Provide a private docker repository as a source of the 'docker' image used with the -p option #78
Comments
|
image option already there but failed to pull corfr/tcpdump |
|
Yeah, I think this is a good idea. I work with a lot people using offline or somehow network-restricted clusters and copying dependent images around to satisfy a tool can be a huge pain or not an option. ksniff would need to be modified to check the given container image has the necessary binaries (tcpdump, docker, nsenter, i think that's it). |
|
I'll work on this after some other higher priority changes (around new cri-o support) are being wrapped up. |
|
Hi! |
|
Hi @Makusi75, we've recently wrapped up some of the bigger changes I mentioned back in December. I'll start taking a look at this one. Its been making ksniff unusable for me too in some lab environments. |
|
Hello all, I'd like to get some more input: Ksniff has a 3 images that are either hard-coded in to either use We could add options for each (e.g. Is any one aware of more clever solutions? |
|
Yes, directing to a private repository would be very helpful. It might require the ability to apply a image pull secret as well. |
Yes good point. Thanks for mentioning that. |
|
Yes @bostrt I am required to provide an image pull secret as well as define a private registry (endpoint, path and version) like:
This would be very helpful. |
|
Would it be possible to edit the manifest once the ksniff pod was created? |
|
As a small workaround. Could we maybe at least change the pullpolicy to IfNotPresent? |
@jeffcouch21 thanks for the reminder about pull secret. That will be included in the feature.
Since the ksniff Pod is deployed as Pod (not a Depoyment, etc) we can't edit it live. A viable option would be to have ksniff export Pod YAML so the user can create it manually but I'm not a fan of that at least for now. It would require considerable reworking in other parts of ksniff.
Yeah, I'll keep this in consideration. Right now, there's a mix-and-match of pull policies and unifying this make lead to a better experience. Just posting this for reference: https://kubernetes.io/docs/concepts/containers/images/#updating-images |
|
Hi! @bostrt Any news about this one? When this might be implemented in some release? ;-) |
|
Yeah. Facing the same problem with maintained/tcpdump:latest image. |
|
#113 has been merged! I would appreciate more testing from anyone else with access to environments like AKS or EKS to test. |
|
@bostrt any progress in this? |
The privileged option ( -p ) requires that the K8S cluster has access to the public docker repository (to pull the required images)
In cases where the cluster does not have this access for security reasons, it will be useful to be able to provide the private container registry hostname that has all required images.
The text was updated successfully, but these errors were encountered: