kubernetes.io/instance: leader-election-rolebinding
7 | app.kubernetes.io/component: rbac
8 | app.kubernetes.io/created-by: pod-delete-rate-limiter
9 | app.kubernetes.io/part-of: pod-delete-rate-limiter
10 | app.kubernetes.io/managed-by: kustomize
11 | name: leader-election-rolebinding
12 | roleRef:
13 | apiGroup: rbac.authorization.k8s.io
14 | kind: Role
15 | name: leader-election-role
16 | subjects:
17 | - kind: ServiceAccount
18 | name: controller-manager
19 | namespace: system
20 |
--------------------------------------------------------------------------------
/pod-delete-rate-limiter/config/rbac/role_binding.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: rbac.authorization.k8s.io/v1
2 | kind: ClusterRoleBinding
3 | metadata:
4 | labels:
5 | app.kubernetes.io/name: clusterrolebinding
6 | app.kubernetes.io/instance: manager-rolebinding
7 | app.kubernetes.io/component: rbac
8 | app.kubernetes.io/created-by: pod-delete-rate-limiter
9 | app.kubernetes.io/part-of: pod-delete-rate-limiter
10 | app.kubernetes.io/managed-by: kustomize
11 | name: manager-rolebinding
12 | roleRef:
13 | apiGroup: rbac.authorization.k8s.io
14 | kind: ClusterRole
15 | name: manager-role
16 | subjects:
17 | - kind: ServiceAccount
18 | name: controller-manager
19 | namespace: system
20 |
--------------------------------------------------------------------------------
/pod-delete-rate-limiter/config/rbac/service_account.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: ServiceAccount
3 | metadata:
4 | labels:
5 | app.kubernetes.io/name: serviceaccount
6 | app.kubernetes.io/instance: controller-manager-sa
7 | app.kubernetes.io/component: rbac
8 | app.kubernetes.io/created-by: pod-delete-rate-limiter
9 | app.kubernetes.io/part-of: pod-delete-rate-limiter
10 | app.kubernetes.io/managed-by: kustomize
11 | name: controller-manager
12 | namespace: system
13 |
--------------------------------------------------------------------------------
/pod-delete-rate-limiter/config/webhook/kustomization.yaml:
--------------------------------------------------------------------------------
1 | resources:
2 | - manifests.yaml
3 | - service.yaml
4 |
5 | configurations:
6 | - kustomizeconfig.yaml
7 |
--------------------------------------------------------------------------------
/pod-delete-rate-limiter/config/webhook/kustomizeconfig.yaml:
--------------------------------------------------------------------------------
1 | # the following config is for teaching kustomize where to look at when substituting nameReference.
2 | # It requires kustomize v2.1.0 or newer to work properly.
3 | nameReference:
4 | - kind: Service
5 | version: v1
6 | fieldSpecs:
7 | - kind: MutatingWebhookConfiguration
8 | group: admissionregistration.k8s.io
9 | path: webhooks/clientConfig/service/name
10 | - kind: ValidatingWebhookConfiguration
11 | group: admissionregistration.k8s.io
12 | path: webhooks/clientConfig/service/name
13 |
14 | namespace:
15 | - kind: MutatingWebhookConfiguration
16 | group: admissionregistration.k8s.io
17 | path: webhooks/clientConfig/service/namespace
18 | create: true
19 | - kind: ValidatingWebhookConfiguration
20 | group: admissionregistration.k8s.io
21 | path: webhooks/clientConfig/service/namespace
22 | create: true
23 |
--------------------------------------------------------------------------------
/pod-delete-rate-limiter/config/webhook/manifests.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: admissionregistration.k8s.io/v1
3 | kind: ValidatingWebhookConfiguration
4 | metadata:
5 | name: validating-webhook-configuration
6 | webhooks:
7 | - admissionReviewVersions:
8 | - v1
9 | clientConfig:
10 | service:
11 | name: webhook-service
12 | namespace: system
13 | path: /validate-core-v1-pod
14 | failurePolicy: Fail
15 | name: vpod.kb.io
16 | rules:
17 | - apiGroups:
18 | - ""
19 | apiVersions:
20 | - v1
21 | operations:
22 | - DELETE
23 | resources:
24 | - pods
25 | sideEffects: None
26 |
--------------------------------------------------------------------------------
/pod-delete-rate-limiter/config/webhook/service.yaml:
--------------------------------------------------------------------------------
1 |
2 | apiVersion: v1
3 | kind: Service
4 | metadata:
5 | labels:
6 | app.kubernetes.io/name: service
7 | app.kubernetes.io/instance: webhook-service
8 | app.kubernetes.io/component: webhook
9 | app.kubernetes.io/created-by: pod-delete-rate-limiter
10 | app.kubernetes.io/part-of: pod-delete-rate-limiter
11 | app.kubernetes.io/managed-by: kustomize
12 | name: webhook-service
13 | namespace: system
14 | spec:
15 | ports:
16 | - port: 443
17 | protocol: TCP
18 | targetPort: 9443
19 | selector:
20 | control-plane: controller-manager
21 |
--------------------------------------------------------------------------------
/pod-delete-rate-limiter/hack/boilerplate.go.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cybozu/neco-containers/4a16846b052e117bac466f475329a34aa21bdbfa/pod-delete-rate-limiter/hack/boilerplate.go.txt
--------------------------------------------------------------------------------
/pomerium/README.md:
--------------------------------------------------------------------------------
1 | # Pomerium container
2 |
3 | This directory provides a Dockerfile to build a pomerium container
4 | that runs `pomerium` in [pomerium/pomerium](https://github.com/pomerium/pomerium).
5 |
6 | ## Docker images
7 |
8 | Docker images are available on [ghcr.io](https://github.com/cybozu/neco-containers/pkgs/container/pomerium)
9 |
--------------------------------------------------------------------------------
/pomerium/TAG:
--------------------------------------------------------------------------------
1 | 0.28.0.2
2 |
--------------------------------------------------------------------------------
/prometheus-adapter/Dockerfile:
--------------------------------------------------------------------------------
1 | # prometheus-adapter container
2 |
3 | # Stage1: build from source
4 | FROM ghcr.io/cybozu/golang:1.24-noble AS build
5 |
6 | ARG PROMETHEUS_ADAPTER_VERSION=0.12.0
7 |
8 | RUN curl -fsSL -o pa.tar.gz https://github.com/kubernetes-sigs/prometheus-adapter/archive/v${PROMETHEUS_ADAPTER_VERSION}.tar.gz \
9 | && tar -x -z --strip-components 1 -f pa.tar.gz \
10 | && rm -f pa.tar.gz \
11 | && make all
12 |
13 | # Stage2: setup runtime container
14 | FROM scratch
15 | LABEL org.opencontainers.image.source="https://github.com/cybozu/neco-containers"
16 |
17 | COPY --from=build /work/adapter /adapter
18 | COPY --from=build /work/LICENSE /LICENSE
19 |
20 | USER 10000:10000
21 |
22 | ENTRYPOINT ["/adapter"]
23 |
--------------------------------------------------------------------------------
/prometheus-adapter/README.md:
--------------------------------------------------------------------------------
1 | prometheus-adapter container
2 | ============================
3 |
4 | This directory provides a Dockerfile to build a Docker container that runs [prometheus-adapter](https://github.com/kubernetes-sigs/prometheus-adapter).
5 |
6 | Docker images
7 | -------------
8 |
9 | Docker images are available on [ghcr.io](https://github.com/cybozu/neco-containers/pkgs/container/prometheus-adapter)
10 |
--------------------------------------------------------------------------------
/prometheus-adapter/TAG:
--------------------------------------------------------------------------------
1 | 0.12.0.3
2 |
--------------------------------------------------------------------------------
/prometheus-config-reloader/.dockerignore:
--------------------------------------------------------------------------------
1 | *
2 |
--------------------------------------------------------------------------------
/prometheus-config-reloader/Dockerfile:
--------------------------------------------------------------------------------
1 | # prometheus-config-reloader container
2 |
3 | # Stage1: build from source
4 | FROM ghcr.io/cybozu/golang:1.24-noble AS build
5 |
6 | ARG PROMETHEUS_OPERATOR_VERSION=0.82.1
7 |
8 | RUN curl -fsSL -o prometheus-operator.tar.gz "https://github.com/prometheus-operator/prometheus-operator/archive/v${PROMETHEUS_OPERATOR_VERSION}.tar.gz" \
9 | && tar -x -z --strip-components 1 -f prometheus-operator.tar.gz \
10 | && rm -f prometheus-operator.tar.gz \
11 | && CGO_ENABLED=0 go install -ldflags="-w -s" ./cmd/prometheus-config-reloader
12 |
13 | # Stage2: setup runtime container
14 | FROM ghcr.io/cybozu/ubuntu:24.04
15 | LABEL org.opencontainers.image.source="https://github.com/cybozu/neco-containers"
16 |
17 | COPY --from=build /go/bin/prometheus-config-reloader /bin/prometheus-config-reloader
18 | COPY --from=build /work/LICENSE /
19 | COPY --from=build /work/NOTICE /
20 |
21 | USER 10000:10000
22 |
23 | ENTRYPOINT ["/bin/prometheus-config-reloader"]
24 |
--------------------------------------------------------------------------------
/prometheus-config-reloader/README.md:
--------------------------------------------------------------------------------
1 | prometheus-config-reloader
2 | ==========================
3 |
4 | This container contains prometheus-config-reloader, which is used internally by Prometheus Operator or VictoriaMetrics operator.
5 |
6 | - [source code (in Prometheus Operator)](https://github.com/prometheus-operator/prometheus-operator/tree/master/cmd/prometheus-config-reloader)
7 |
8 | Docker images
9 | -------------
10 |
11 | Docker images are available on [ghcr.io](https://github.com/cybozu/neco-containers/pkgs/container/prometheus-config-reloader)
12 |
--------------------------------------------------------------------------------
/prometheus-config-reloader/TAG:
--------------------------------------------------------------------------------
1 | 0.82.1.1
2 |
--------------------------------------------------------------------------------
/promtail-debug/README.md:
--------------------------------------------------------------------------------
1 | # promtail-debug
2 |
3 | promtail-debug is patched version of promtail for debugging.
4 |
--------------------------------------------------------------------------------
/promtail-debug/TAG:
--------------------------------------------------------------------------------
1 | 2.9.1.2
2 |
--------------------------------------------------------------------------------
/promtail/README.md:
--------------------------------------------------------------------------------
1 | # Promtail container
2 |
3 | This directory provides a Dockerfile to build a promtail container
4 | that runs `promtail` in [grafana/loki](https://github.com/grafana/loki).
5 |
6 | ## Docker images
7 |
8 | Docker images are available on [ghcr.io](https://github.com/cybozu/neco-containers/pkgs/container/promtail)
9 |
--------------------------------------------------------------------------------
/promtail/TAG:
--------------------------------------------------------------------------------
1 | 3.4.2.1
2 |
--------------------------------------------------------------------------------
/pushgateway/.dockerignore:
--------------------------------------------------------------------------------
1 | *
2 |
--------------------------------------------------------------------------------
/pushgateway/Dockerfile:
--------------------------------------------------------------------------------
1 | # pushgateway container
2 |
3 | # Stage1: build from source
4 | FROM ghcr.io/cybozu/golang:1.24-noble AS build
5 |
6 | ARG PUSHGATEWAY_VERSION=1.11.0
7 |
8 | # Workaround https://github.com/ksonnet/ksonnet/issues/298#issuecomment-360531855
9 | ENV USER=root
10 | SHELL ["/bin/bash", "-o", "pipefail", "-c"]
11 |
12 | WORKDIR /work/pushgateway
13 | RUN curl -fsSL -o pushgateway.tar.gz "https://github.com/prometheus/pushgateway/archive/v${PUSHGATEWAY_VERSION}.tar.gz" \
14 | && tar -x -z --strip-components 1 -f pushgateway.tar.gz \
15 | && rm -f pushgateway.tar.gz \
16 | && make build
17 |
18 | # Stage2: setup runtime container
19 | FROM scratch
20 | LABEL org.opencontainers.image.source="https://github.com/cybozu/neco-containers"
21 |
22 | COPY --from=build /work/pushgateway/pushgateway /
23 | COPY --from=build /work/pushgateway/LICENSE /LICENSE
24 |
25 | USER 10000:10000
26 |
27 | EXPOSE 9091
28 |
29 | ENTRYPOINT ["/pushgateway"]
30 |
--------------------------------------------------------------------------------
/pushgateway/README.md:
--------------------------------------------------------------------------------
1 | Prometheus container
2 | ====================
3 |
4 | This repository contains Dockerfile for [pushgateway](https://github.com/prometheus/pushgateway).
5 |
6 | ## Docker images
7 |
8 | Docker images are available on [ghcr.io](https://github.com/cybozu/neco-containers/pkgs/container/pushgateway)
9 |
--------------------------------------------------------------------------------
/pushgateway/TAG:
--------------------------------------------------------------------------------
1 | 1.11.0.1
2 |
--------------------------------------------------------------------------------
/pyroscope/.gitignore:
--------------------------------------------------------------------------------
1 | src
2 |
--------------------------------------------------------------------------------
/pyroscope/Dockerfile:
--------------------------------------------------------------------------------
1 | # ==================== pyroscope-builder image ====================
2 | # https://github.com/grafana/pyroscope/blob/main/cmd/pyroscope/Dockerfile
3 | FROM ghcr.io/cybozu/golang:1.24-noble AS builder
4 |
5 | COPY src/pyroscope ./pyroscope
6 | RUN make -C pyroscope EMBEDASSETS="" go/bin
7 |
8 | # ==================== pyroscope image ====================
9 | FROM ghcr.io/cybozu/ubuntu:24.04
10 | LABEL org.opencontainers.image.source="https://github.com/cybozu/neco-containers"
11 |
12 | COPY --from=builder /work/pyroscope/LICENSE /usr/local/pyroscope/LICENSE
13 | COPY --from=builder /work/pyroscope/cmd/pyroscope/pyroscope.yaml /etc/pyroscope/config.yaml
14 | COPY --from=builder /work/pyroscope/profilecli /usr/local/bin/profilecli
15 | COPY --from=builder /work/pyroscope/pyroscope /usr/local/bin/pyroscope
16 |
17 | RUN mkdir -p /data && \
18 | mkdir -p /data-compactor && \
19 | chown -R 10000:10000 /data && \
20 | chown -R 10000:10000 /data-compactor
21 |
22 | USER 10000:10000
23 | EXPOSE 4040
24 | ENTRYPOINT [ "/usr/local/bin/pyroscope" ]
25 | CMD ["-config.file=/etc/pyroscope/config.yaml"]
26 |
--------------------------------------------------------------------------------
/pyroscope/TAG:
--------------------------------------------------------------------------------
1 | 1.13.4.1
2 |
--------------------------------------------------------------------------------
/redis/.dockerignore:
--------------------------------------------------------------------------------
1 | *
2 |
--------------------------------------------------------------------------------
/redis/BRANCH:
--------------------------------------------------------------------------------
1 | 7.0
2 |
--------------------------------------------------------------------------------
/redis/README.md:
--------------------------------------------------------------------------------
1 | # Redis container
2 |
3 | [Redis](https://redis.io/) is an in-memory database that persists on disk.
4 |
5 | ## Usage
6 |
7 | ### Launch Redis
8 |
9 | ```bash
10 | docker run --name=redis ghcr.io/cybozu/redis:7.0
11 | ```
12 |
13 | ### Run Redis CLI
14 |
15 | ```console
16 | $ docker exec -it redis redis-cli
17 | 127.0.0.1:6379> SET foo bar
18 | OK
19 | 127.0.0.1:6379> keys *
20 | 1) "foo"
21 | ```
22 |
23 | ## Docker images
24 |
25 | Docker images are available on [ghcr.io](https://github.com/cybozu/neco-containers/pkgs/container/redis)
26 |
--------------------------------------------------------------------------------
/redis/TAG:
--------------------------------------------------------------------------------
1 | 7.0.15.1
2 |
--------------------------------------------------------------------------------
/registry/.dockerignore:
--------------------------------------------------------------------------------
1 | *
2 |
--------------------------------------------------------------------------------
/registry/BRANCH:
--------------------------------------------------------------------------------
1 | 2.8
2 |
--------------------------------------------------------------------------------
/registry/README.md:
--------------------------------------------------------------------------------
1 | # Registry container
2 |
3 | [Registry](https://github.com/distribution/distribution) is a stateless, highly scalable server side application that stores and lets you distribute Docker images.
4 |
5 | ## Usage
6 |
7 | ### Launch Registry
8 |
9 | ```console
10 | $ docker run --name=registry -p 5000:5000 ghcr.io/cybozu/registry:2.8
11 | ```
12 |
13 | ## Docker images
14 |
15 | Docker images are available on [ghcr.io](https://github.com/cybozu/neco-containers/pkgs/container/registry)
16 |
--------------------------------------------------------------------------------
/registry/TAG:
--------------------------------------------------------------------------------
1 | 2.8.3.6
2 |
--------------------------------------------------------------------------------
/regular_update.svg:
--------------------------------------------------------------------------------
1 |
8 |
--------------------------------------------------------------------------------
/rook/BRANCH:
--------------------------------------------------------------------------------
1 | 1.17
2 |
--------------------------------------------------------------------------------
/rook/README.md:
--------------------------------------------------------------------------------
1 | Rook container
2 | ==============
3 |
4 | This container uses a [rook][].
5 |
6 | [rook]: https://github.com/rook/rook
7 |
8 | Docker images
9 | -------------
10 |
11 | Docker images are available on [ghcr.io](https://github.com/cybozu/neco-containers/pkgs/container/rook)
12 |
--------------------------------------------------------------------------------
/rook/TAG:
--------------------------------------------------------------------------------
1 | 1.17.1.1
2 |
--------------------------------------------------------------------------------
/s3gw/.gitignore:
--------------------------------------------------------------------------------
1 | s3gw
2 |
--------------------------------------------------------------------------------
/s3gw/Dockerfile:
--------------------------------------------------------------------------------
1 | # s3gw container
2 |
3 | # Stage1: build from source
4 | FROM ghcr.io/cybozu/golang:1.24-noble AS build
5 |
6 | COPY . /work
7 |
8 | WORKDIR /work
9 |
10 | RUN CGO_ENABLED=0 go install -ldflags="-w -s" .
11 |
12 | # Stage2: setup runtime container
13 | FROM scratch
14 | LABEL org.opencontainers.image.source="https://github.com/cybozu/neco-containers"
15 |
16 | COPY --from=build /go/bin /
17 |
18 | USER 10000:10000
19 |
20 | ENTRYPOINT ["/s3gw"]
21 |
--------------------------------------------------------------------------------
/s3gw/Makefile:
--------------------------------------------------------------------------------
1 | SUDO = sudo
2 | SUDO_GO = $(SUDO) $(shell which go)
3 |
4 | .PHONY: all
5 | all: check-generate test
6 |
7 | .PHONY: setup
8 | setup:
9 | go install github.com/cybozu-go/golang-custom-analyzer/cmd/custom-checker@latest
10 | go install honnef.co/go/tools/cmd/staticcheck@latest
11 |
12 | .PHONY: check-generate
13 | check-generate:
14 | go mod tidy
15 | git diff --exit-code --name-only
16 |
17 | .PHONY: test
18 | test:
19 | test -z "$$(gofmt -s -l . | tee /dev/stderr)"
20 | staticcheck ./...
21 | test -z "$$(custom-checker -restrictpkg.packages=html/template,log ./... 2>&1 | tee /dev/stderr)"
22 | go vet ./...
23 | $(SUDO_GO) test -race -v ./...
24 |
--------------------------------------------------------------------------------
/s3gw/TAG:
--------------------------------------------------------------------------------
1 | 1.0.17
2 |
--------------------------------------------------------------------------------
/sealed-secrets/BRANCH:
--------------------------------------------------------------------------------
1 | 0.29
2 |
--------------------------------------------------------------------------------
/sealed-secrets/Dockerfile:
--------------------------------------------------------------------------------
1 | # Build stage
2 | FROM ghcr.io/cybozu/golang:1.24-noble AS build
3 |
4 | ARG SEALED_SECRETS_VERSION=0.29.0
5 |
6 | RUN curl -sLf -o sealed-secrets.tar.gz https://github.com/bitnami-labs/sealed-secrets/archive/v${SEALED_SECRETS_VERSION}.tar.gz \
7 | && tar --strip-components=1 -xzf sealed-secrets.tar.gz \
8 | && rm sealed-secrets.tar.gz \
9 | && make TAG=${SEALED_SECRETS_VERSION} controller-static
10 |
11 | # Runtime stage
12 | FROM scratch
13 | LABEL org.opencontainers.image.source="https://github.com/cybozu/neco-containers"
14 |
15 | COPY --from=build /work/controller-static /controller
16 | COPY --from=build /work/LICENSE /LICENSE
17 |
18 | USER 1001:1001
19 | EXPOSE 8080 8081
20 | ENTRYPOINT ["/controller"]
21 |
--------------------------------------------------------------------------------
/sealed-secrets/README.md:
--------------------------------------------------------------------------------
1 | sealed-secrets
2 | ==============
3 |
4 | This directory provides a Dockerfile to build a Docker container for [sealed-secrets](https://github.com/bitnami-labs/sealed-secrets).
5 |
6 | Docker images
7 | -------------
8 |
9 | Docker images are available on [ghcr.io](https://github.com/cybozu/neco-containers/pkgs/container/sealed-secrets)
10 |
--------------------------------------------------------------------------------
/sealed-secrets/TAG:
--------------------------------------------------------------------------------
1 | 0.29.0.1
2 |
--------------------------------------------------------------------------------
/serf/.dockerignore:
--------------------------------------------------------------------------------
1 | *
2 | !install-tools
3 |
--------------------------------------------------------------------------------
/serf/BRANCH:
--------------------------------------------------------------------------------
1 | 0.10
2 |
--------------------------------------------------------------------------------
/serf/TAG:
--------------------------------------------------------------------------------
1 | 0.10.2.1
2 |
--------------------------------------------------------------------------------
/serf/install-tools:
--------------------------------------------------------------------------------
1 | #!/bin/sh -e
2 |
3 | DEST=/host
4 |
5 | cp --remove-destination /usr/local/serf/bin/serf $DEST/usr/local/bin/serf
6 | chmod 755 $DEST/usr/local/bin/serf
7 |
--------------------------------------------------------------------------------
/spegel/.dockerignore:
--------------------------------------------------------------------------------
1 | *
2 |
--------------------------------------------------------------------------------
/spegel/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM ghcr.io/cybozu/golang:1.22-jammy AS builder
2 | ARG SPEGEL_VERSION=0.0.18
3 |
4 | WORKDIR /work/spegel
5 |
6 | RUN curl -sSLf https://github.com/XenitAB/spegel/archive/v${SPEGEL_VERSION}.tar.gz | \
7 | tar zxf - --strip-components 1 -C /work/spegel
8 |
9 | RUN go mod download
10 | RUN CGO_ENABLED=0 go build -installsuffix 'static' -o spegel .
11 |
12 | FROM scratch
13 | LABEL org.opencontainers.image.source="https://github.com/cybozu/neco-containers"
14 |
15 | COPY --from=builder /work/spegel /app/
16 | WORKDIR /app
17 |
18 | ENTRYPOINT ["./spegel"]
19 |
--------------------------------------------------------------------------------
/spegel/README.md:
--------------------------------------------------------------------------------
1 | # Spegel
2 |
3 | This container contains Spegel.
4 |
5 | - [source code](https://github.com/XenitAB/spegel)
6 |
7 | ## Docker images
8 |
9 | Docker images are available on [ghcr.io](https://github.com/cybozu/neco-containers/pkgs/container/spegel)
10 |
--------------------------------------------------------------------------------
/spegel/TAG:
--------------------------------------------------------------------------------
1 | 0.0.18.1
2 |
--------------------------------------------------------------------------------
/squid-exporter/.gitignore:
--------------------------------------------------------------------------------
1 | squid-exporter
2 | bin
3 |
--------------------------------------------------------------------------------
/squid-exporter/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM ghcr.io/cybozu/golang:1.24-noble AS build
2 | COPY . /work/src
3 | WORKDIR /work/src
4 | RUN CGO_ENABLED=0 go build -ldflags="-w -s" -o squid-exporter
5 |
6 | FROM scratch
7 | LABEL org.opencontainers.image.source="https://github.com/cybozu/neco-containers"
8 |
9 | COPY --from=build /work/src/squid-exporter /
10 | EXPOSE 8080/tcp
11 | ENTRYPOINT ["/squid-exporter"]
12 |
--------------------------------------------------------------------------------
/squid-exporter/Makefile:
--------------------------------------------------------------------------------
1 |
2 | .PHONEY build:
3 | build:
4 | CGO_ENABLED=0 go build -ldflags="-w -s" -o squid-exporter .
5 |
6 | .PHONEY run-squid:
7 | run-squid:
8 | docker run --rm -it --net=host --name squid ghcr.io/cybozu/squid:6
9 |
10 | .PHONEY test:
11 | test:
12 | go test -v ./...
13 | make -C e2e setup
14 | make -C e2e start
15 | make -C e2e test
16 |
17 | .PHONEY unit-test:
18 | unit-test:
19 | go test -v ./...
20 |
21 | .PHONEY docker-build:
22 | docker-build:
23 | docker build -t ghcr.io/cybozu/squid-exporter:dev .
24 |
--------------------------------------------------------------------------------
/squid-exporter/README.md:
--------------------------------------------------------------------------------
1 | # squid-exporter
2 | Prometheus exporter for squid
3 |
4 | ## Description
5 | squid-exporter converts squid counters and service_times to prometheus metrics.
6 |
7 | ## Usage
8 | ```
9 | ./squid-exporter -squid-host localhost -squid-port 3128 -metrics-port 8080
10 | ```
11 |
12 | ## Option
13 | | option | default | description |
14 | | ---- | ---- | ---- |
15 | | -squid-host | localhost | squid host |
16 | | -squid-port | 3128 | squid port |
17 | | -metrics-port | 9100 | metrics expose port |
18 |
19 |
--------------------------------------------------------------------------------
/squid-exporter/TAG:
--------------------------------------------------------------------------------
1 | 1.0.8
2 |
--------------------------------------------------------------------------------
/squid-exporter/client.go:
--------------------------------------------------------------------------------
1 | package main
2 |
3 | import (
4 | "fmt"
5 | "io"
6 | "net/http"
7 | )
8 |
9 | type SquidClient interface {
10 | GetCounters() (io.ReadCloser, error)
11 | GetServiceTimes() (io.ReadCloser, error)
12 | }
13 |
14 | type squidClient struct {
15 | client *http.Client
16 | Host string
17 | Port int
18 | }
19 |
20 | func NewSquidClient(config *Config) *squidClient {
21 | return &squidClient{
22 | client: &http.Client{},
23 | Host: config.SquidHost,
24 | Port: config.SquidPort,
25 | }
26 | }
27 |
28 | func (c *squidClient) GetCounters() (io.ReadCloser, error) {
29 | resp, err := c.client.Get(fmt.Sprintf("http://%s:%d/squid-internal-mgr/counters", c.Host, c.Port))
30 | if err != nil {
31 | return nil, err
32 | }
33 | return resp.Body, err
34 | }
35 |
36 | func (c *squidClient) GetServiceTimes() (io.ReadCloser, error) {
37 | resp, err := c.client.Get(fmt.Sprintf("http://%s:%d/squid-internal-mgr/service_times", c.Host, c.Port))
38 | if err != nil {
39 | return nil, err
40 | }
41 | return resp.Body, err
42 | }
43 |
--------------------------------------------------------------------------------
/squid-exporter/config.go:
--------------------------------------------------------------------------------
1 | package main
2 |
3 | import "flag"
4 |
5 | type Config struct {
6 | SquidHost string
7 | SquidPort int
8 | MetricsPort int
9 | }
10 |
11 | var (
12 | flagSquidHost = flag.String("squid-host", "localhost", "Squid host")
13 | flagSquidPort = flag.Int("squid-port", 3128, "Squid port")
14 | flagMetricsPort = flag.Int("metrics-port", 9100, "Metrics port")
15 | )
16 |
17 | func NewConfig() *Config {
18 | flag.Parse()
19 | return &Config{
20 | SquidHost: *flagSquidHost,
21 | SquidPort: *flagSquidPort,
22 | MetricsPort: *flagMetricsPort,
23 | }
24 | }
25 |
--------------------------------------------------------------------------------
/squid-exporter/e2e/pod.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Pod
3 | metadata:
4 | name: e2e
5 | spec:
6 | containers:
7 | - name: squid
8 | image: ghcr.io/cybozu/squid:6
9 | - name: squid-exporter
10 | image: ghcr.io/cybozu/squid-exporter:dev
11 | imagePullPolicy: Never
12 |
--------------------------------------------------------------------------------
/squid-exporter/e2e/run_test.go:
--------------------------------------------------------------------------------
1 | package e2e
2 |
3 | import (
4 | "bytes"
5 | "fmt"
6 | "os/exec"
7 | )
8 |
9 | func kubectl(input []byte, args ...string) ([]byte, error) {
10 | stdout := new(bytes.Buffer)
11 | stderr := new(bytes.Buffer)
12 | cmd := exec.Command("../bin/kubectl", args...)
13 | cmd.Stdout = stdout
14 | cmd.Stderr = stderr
15 | if input != nil {
16 | cmd.Stdin = bytes.NewReader(input)
17 | }
18 | err := cmd.Run()
19 | if err == nil {
20 | return stdout.Bytes(), nil
21 | }
22 | return nil, fmt.Errorf("kubectl failed with %s: stderr=%s", err, stderr)
23 | }
24 |
--------------------------------------------------------------------------------
/squid/.dockerignore:
--------------------------------------------------------------------------------
1 | *
2 |
--------------------------------------------------------------------------------
/squid/BRANCH:
--------------------------------------------------------------------------------
1 | 6
2 |
--------------------------------------------------------------------------------
/squid/README.md:
--------------------------------------------------------------------------------
1 | # Squid container
2 |
3 | [Squid](http://www.squid-cache.org/) is a web proxy cache service.
4 |
5 | ## Usage
6 |
7 | ### Run with the default configuration
8 |
9 | $ docker run -d --read-only ghcr.io/cybozu/squid:6
10 | ### Launch Squid with specific config file
11 |
12 | Prepare `squid.conf`, then execute following command.
13 |
14 | $ docker run -d --read-only \
15 | -v /path/to/your/squid.conf:/etc/squid/squid.conf:ro \
16 | ghcr.io/cybozu/squid:6
17 |
18 | Your `squid.conf` must have the following configurations:
19 |
20 | pid_filename none
21 | logfile_rotate 0
22 | access_log stdio:/dev/stdout
23 | cache_log stdio:/dev/stderr
24 |
25 | ## Docker images
26 |
27 | Docker images are available on [ghcr.io](https://github.com/cybozu/neco-containers/pkgs/container/squid)
28 |
--------------------------------------------------------------------------------
/squid/TAG:
--------------------------------------------------------------------------------
1 | 6.13.0.1
2 |
--------------------------------------------------------------------------------
/stakater-reloader/.dockerignore:
--------------------------------------------------------------------------------
1 | *
2 | !TAG
3 |
--------------------------------------------------------------------------------
/stakater-reloader/BRANCH:
--------------------------------------------------------------------------------
1 | 1.3
2 |
--------------------------------------------------------------------------------
/stakater-reloader/Dockerfile:
--------------------------------------------------------------------------------
1 | # stakater/Reloader container
2 |
3 | # Stage1: build from source
4 | FROM ghcr.io/cybozu/golang:1.23-jammy AS build
5 |
6 | COPY TAG /
7 | WORKDIR /workspace
8 | SHELL ["/bin/bash", "-o", "pipefail", "-c"]
9 | RUN VERSION=$(cut -d \. -f 1,2,3 < /TAG ) \
10 | && curl -fsSL https://github.com/stakater/Reloader/archive/v${VERSION}.tar.gz | \
11 | tar --strip-components=1 -xzf -
12 |
13 | # Build
14 | RUN CGO_ENABLED=0 GO111MODULE=on go build -mod=mod -a -o manager main.go
15 |
16 | # Stage2: setup runtime container
17 | FROM scratch
18 | LABEL org.opencontainers.image.source="https://github.com/cybozu/neco-containers"
19 |
20 | WORKDIR /
21 | COPY --from=build /workspace/manager .
22 | COPY --from=build /workspace/LICENSE /LICENSE
23 |
24 | USER 10000:10000
25 | EXPOSE 9090
26 |
27 | ENTRYPOINT ["/manager"]
28 |
--------------------------------------------------------------------------------
/stakater-reloader/README.md:
--------------------------------------------------------------------------------
1 | stakater/Reloader
2 | =================
3 |
4 | [stakater/Reloader](https://github.com/stakater/Reloader) is a Kubernetes controller to watch changes in ConfigMap and Secrets and do rolling upgrades on Pods with their associated Deployment, StatefulSet, DaemonSet and DeploymentConfig. This directory provides the Dockerfile for building a container image containing stakater/Reloader.
5 |
6 | Docker images
7 | -------------
8 |
9 | Docker images are available on [ghcr.io](https://ghcr.io/cybozu/stakater-reloader)
10 |
--------------------------------------------------------------------------------
/stakater-reloader/TAG:
--------------------------------------------------------------------------------
1 | 1.3.0.2
2 |
--------------------------------------------------------------------------------
/tag_branch_consistency:
--------------------------------------------------------------------------------
1 | #!/bin/sh -e
2 |
3 | if [ $# -eq 0 ]; then
4 | echo "Usage: tag_branch_consistency DIR"
5 | exit 1
6 | fi
7 |
8 | DIR="$1"
9 |
10 | if [ ! -f ${DIR}/BRANCH ]; then
11 | echo "Skip because BRANCH not found"
12 | exit 0
13 | fi
14 |
15 | TAG=$(cat "${DIR}"/TAG)
16 | BRANCH=$(cat "${DIR}"/BRANCH)
17 |
18 | if [ ${TAG} = $(echo ${BRANCH}$(echo ${TAG} | sed -e s/${BRANCH}//)) ]; then
19 | exit 0
20 | fi
21 |
22 | echo "TAG: ${TAG} and BRANCH: ${BRANCH} diverge"
23 | exit 1
24 |
--------------------------------------------------------------------------------
/tag_exists:
--------------------------------------------------------------------------------
1 | #!/bin/sh -e
2 |
3 | if [ $# -eq 0 ]; then
4 | echo "Usage: tag_exists NAME"
5 | exit 1
6 | fi
7 |
8 | API=https://quay.io/api/v1
9 | NAME="$1"
10 | if [ $# -eq 2 ]; then
11 | DIR="$2"
12 | else
13 | DIR="$NAME"
14 | fi
15 | TAG=$(cat "$DIR"/TAG)
16 | RESPONSE=$(curl -sSfL "$API/repository/cybozu/$NAME/tag/?specificTag=$TAG&onlyActiveTags=true")
17 | NUM=$(echo "$RESPONSE" | jq '.tags | length')
18 |
19 | if [ $NUM -gt 0 ]; then
20 | echo "ok"
21 | exit 0
22 | fi
23 |
24 | echo "ng"
25 |
--------------------------------------------------------------------------------
/tcp-keepalive/.dockerignore:
--------------------------------------------------------------------------------
1 | .gitignore
2 | BRANCH
3 | README.md
4 | TAG
--------------------------------------------------------------------------------
/tcp-keepalive/.gitignore:
--------------------------------------------------------------------------------
1 | ### Go template
2 | # If you prefer the allow list template instead of the deny list, see community template:
3 | # https://github.com/github/gitignore/blob/main/community/Golang/Go.AllowList.gitignore
4 | #
5 | # Binaries for programs and plugins
6 | *.exe
7 | *.exe~
8 | *.dll
9 | *.so
10 | *.dylib
11 |
12 | # Test binary, built with `go test -c`
13 | *.test
14 |
15 | # Output of the go coverage tool, specifically when used with LiteIDE
16 | *.out
17 |
18 | # Dependency directories (remove the comment below to include it)
19 | # vendor/
20 |
21 | # Go workspace file
22 | go.work
23 |
24 | bin
--------------------------------------------------------------------------------
/tcp-keepalive/BRANCH:
--------------------------------------------------------------------------------
1 | 0
2 |
--------------------------------------------------------------------------------
/tcp-keepalive/Dockerfile:
--------------------------------------------------------------------------------
1 | # tcp-keepalive container
2 |
3 | # Stage1: build from source
4 | FROM ghcr.io/cybozu/golang:1.22-jammy AS build
5 | COPY . /work/src
6 | WORKDIR /work/src
7 | RUN CGO_ENABLED=0 go install -ldflags="-w -s" .
8 |
9 | # Stage2: setup runtime container
10 | FROM ghcr.io/cybozu/ubuntu:22.04
11 | LABEL org.opencontainers.image.source="https://github.com/cybozu/neco-containers"
12 |
13 | RUN apt update && \
14 | apt install -y iproute2 tcpdump iputils-ping iptables net-tools inetutils-traceroute dnsutils
15 |
16 | COPY --from=build /go/bin /usr/bin
17 | USER 10000:10000
18 | EXPOSE 8000
19 | ENTRYPOINT ["/usr/bin/tcp-keepalive"]
20 |
--------------------------------------------------------------------------------
/tcp-keepalive/TAG:
--------------------------------------------------------------------------------
1 | 0.3.0
2 |
--------------------------------------------------------------------------------
/tcp-keepalive/cmd/root.go:
--------------------------------------------------------------------------------
1 | package cmd
2 |
3 | import (
4 | "log/slog"
5 | "os"
6 |
7 | "github.com/spf13/cobra"
8 | )
9 |
10 | var log *slog.Logger
11 |
12 | // rootCmd represents the base command when called without any subcommands
13 | var rootCmd = &cobra.Command{
14 | Use: "tcp-keepalive",
15 | Short: "tcp-keepalive is a simple TCP server and client program to confirm the long live connectivity.",
16 | }
17 |
18 | func init() {
19 | initLogger()
20 | }
21 |
22 | func initLogger() {
23 | log = slog.New(slog.NewJSONHandler(os.Stdout, nil))
24 | }
25 |
26 | // Execute adds all child commands to the root command and sets flags appropriately.
27 | // This is called by main.main(). It only needs to happen once to the rootCmd.
28 | func Execute() {
29 | err := rootCmd.Execute()
30 | if err != nil {
31 | os.Exit(1)
32 | }
33 | }
34 |
--------------------------------------------------------------------------------
/tcp-keepalive/go.mod:
--------------------------------------------------------------------------------
1 | module github.com/neco-containers/tcp-keepalive
2 |
3 | go 1.22.3
4 |
5 | require (
6 | github.com/VictoriaMetrics/metrics v1.34.0
7 | github.com/spf13/cobra v1.8.1
8 | )
9 |
10 | require (
11 | github.com/inconshreveable/mousetrap v1.1.0 // indirect
12 | github.com/spf13/pflag v1.0.5 // indirect
13 | github.com/valyala/fastrand v1.1.0 // indirect
14 | github.com/valyala/histogram v1.2.0 // indirect
15 | golang.org/x/sys v0.15.0 // indirect
16 | )
17 |
--------------------------------------------------------------------------------
/tcp-keepalive/internal/client/config.go:
--------------------------------------------------------------------------------
1 | package client
2 |
3 | import (
4 | "net"
5 | "time"
6 | )
7 |
8 | type Config struct {
9 | ReceiveTimeout time.Duration
10 | RetryInterval time.Duration
11 | RetryNum int
12 | SendInterval time.Duration
13 | ServerAddr string
14 | }
15 |
16 | func (c *Config) Validate() error {
17 | if _, err := net.ResolveTCPAddr("tcp", c.ServerAddr); err != nil {
18 | return err
19 | }
20 | return nil
21 | }
22 |
--------------------------------------------------------------------------------
/tcp-keepalive/internal/metrics/config.go:
--------------------------------------------------------------------------------
1 | package metrics
2 |
3 | import "net/netip"
4 |
5 | type Config struct {
6 | Export bool
7 | AddrPort string
8 | }
9 |
10 | func (c *Config) Validate() error {
11 | if _, err := netip.ParseAddrPort(c.AddrPort); err != nil {
12 | return err
13 | }
14 | return nil
15 | }
16 |
--------------------------------------------------------------------------------
/tcp-keepalive/internal/metrics/metrics.go:
--------------------------------------------------------------------------------
1 | package metrics
2 |
3 | import (
4 | "errors"
5 | "net/http"
6 |
7 | "github.com/VictoriaMetrics/metrics"
8 | )
9 |
10 | type Metrics struct {
11 | *Config
12 | }
13 |
14 | func NewMetrics(cfg *Config) (*Metrics, error) {
15 | if cfg == nil {
16 | return nil, errors.New("metrics config is nil")
17 | }
18 | if err := cfg.Validate(); err != nil {
19 | return nil, err
20 | }
21 | return &Metrics{cfg}, nil
22 | }
23 |
24 | func (m *Metrics) Serve() error {
25 | http.HandleFunc("/metrics", func(w http.ResponseWriter, req *http.Request) {
26 | metrics.WritePrometheus(w, false)
27 | })
28 | return http.ListenAndServe(m.AddrPort, nil)
29 | }
30 |
--------------------------------------------------------------------------------
/tcp-keepalive/internal/server/config.go:
--------------------------------------------------------------------------------
1 | package server
2 |
3 | import (
4 | "net"
5 | )
6 |
7 | type Config struct {
8 | ListenAddr string
9 | }
10 |
11 | func (c *Config) Validate() error {
12 | if _, err := net.ResolveTCPAddr("tcp", c.ListenAddr); err != nil {
13 | return err
14 | }
15 | return nil
16 | }
17 |
--------------------------------------------------------------------------------
/tcp-keepalive/internal/server/metrics.go:
--------------------------------------------------------------------------------
1 | package server
2 |
3 | import (
4 | internalmetrics "github.com/neco-containers/tcp-keepalive/internal/metrics"
5 |
6 | "github.com/VictoriaMetrics/metrics"
7 | )
8 |
9 | var (
10 | receiveSuccessTotal *metrics.Counter
11 | receiveErrorTotal *metrics.Counter
12 | sendSuccessTotal *metrics.Counter
13 | sendErrorTotal *metrics.Counter
14 | )
15 |
16 | func initMetrics() {
17 | receiveSuccessTotal = metrics.NewCounter(`receive_total{role="server",result="success"}`)
18 | receiveErrorTotal = metrics.NewCounter(`receive_total{role="server",result="error"}`)
19 | sendSuccessTotal = metrics.NewCounter(`send_total{role="server",result="success"}`)
20 | sendErrorTotal = metrics.NewCounter(`send_total{role="server",result="error"}`)
21 | }
22 |
23 | type Metrics struct {
24 | *internalmetrics.Metrics
25 | }
26 |
27 | func NewMetrics(cfg *internalmetrics.Config) (*Metrics, error) {
28 | m, err := internalmetrics.NewMetrics(cfg)
29 | if err != nil {
30 | return nil, err
31 | }
32 | initMetrics()
33 | return &Metrics{m}, nil
34 | }
35 |
--------------------------------------------------------------------------------
/tcp-keepalive/main.go:
--------------------------------------------------------------------------------
1 | package main
2 |
3 | import "github.com/neco-containers/tcp-keepalive/cmd"
4 |
5 | func main() {
6 | cmd.Execute()
7 | }
8 |
--------------------------------------------------------------------------------
/teleport-node/Dockerfile:
--------------------------------------------------------------------------------
1 | # Stage1: build from source
2 | FROM ghcr.io/cybozu/golang:1.23-jammy AS build
3 |
4 | ARG TELEPORT_VERSION=16.5.6
5 |
6 | RUN git clone --depth 1 --branch v${TELEPORT_VERSION} https://github.com/gravitational/teleport && \
7 | cd teleport && \
8 | make build/teleport OS=linux WEBASSETS_SKIP_BUILD=1
9 |
10 | # Stage2: setup runtime container
11 | FROM ghcr.io/cybozu/ubuntu-debug:22.04
12 | LABEL org.opencontainers.image.source="https://github.com/cybozu/neco-containers"
13 |
14 | RUN apt-get update && \
15 | apt-get install -y --no-install-recommends screen tmux && \
16 | rm -rf /var/lib/apt/lists/*
17 |
18 | COPY --from=build /work/teleport/build/teleport /usr/local/teleport/bin/
19 | COPY --from=build /work/teleport/LICENSE /usr/local/teleport/
20 | COPY update-necocli.sh /etc/profile.d/
21 | COPY loki-env.sh /etc/profile.d/
22 | COPY hubble-env.sh /etc/profile.d/
23 | COPY bash-env.sh /etc/profile.d/
24 |
25 | USER cybozu
26 |
27 | ENV PATH=$PATH:/usr/local/teleport/bin
28 |
29 | ENTRYPOINT [ "teleport", "start", "-c", "/etc/teleport/teleport.yaml" ]
30 |
--------------------------------------------------------------------------------
/teleport-node/README.md:
--------------------------------------------------------------------------------
1 | teleport-node container
2 | =======================
3 |
4 | This directory provides container image `teleport-node` and contains the setup script located in `/etc/profile.d`.
5 |
6 | This container image is for running a [Teleport](https://goteleport.com/) node as Kubernetes' Pod. The options for the entrypoint (i.e., `teleport start`) can be found in [the Teleport admin guide](https://goteleport.com/teleport/docs/admin-guide/).
7 |
8 | Docker images
9 | -------------
10 |
11 | Docker images are available on [ghcr.io](https://github.com/cybozu/neco-containers/pkgs/container/teleport-node)
12 |
--------------------------------------------------------------------------------
/teleport-node/TAG:
--------------------------------------------------------------------------------
1 | 16.5.6.1
2 |
--------------------------------------------------------------------------------
/teleport-node/bash-env.sh:
--------------------------------------------------------------------------------
1 | export TMOUT=1800
2 |
--------------------------------------------------------------------------------
/teleport-node/hubble-env.sh:
--------------------------------------------------------------------------------
1 | export HUBBLE_SERVER="hubble-relay.kube-system.svc:443"
2 | export HUBBLE_TLS_ALLOW_INSECURE="true"
3 | export HUBBLE_TLS="true"
4 |
--------------------------------------------------------------------------------
/teleport-node/loki-env.sh:
--------------------------------------------------------------------------------
1 | export LOKI_ADDR="http://query-frontend.logging.svc:3100/"
2 | export LOKI_ORG_ID="fake"
3 |
--------------------------------------------------------------------------------
/teleport-node/update-necocli.sh:
--------------------------------------------------------------------------------
1 | export KUBERNETES_SERVICE_PORT_HTTPS="443"
2 | export KUBERNETES_SERVICE_PORT="443"
3 | export KUBERNETES_PORT_443_TCP="tcp://kubernetes.default.svc:443"
4 | export KUBERNETES_PORT_443_TCP_PROTO="tcp"
5 | export KUBERNETES_PORT_443_TCP_ADDR="kubernetes.default.svc"
6 | export KUBERNETES_SERVICE_HOST="kubernetes.default.svc"
7 | export KUBERNETES_PORT="tcp://kubernetes.default.svc:443"
8 | export KUBERNETES_PORT_443_TCP_PORT="443"
9 | export PATH="${PATH}:/opt/neco-operation-cli/bin"
10 |
--------------------------------------------------------------------------------
/tempo/.dockerignore:
--------------------------------------------------------------------------------
1 | *
2 |
--------------------------------------------------------------------------------
/tempo/Dockerfile:
--------------------------------------------------------------------------------
1 | # tempo container
2 |
3 | # Stage1: build from source
4 | FROM ghcr.io/cybozu/golang:1.24-noble AS build
5 |
6 | ARG TEMPO_SRCREPO=grafana/tempo
7 | ARG TEMPO_VERSION=2.7.1
8 |
9 | WORKDIR /work
10 | RUN git clone --depth=1 -b v${TEMPO_VERSION} https://github.com/${TEMPO_SRCREPO}.git tempo && \
11 | cd tempo && \
12 | make tempo
13 |
14 | # Stage2: setup runtime containers
15 | FROM ghcr.io/cybozu/ubuntu:24.04
16 | LABEL org.opencontainers.image.source="https://github.com/cybozu/neco-containers"
17 |
18 | COPY --from=build /work/tempo/bin/linux/tempo-amd64 /tempo
19 |
20 | USER 10000:10000
21 |
22 | ENTRYPOINT ["/tempo"]
23 |
--------------------------------------------------------------------------------
/tempo/README.md:
--------------------------------------------------------------------------------
1 | tempo
2 | ======
3 |
4 | Grafana Tempo
5 |
6 | - [Grafana Tempo](https://github.com/grafana/tempo)
7 |
8 | Docker images
9 | -------------
10 |
11 | Docker images are available on [ghcr.io](https://github.com/cybozu/neco-containers/pkgs/container/tempo)
12 |
--------------------------------------------------------------------------------
/tempo/TAG:
--------------------------------------------------------------------------------
1 | 2.7.1.1
2 |
--------------------------------------------------------------------------------
/testhttpd/.dockerignore:
--------------------------------------------------------------------------------
1 | *
2 | !src
3 |
--------------------------------------------------------------------------------
/testhttpd/BRANCH:
--------------------------------------------------------------------------------
1 | 0
2 |
--------------------------------------------------------------------------------
/testhttpd/Dockerfile:
--------------------------------------------------------------------------------
1 | # testhttpd container
2 |
3 | # Stage1: build from source
4 | FROM ghcr.io/cybozu/golang:1.24-noble AS build
5 | COPY src /work/src
6 | WORKDIR /work/src
7 | RUN CGO_ENABLED=0 go install -ldflags="-w -s" ./testhttpd
8 |
9 | # Stage2: setup runtime container
10 | FROM scratch
11 | LABEL org.opencontainers.image.source="https://github.com/cybozu/neco-containers"
12 |
13 | COPY --from=build /go/bin /
14 | USER 10000:10000
15 | EXPOSE 8000
16 | ENTRYPOINT ["/testhttpd", "-listen", ":8000"]
17 |
--------------------------------------------------------------------------------
/testhttpd/Makefile:
--------------------------------------------------------------------------------
1 | .PHONY: all
2 | all: check-generate test
3 |
4 | .PHONY: setup
5 | setup:
6 | $(MAKE) -C src setup
7 |
8 | .PHONY: check-generate
9 | check-generate:
10 | $(MAKE) -C src check-generate
11 |
12 | .PHONY: test
13 | test:
14 | $(MAKE) -C src test
15 |
--------------------------------------------------------------------------------
/testhttpd/README.md:
--------------------------------------------------------------------------------
1 | testhttpd container
2 | ===============
3 |
4 | This directory provides container image `testhttpd` and contains its source code.
5 |
6 | testhttpd is a micro HTTP server that can run in Kubernetes cluster with limited privileges.
7 | Specifically, it runs as a non-root user and does not write to the root filesystem.
8 |
9 |
10 | Usage
11 | -----
12 |
13 | ```console
14 | $ kubectl run ghcr.io/cybozu/testhttpd
15 | ```
16 |
17 | Access from some clients like below.
18 |
19 | ```
20 | $ curl http://:8000
21 | ```
22 |
23 | If you want a delayed response, you can give the delay as a query(`sleep`).
24 |
25 | ```
26 | $ curl http://:8000/?sleep=10s
27 | ```
28 |
29 | Docker images
30 | -------------
31 |
32 | Docker images are available on [ghcr.io](https://github.com/cybozu/neco-containers/pkgs/container/testhttpd)
33 |
--------------------------------------------------------------------------------
/testhttpd/TAG:
--------------------------------------------------------------------------------
1 | 0.2.8
2 |
--------------------------------------------------------------------------------
/testhttpd/src/.gitignore:
--------------------------------------------------------------------------------
1 | *~
2 |
--------------------------------------------------------------------------------
/testhttpd/src/Makefile:
--------------------------------------------------------------------------------
1 | SUDO = sudo
2 | SUDO_GO = $(SUDO) $(shell which go)
3 |
4 | .PHONY: all
5 | all: check-generate test
6 |
7 | .PHONY: setup
8 | setup:
9 | go install github.com/cybozu-go/golang-custom-analyzer/cmd/custom-checker@latest
10 | go install honnef.co/go/tools/cmd/staticcheck@latest
11 |
12 | .PHONY: check-generate
13 | check-generate:
14 | go mod tidy
15 | git diff --exit-code --name-only
16 |
17 | .PHONY: test
18 | test:
19 | test -z "$$(gofmt -s -l . | tee /dev/stderr)"
20 | staticcheck ./...
