Skip to content

wlynch/levias

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
client
client
 
 
pkg/token
pkg/token
 
 
server
server
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
kind.yaml
kind.yaml
 
 

Repository files navigation

levias

Proof-of-concept running docker-in-docker without priviledge in Kubernetes.

Currently Pods use privilege: true in order to talk to the host to attach containers to the current pod. Ephemeral containers (stable as of k8s 1.25) gives us a mechanism to have a similar behavior using k8s API primatives.

Levias provides an alternative [moby(https://github.com/moby/moby/blob/master/api/README.md)] implementation that:

  1. Wraps the the buildkit TCP API implementation with OIDC credentials
  2. Implements a server that transforms buildkit API requests to ephemeral containers.
sequenceDiagram
    participant Pod
    participant Client as Levias Client
    Pod->>Client: docker run
    Client->>Client: Add OIDC creds
    Client->>Controller: docker run
    participant Controller as Levias Controller
    Controller->>Controller: Verify OIDC
    Controller->>Pod: Attach ephemeral container
Loading

About

No description, website, or topics provided.

Resources

Readme

License

Apache-2.0 license
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages