This repository is project that allows for building and scanning images locally. This project is in the alpha stage and should not be deployed into production environments since it uses insecure tools, like the default docker registry. This deployment should be able to run offline after the trivy vulnerability data base in loaded, future support will include offline deployment.
There is a default docker-compose.yaml file included in this repository that is ready to deploy. The file can be modified or updated to include any custom changes.
-
registry - based on Docker Registry UI
-
mattermost-preview - x
-
trivy - built from Alpine trivy
To deploy this alpha setup using docker compose run docker compose up -d. Note that docker-compose is not used in this case.
Tag images with the localhost:5000 registry and push to the registry after the deployment is up and running.
Inside of the trivy container run trivy image localhost:5000/<image-name>:<image-tag> --insecure to scan the image for vulnerabilities. To view other trivy capabilities simply run trivy or trivy --help.
- mattermost
- trivy
- docker registry
- Install k3s with podman instead of docker
- Support offline kubernetes deployment
- Link mattermost to trivy using cronjobs or listeners
- Switch to using a secure docker registry
This setup was tested using WSL with Ubuntu on Windows 11.
- install all required software packages
- copy
/etc/rancher/k3s/k3s.yamlto~/.kube/config - verify
kubectlcan access the cluster
Created namesapces called trivy, mattermost, and registry
kubectl create ns <NAMESPACE>
Follow the instructions found in ./helm/helm.md