21 | test -z "$$(custom-checker -restrictpkg.packages=html/template,log ./... 2>&1 | tee /dev/stderr)"
22 | go vet ./...
23 | $(SUDO_GO) test -race -v ./...
24 |
--------------------------------------------------------------------------------
/tool.mk:
--------------------------------------------------------------------------------
1 | define go-install-tool
2 | @[ -f $(1) ] || { \
3 | set -e ;\
4 | TMP_DIR=$$(mktemp -d) ;\
5 | cd $$TMP_DIR ;\
6 | go mod init tmp ;\
7 | echo "Downloading $(2)" ;\
8 | GOBIN=$(dir $(1)) go install $(2) ;\
9 | rm -rf $$TMP_DIR ;\
10 | }
11 | endef
12 |
13 | SELF_DIR := $(shell dirname $(abspath $(lastword $(MAKEFILE_LIST))))
14 |
15 | # Download staticcheck locally if necessary
16 | STATICCHECK := $(SELF_DIR)/bin/staticcheck
17 | .PHONY: staticcheck
18 | staticcheck:
19 | $(call go-install-tool,$(STATICCHECK),honnef.co/go/tools/cmd/staticcheck@latest)
20 |
21 | # Download custom-checker locally if necessary
22 | CUSTOM_CHECKER := $(SELF_DIR)/bin/custom-checker
23 | .PHONY: custom-checker
24 | custom-checker:
25 | $(call go-install-tool,$(CUSTOM_CHECKER),github.com/cybozu-go/golang-custom-analyzer/cmd/custom-checker@latest)
26 |
--------------------------------------------------------------------------------
/trust-manager/.dockerignore:
--------------------------------------------------------------------------------
1 | *
2 | !TAG
3 |
--------------------------------------------------------------------------------
/trust-manager/BRANCH:
--------------------------------------------------------------------------------
1 | 0.16
2 |
--------------------------------------------------------------------------------
/trust-manager/Dockerfile:
--------------------------------------------------------------------------------
1 | # trust-manager container
2 |
3 | # Stage1: build from source
4 | FROM ghcr.io/cybozu/golang:1.24-noble AS build
5 |
6 | COPY TAG /
7 | WORKDIR /workspace
8 | SHELL ["/bin/bash", "-o", "pipefail", "-c"]
9 | RUN VERSION=$(cut -d \. -f 1,2,3 < /TAG ) \
10 | && curl -fsSL https://github.com/cert-manager/trust-manager/archive/v${VERSION}.tar.gz | \
11 | tar --strip-components=1 -xzf -
12 |
13 | # Parameters retrieved from:
14 | # $ make ko-config-manager
15 | # $ cat _bin/scratch/image/oci-layout-manager.v0.13.0.ko_config.yaml
16 | RUN CGO_ENABLED=0 GO_EXPERIMENT= go build -ldflags '-w -s' -o bin/trust-manager ./cmd/trust-manager
17 |
18 | # Stage2: setup runtime container
19 | FROM scratch
20 | LABEL org.opencontainers.image.source="https://github.com/cybozu/neco-containers"
21 | LABEL description="trust-manager is an operator for distributing trust bundles across a Kubernetes cluster"
22 |
23 | WORKDIR /
24 | COPY --from=build /workspace/bin/trust-manager /usr/bin/trust-manager
25 | COPY --from=build /workspace/LICENSE /LICENSE
26 |
27 | USER 10000:10000
28 | EXPOSE 6060 6443 9402
29 | ENTRYPOINT ["/usr/bin/trust-manager"]
30 |
--------------------------------------------------------------------------------
/trust-manager/README.md:
--------------------------------------------------------------------------------
1 | trust-manager
2 | =============
3 |
4 | [trust-manager](https://github.com/cert-manager/trust-manager) is the easiest way to manage trust bundles in Kubernetes and OpenShift clusters. This directory provides the Dockerfile for building a container image containing trust-manager.
5 |
6 | Docker images
7 | -------------
8 |
9 | Docker images are available on [ghcr.io](https://ghcr.io/cybozu/trust-manager)
10 |
--------------------------------------------------------------------------------
/trust-manager/TAG:
--------------------------------------------------------------------------------
1 | 0.16.0.1
2 |
--------------------------------------------------------------------------------
/trust-packages/.dockerignore:
--------------------------------------------------------------------------------
1 | *
2 | !trust-manager-source
3 |
--------------------------------------------------------------------------------
/trust-packages/.gitignore:
--------------------------------------------------------------------------------
1 | /trust-manager-source
2 |
--------------------------------------------------------------------------------
/trust-packages/Dockerfile:
--------------------------------------------------------------------------------
1 | # trust-packages container
2 |
3 | # Stage1: build from source
4 | FROM ghcr.io/cybozu/golang:1.24-noble AS build
5 |
6 | ARG TRUST_MANAGER_VERSION=0.16.0
7 | WORKDIR /work
8 | SHELL ["/bin/bash", "-o", "pipefail", "-c"]
9 | RUN curl -fsSL https://github.com/cert-manager/trust-manager/archive/v${TRUST_MANAGER_VERSION}.tar.gz | \
10 | tar --strip-components=1 -xzf -
11 | RUN CGO_ENABLED=0 go build -o debian-bundle-static ./trust-packages/debian/main.go
12 |
13 | # Stage2: setup runtime container
14 | FROM scratch
15 | LABEL org.opencontainers.image.source="https://github.com/cybozu/neco-containers"
16 | LABEL description="cert-manager trust package based on Debian"
17 |
18 | COPY --from=build /work/debian-bundle-static /debian-bundle-static
19 | COPY --from=build /work/LICENSE /LICENSE
20 | COPY trust-manager-source/package.json /debian-package/cert-manager-package-debian.json
21 |
22 | USER 10000:10000
23 |
24 | ENTRYPOINT ["/debian-bundle-static"]
25 | CMD ["/debian-package", "/packages"]
26 |
--------------------------------------------------------------------------------
/trust-packages/README.md:
--------------------------------------------------------------------------------
1 | trust-packages
2 | ==============
3 |
4 | [trust-packages](https://github.com/cert-manager/trust-manager/tree/main/trust-packages) is a container which can be run as an init container, before the trust-manager controller, which writes a JSON package containing a list of PEM encoded certificates.
5 |
6 | Docker images
7 | -------------
8 |
9 | Docker images are available on [ghcr.io](https://ghcr.io/cybozu/trust-packages)
10 |
--------------------------------------------------------------------------------
/trust-packages/TAG:
--------------------------------------------------------------------------------
1 | 0.16.0.1
2 |
--------------------------------------------------------------------------------
/unbound/.dockerignore:
--------------------------------------------------------------------------------
1 | *
2 | !reload-unbound
3 | !root.hints
4 |
--------------------------------------------------------------------------------
/unbound/BRANCH:
--------------------------------------------------------------------------------
1 | 1.22
2 |
--------------------------------------------------------------------------------
/unbound/Makefile:
--------------------------------------------------------------------------------
1 | IMAGE_TAG ?= unbound:dev
2 |
3 | .PHONY: update-root-hints
4 | update-root-hints:
5 | # named.cache file is provided by InterNIC.
6 | # See: https://jprs.jp/tech/notice/2023-11-28-b.root-servers.net-ip-address-change.html
7 |
8 | # named.cache does not have a LF at the end of file
9 | curl -so root.hints https://www.internic.net/domain/named.cache
10 | echo >> root.hints
11 |
12 | .PHONY: check-generate
13 | check-generate: update-root-hints
14 | git diff --exit-code --name-only
15 |
16 | .PHONY: validate
17 | validate:
18 | docker run --rm --entrypoint bash $(IMAGE_TAG) -c "cat /usr/local/unbound/etc/unbound/root.hints"
19 |
--------------------------------------------------------------------------------
/unbound/README.md:
--------------------------------------------------------------------------------
1 | # Unbound container
2 |
3 | [Unbound](https://nlnetlabs.nl/projects/unbound/about/) is a DNS resolver.
4 |
5 | ## Usage
6 |
7 | ### Launch Unbound with specific config file
8 |
9 | Prepare config file `unbound.conf` at working directory, then execute following command.
