Git Product home page Git Product logo

texano00 / urunner Goto Github PK

View Code? Open in Web Editor NEW
33.0 2.0 6.0 647 KB

URunner is a lightweight Kubernetes utility in order to auto restart pods on image tag digest change. This is very useful on environments where it is commonly used the latest tag which frequently changes over time. Urunner auto detects the container image tag digest (for example the digest of tag latest) and automatically restart pods.

Dockerfile 3.62% Python 85.85% Smarty 10.53%
containers docker helm kubernetes

urunner's Introduction

urunner

Artifact Hub CI_CD_Helm CI_CD_App

Intro

URunner is a lightweight Kubernetes utility in order to auto restart pods on image tag digest change.
This is very useful on environments where it is commonly used the latest tag which frequently changes over time.
Urunner auto detects the container image tag digest (for example the digest of tag latest) and automatically restart pods.

Docker API V2

Urunner integrates external container registry (ex. Harbor) using standard Docker API V2.
Actually Harbor, AWS ECR, Digital Ocean and GitLab are the container registries officially supported.
Azure ACR and Dockerhub support will be released soon.

URunner use cases with specific how-to:

Configurable watcher

Urunner is also fully configurable in order to watch only specific namespaces with specific label to manage exception.
Add label urunner=enable to all namespaces in order to be watched by Urunner.
kubectl label ns mynamespace urunner=enable

apiVersion: v1
kind: Namespace
metadata:
  labels:
    # add this label
    urunner: enable
  name: mynamespace

Also, you can add exceptions inside mynamespace, for example
kubectl label deployment mydeployment urunner=disable -n mynamespace

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    # add this label
    urunner: disable
...

Doing so, all deployments except mydeployment will be watched by Urunner.

Helm

helm upgrade --install urunner oci://ghcr.io/texano00/urunner/helm/urunner --version 0.1.0 --values my-values.yaml -n urunner --create-namespace

Urunner env vars

Var Description Example
URUNNER_CONF_DOCKER_API_VERIFY SSL verify to docker registry True or False
URUNNER_CONF_LOG_LEVEL Log Level DEBUG,INFO,WARNING
URUNNER_CONF_KUBE_AUTH Kubernetes client authentication strategy incluster or kubeconfig
URUNNER_CONF_SQLLIGHT_PATH Path of sqlight DB ./urunner.db
URUNNER_CONF_FREQUENCY_CHECK_SECONDS Frequency of urunner cron job (seconds) 30
URUNNER_CONF_CONTAINER_REGISTRY_TO_WATCH Which is the container registry to watch registry.mycompanyhost.net:8080
URUNNER_CONF_CONTAINER_REGISTRY_TYPE Kind of container registry harbor,aws_ecr, digitalocean, gitlab
URUNNER_SECR_HARBOR_USER Harbor username, configure only if registry type is harbor user
URUNNER_SECR_HARBOR_PASS Harbor password, configure only if registry type is harbor pass
URUNNER_SECR_AWS_ACCESS_KEY_ID AWS credential in order to pull from AWS private ECR, configure only if registry type is aws_ecr AKIAIOSFODNN7EXAMPLE
URUNNER_SECR_AWS_REGION AWS region us-east-2
URUNNER_SECR_AWS_SECRET_ACCESS_KEY AWS credential in order to pull from AWS private ECR, configure only if registry type is aws_ecr wJalrXUtnFEMI/K7MDENG/xRfiCYEXAMPLEKEY
URUNNER_SECR_DIGITAL_OCEAN_TOKEN Digital Ocean token xxxxx
URUNNER_SECR_GITLAB_TOKEN Gitlab token xxxxx

Flow

Generic

AWS

DigitalOCean

GitLab

ToDo

  • Test Azure ACR integration
  • manage sqlite persistence in Helm chart

Notes

Logo was generated using Fotor AI tool https://www.fotor.com/features/ai-image-generator/

urunner's People

Contributors

dovnaralexander avatar tekno45 avatar texano00 avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar

Forkers

overzoo joseph-netog tekno45 dovnaralexander syedsalman3753 devops-corner

urunner's Issues

cannot validate aws region

ERR

Traceback (most recent call last): File "/app/app.py", line 51, in <module> schedule.run_pending() File "/usr/lib/python3.10/site-packages/schedule/__init__.py", line 780, in run_pending default_scheduler.run_pending() File "/usr/lib/python3.10/site-packages/schedule/__init__.py", line 100, in run_pending self._run_job(job) File "/usr/lib/python3.10/site-packages/schedule/__init__.py", line 172, in _run_job ret = job.run() File "/usr/lib/python3.10/site-packages/schedule/__init__.py", line 661, in run ret = self.job_func() File "/app/app.py", line 39, in job general.process_resource(db_ref=db_ref, kubernetes=kubernetes, image=image) File "/app/utils/general.py", line 77, in process_resource auth = docker_api_auth_mapper[container_registry_type](image) File "/app/utils/dockerapi.py", line 41, in get_aws_auth client = boto3.client("ecr", region_name=config.get_urunner_secr_aws_region) File "/usr/lib/python3.10/site-packages/boto3/__init__.py", line 92, in client return _get_default_session().client(*args, **kwargs) File "/usr/lib/python3.10/site-packages/boto3/session.py", line 299, in client return self._session.create_client( File "/usr/lib/python3.10/site-packages/botocore/session.py", line 918, in create_client region_name = self._resolve_region_name(region_name, config) File "/usr/lib/python3.10/site-packages/botocore/session.py", line 1002, in _resolve_region_name validate_region_name(region_name) File "/usr/lib/python3.10/site-packages/botocore/utils.py", line 1307, in validate_region_name valid = valid_host_label.match(region_name) TypeError: expected string or bytes-like object

Even if URUNNER_SECR_AWS_REGION=us-east-1 was set

GitLab container registry support

Hello @texano00!

I'm trying to use urunner to auto-restart a pod that uses an image hosted in GitLab Container registry, and it seems that the harbor/DockerV2 API doesn't work for those โ€”ย I get "ERROR:root:Error status code: 401" in urunner logs. Can you please look into implementing support for GitLab registries as well?

Unable requesting repository if I use another region

This line
client = boto3.client("ecr", region_name="us-east-2")
leads to unable requesting repository if I use another region (not "us-east-2").
As I seen you have real region in lines above.
Please fix if you will have time

Getting Error 404

content-type;host;x-amz-date;x-amz-security-token;x-amz-target
5efdcf9933a1b8e6785835ed31e0558e5e386ff29bf3e4a452889df2645301d5
DEBUG:botocore.auth:StringToSign:
AWS4-HMAC-SHA256
20240622T154009Z
20240622/ap-south-1/ecr/aws4_request
6c913fd50038b75cea426d03acaf1531eef21e05ef35808e1671a70fd1083bbb
DEBUG:botocore.auth:Signature:
c3069629445e41fe144903cb6087f8465b0be47b2f8668330b644f59ee55a590
DEBUG:botocore.hooks:Event request-created.ecr.GetAuthorizationToken: calling handler <function add_retry_headers at 0x7fbb535544c0>
DEBUG:botocore.endpoint:Sending http request: <AWSPreparedRequest stream_output=False, method=POST, url=https://api.ecr.ap-south-1.amazonaws.com/, headers={'X-Amz-Target': b'AmazonEC2ContainerRegistry_V20150921.GetAuthorizationToken', 'Content-Type': b'application/x-amz-json-1.1', 'User-Agent': b'Boto3/1.26.87 Python/3.10.14 Linux/5.4.242-156.349.amzn2.x86_64 Botocore/1.29.165', 'X-Amz-Date': b'20240622T154009Z', 'X-Amz-Security-Token': b'IQoJb3JpZ2luX2VjEM///////////wEaCmFwLXNvdXRoLTEiSDBGAiEAiw6Irv7+PQF+srRBspUiRL5y/j0c3PqRXYEvm4WCucQCIQDUmlZzDd+PzS4A816rDK7SJIZtijc9gJmj7BbSLixxdyq9BQh4EAMaDDA2MTkzMzk3NTQyMyIMmI+5EjBTNsKl6fjeKpoFFegmi/O/pj1WMJ4gr59UWmDZrX3VYJiylNzAUlJNuBdX076b7zEl3JpfRHW0xtxWoJe17zcruCJsVw4M1L6eYZ48XWbTBICfFy69kiKZIE3n2/NngKgi/KMQF4xm9WRZ7q87bsjEHSlW6017Cf38vXWdPRRCNkOQwnC+Am4Iggo2CVZC4n9Ucwc6qTPKhGceWusZy8tP45Fkn04m8KiJBOUT9VOo12/lyig8zZJWnwu96D4YpPl3D/UQUAgz1XJ57niCCSVqVPGZCCf8lze0wM6VCWQ1UmsId3FD7yYcFhBeELbqw+tRhCUJxWmgcDaU8pBFTXyJ9q20oVFN3WH7J2BYSSIB3QecaWjlRBg+9StAeYBRFOExRD3wmf5rLosIdAc4ivRRp9d/343n0UzPHfo2OukyNHj712jLrLdqZJqn6c2+5e/N65SD4w9+FB4J4bjlcyY36mEsPEt8w4b9BfOI6rMWRPAoq9pBNAbBZPbQqgBTIE3F0bj33TPpNk520d590goFVWN3yTCNnSM5jVOEn74uCTB2tZge8iy9VJHzWf3oJrHlDnVaoL/6J4881YmmNGReXL0rs191X55IYQXHvqHGhjhDKB56eTOIAj8NhgQzz+XPyg9LJn2zTLWeZCOPDtOr0qij11Q7PwPyZYCgSydYD6EOh7ZhTi0x5RwQl6Llb4DIDsvDOWxgQ593RdsFk0sU3V7Pfpoz4nwan6jFFjIbTM2YPtc17LBNaVeNgIrI7XwhH7k14jiKwdTkonLEER+JO0DZy5OvDcTAgTPs2KbgCbHM9H4cCZZbsOYo8g2UXUqEqFV/9MPEw4XFvJrlzc4JeKzX/dBv+aBTusDj62Ouxai0/ea1xtcNxQX8tEWHwNJbSsTAMKHP27MGOrABKAQPU3YWMbozYqx22qN7DoSvUlefb9gL/xe9z4eIgSNCJfHGH3RYrCVVnuIgr4Yb5RtcLzaeG7PxkaebHqulfXssNDnGmmF05yvbVDicXw2jgNzl1zzeccupZBboGJT2zQ4XiRJTt1mXnU8HJwLrA3W6PwbFSXmxiSHYtK9XWLvfDBCcFQkXMn7znXov/3UkGopg30VlO6BM255VWfaZgaa74XPVLzaDGBkkglnXbtI=', 