10 |
11 | $ docker run --mount type=bind,source="$(pwd)"/unbound.conf,target=/etc/unbound.conf \
12 | ghcr.io/cybozu/unbound:1.22 -c /etc/unbound.conf
13 |
14 | ## Docker images
15 |
16 | Docker images are available on [ghcr.io](https://github.com/cybozu/neco-containers/pkgs/container/unbound)
17 |
--------------------------------------------------------------------------------
/unbound/TAG:
--------------------------------------------------------------------------------
1 | 1.22.0.1
2 |
--------------------------------------------------------------------------------
/unbound/reload-unbound:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 |
3 | FILE=/etc/unbound/unbound.conf
4 |
5 | OLD=$(cat $FILE)
6 |
7 | while true; do
8 | NEW=$(cat $FILE)
9 | if [ "$OLD" != "$NEW" ]; then
10 | OLD="$NEW"
11 | /usr/local/unbound/sbin/unbound-control -c $FILE reload
12 | fi
13 | sleep 1
14 | done
15 |
--------------------------------------------------------------------------------
/unbound_exporter/.dockerignore:
--------------------------------------------------------------------------------
1 | *
2 |
--------------------------------------------------------------------------------
/unbound_exporter/BRANCH:
--------------------------------------------------------------------------------
1 | 0.4
2 |
--------------------------------------------------------------------------------
/unbound_exporter/Dockerfile:
--------------------------------------------------------------------------------
1 | # unbound_exporter container
2 |
3 | # Stage1: build from source
4 | FROM ghcr.io/cybozu/golang:1.22-jammy AS build
5 |
6 | #ARG UNBOUND_EXPORTER_REPO=letsencrypt/unbound_exporter
7 | ARG UNBOUND_EXPORTER_REPO=cybozu-go/unbound_exporter
8 | ARG UNBOUND_EXPORTER_VERSION=0.4.6-neco.1
9 |
10 | WORKDIR /work
11 |
12 | RUN curl -fsSL -o unbound_exporter.tar.gz "https://github.com/${UNBOUND_EXPORTER_REPO}/archive/v${UNBOUND_EXPORTER_VERSION}.tar.gz" \
13 | && tar -x -z --strip-components 1 -f unbound_exporter.tar.gz \
14 | && rm -f unbound_exporter.tar.gz \
15 | && CGO_ENABLED=0 go install -ldflags="-w -s" .
16 |
17 | # Stage2: setup runtime container
18 | FROM scratch
19 | LABEL org.opencontainers.image.source="https://github.com/cybozu/neco-containers"
20 |
21 | COPY --from=build /go/bin/unbound_exporter /bin/unbound_exporter
22 | COPY --from=build /work/LICENSE /
23 |
24 | USER 10000:10000
25 |
26 | ENTRYPOINT ["/bin/unbound_exporter"]
27 |
--------------------------------------------------------------------------------
/unbound_exporter/README.md:
--------------------------------------------------------------------------------
1 | unbound_exporter
2 | ================
3 |
4 | This container contains unbound_exporter, a Prometheus exporter for Unbound.
5 |
6 | - [source code](https://github.com/letsencrypt/unbound_exporter)
7 |
8 | Docker images
9 | -------------
10 |
11 | Docker images are available on [ghcr.io](https://github.com/cybozu/neco-containers/pkgs/container/unbound_exporter)
12 |
--------------------------------------------------------------------------------
/unbound_exporter/TAG:
--------------------------------------------------------------------------------
1 | 0.4.6.2
2 |
--------------------------------------------------------------------------------
/vault/.dockerignore:
--------------------------------------------------------------------------------
1 | *
2 | !install-tools
3 | !disable-etcd-version-detection.patch
4 |
--------------------------------------------------------------------------------
/vault/BRANCH:
--------------------------------------------------------------------------------
1 | 1.19
2 |
--------------------------------------------------------------------------------
/vault/Dockerfile:
--------------------------------------------------------------------------------
1 | # vault container
2 |
3 | # Stage1: build from source
4 | FROM ghcr.io/cybozu/golang:1.23-noble AS build
5 |
6 | ARG VAULT_VERSION=1.19.0
7 |
8 | RUN git clone --depth=1 -b v${VAULT_VERSION} https://github.com/hashicorp/vault.git
9 |
10 | WORKDIR /work/vault
11 |
12 | RUN make bootstrap && \
13 | make fmt && \
14 | make
15 |
16 | # Stage2: setup runtime container
17 | FROM ghcr.io/cybozu/ubuntu:24.04
18 | LABEL org.opencontainers.image.source="https://github.com/cybozu/neco-containers"
19 |
20 | COPY --from=build /work/vault/bin /usr/local/vault/bin
21 | COPY --from=build /work/vault/LICENSE /usr/local/vault/LICENSE
22 | COPY install-tools /usr/local/vault/install-tools
23 |
24 | ENV PATH=/usr/local/vault/bin:"$PATH"
25 |
26 | USER 10000:10000
27 | EXPOSE 8200 8201
28 |
29 | ENTRYPOINT ["/usr/local/vault/bin/vault"]
30 |
--------------------------------------------------------------------------------
/vault/TAG:
--------------------------------------------------------------------------------
1 | 1.19.0.1
2 |
--------------------------------------------------------------------------------
/vault/install-tools:
--------------------------------------------------------------------------------
1 | #!/bin/sh -e
2 |
3 | DEST=/host
4 |
5 | cp --remove-destination /usr/local/vault/bin/vault $DEST/vault
6 | chmod 755 $DEST/vault
7 |
--------------------------------------------------------------------------------
/victoriametrics-datasource/README.md:
--------------------------------------------------------------------------------
1 | victoriametrics-datasource
2 | ==========================
3 |
4 | VictoriaMetrics datasource plugin for Grafana
5 |
6 | - [victoriametrics-datasource](https://github.com/VictoriaMetrics/victoriametrics-datasource)
7 |
8 | This image is intended to be used as an init container.
9 | The entrypoint copies plugin assets to `${GRAFANA_PLUGINS_DIR}` (default:`/var/lib/grafana/plugins`) directory.
10 |
11 | Docker images
12 | -------------
13 |
14 | Docker images are available on [ghcr.io](https://github.com/cybozu/neco-containers/pkgs/container/victoriametrics-datasource)
15 |
--------------------------------------------------------------------------------
/victoriametrics-datasource/TAG:
--------------------------------------------------------------------------------
1 | 0.14.0.1
2 |
--------------------------------------------------------------------------------
/victoriametrics-operator/.dockerignore:
--------------------------------------------------------------------------------
1 | *
2 |
--------------------------------------------------------------------------------
/victoriametrics-operator/README.md:
--------------------------------------------------------------------------------
1 | victoriametrics-operator
2 | ========================
3 |
4 | Kubernetes operator for VictoriaMetrics
5 |
6 | - [VictoriaMetrics operator](https://github.com/VictoriaMetrics/operator)
7 |
8 | Docker images
9 | -------------
10 |
11 | Docker images are available on [ghcr.io](https://github.com/cybozu/neco-containers/pkgs/container/victoriametrics-operator)
12 |
--------------------------------------------------------------------------------
/victoriametrics-operator/TAG:
--------------------------------------------------------------------------------
1 | 0.54.1.1
2 |
--------------------------------------------------------------------------------
/victoriametrics/.dockerignore:
--------------------------------------------------------------------------------
1 | *
2 | !download_and_build.sh
3 | !*.patch
4 |
--------------------------------------------------------------------------------
/victoriametrics/README.md:
--------------------------------------------------------------------------------
1 | victoriametrics
2 | ===============
3 |
4 | VictoriaMetrics - fast, cost-effective and scalable time series database
5 |
6 | - [VictoriaMetrics](https://github.com/VictoriaMetrics/VictoriaMetrics)
7 |
8 | Docker images
9 | -------------
10 |
11 | Docker images are available on [ghcr.io](https://github.com/orgs/cybozu/packages?repo_name=neco-containers)
12 |
--------------------------------------------------------------------------------
/victoriametrics/TAG:
--------------------------------------------------------------------------------
1 | 1.113.0.1
2 |
--------------------------------------------------------------------------------
/victoriametrics/download_and_build.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | set -eo pipefail
3 | curl -fsSL -o victoriametrics.tar.gz "https://github.com/${VICTORIAMETRICS_SRCREPO}/archive/v${VICTORIAMETRICS_VERSION}.tar.gz"
4 | tar -x -z --strip-components 1 -f victoriametrics.tar.gz
5 | rm -f victoriametrics.tar.gz
6 |
7 | for P in /*.patch; do
8 | if [ -f "$P" ]; then
9 | patch -p1 < $P
10 | fi
11 | done
12 |
13 | BUILDINFO_TAG=v${VICTORIAMETRICS_VERSION} PKG_TAG=v${VICTORIAMETRICS_VERSION} make "$@"
14 |
--------------------------------------------------------------------------------