'Authorization': b'AWS4-HMAC-SHA256 Credential=ASIAQ424NO573GTZCSPR/20240622/ap-south-1/ecr/aws4_request, SignedHeaders=content-type;host;x-amz-date;x-amz-security-token;x-amz-target, Signature=c3069629445e41fe144903cb6087f8465b0be47b2f8668330b644f59ee55a590', 'amz-sdk-invocation-id': b'0a80c553-e201-42f5-8af1-c3964d72ec18', 'amz-sdk-request': b'attempt=1', 'Content-Length': '33'}>
DEBUG:botocore.httpsession:Certificate path: /usr/lib/python3.10/site-packages/certifi/cacert.pem
DEBUG:botocore.parsers:Response headers: {'x-amzn-RequestId': '3649f68e-f8fc-4ca3-8458-fa8edb3669a2', 'Date': 'Sat, 22 Jun 2024 15:40:09 GMT', 'Content-Type': 'application/x-amz-json-1.1', 'Content-Length': '4318', 'connection': 'keep-alive'}
DEBUG:botocore.parsers:Response body:
b'{"authorizationData":[{"authorizationToken":"QVdTOmV5SndZWGxzYjJGa0lqb2lMM0ZJY1daeVRISlllVGxEZEd0VmRWaFJhRXRsYXpGVk5WUkNZMGhaYVU5dmNIRTBaekZIVFRWQ1RVMUlTa1U0VG5KMFpFa3ZjR3RRTjI5UWNHVkRVa2d3VERWRFNIUndVVzlYVXk5WmJYQkJVek51VlRGTVdWTjVhM296YVRaelMzWmpXRGh4TldoeVlrTllXbU5XTkZWcWJVbENPRTVyVjJ0emJ5OU9ZelJuVTA1c1ltVkNRVEJrZUdvclZsaEtSMEphZEVwRVozSm1ZU3RTVVV0T2FVMVVXRTl5U2tSS05FZ3dibVZKVkUxTVlTdFJlRkZCYVV0RlJFUlZhRFJYWmpWdFUxb3liV2g2WjBoMmNuRlhjWEZvUzNnck1ITTBiVEpDUjBodFYwTnJSRVJ1VkhGdWEwVXdiVTVrWnpoWVQzQk9WVE54TjBka1YyVjRRaXMwZWs0dlZrczJjaXQ1YlVSdGVtUjFPVTlKUjNaTE9FaFBhMmxqUW01M1NVSndWakoxU0VwM01tdE5NbVZFZGxKblZrZHZkbHB4YkdOd1puQllTMjE1YmtwaGQxaGhkV2xuWVdZMlpUQnVRVVpTTW5aVVNGVXhXbFpGYzJ3NVlqSm9SR3M1TDJWaVQzVmhSbTV6WWswclRreHRPRUYwVldRME9HcEdSblJRTWpselJVWnNhWFZ6UlVWc05sUllRV3MyT1ZGck1pOXNhV0pRWkZrNGJ5dDRZWE5GYzNSbWEyZ3hlR04zYWpobFozWnNZakF3WjJWR1NUSXZNekpLZFRFM1JGVjJWVXh1UlVwcWMxZ3hlbUUxWkVKdGFEQXJZbGRrYlhoNlJsQlFTRmhhYm5sS2NuVmxiM0JUU2xZclRuUmhVeTlqU1VnNE1WY3dUbGs1VEZoc1JsSnFUMHRVVUhSb1Uzb3paemxXWjFkeFEzaHFZVGxvYjNaS2FuUjViRkpKTW5nNVJtUlNiVlpKYjJWUGEyRmtaamx1UTFaMkszTllVazEyZVROeFlXWnlSRTkzVERNMEt6Rklia1l2VDNCcmFHaG1aMlZXVG5VNVNIQmFVMnhoTkZOM2NrMUtTMXBRYW1acmJqUkNaRGMxVFVWblZVRm9kamRyTDBGQmJsb3JUM0J1VjJkeWIzZDJXRFpITWtkWFp5dFJTV00wU2xoNVVsaHFTMk5VZVdWMVZsSm5VWFJQVlZCU2JtZEVURGQwU3pGMlVGUlpRM05wYnpGSmRHZ3hVRVZMUlVwQlpsVmhNVFZVZVRONlRtb3JZVGh1VG1sdlZuQkxRbVJNVm5reVRtVTRVR1k0TkZkc1JIRlhjRWN6VXpWTGJrbGFUVUZoYTFad1ozaFJlWFJvWW5WR2JtTTNPQ3R6YlRrMlpVTnZiVXRLUkRkTmMxVXZZblpIZW1zNVZqVlZhRlUxTjNKaU5HVndlVVpyY1VseVJISm9la1JwYTJwVGQzVjJTVzByTTA1bVowdENiR1owWTJ4WGJtaDFieXR0UXlzMVNVMUtSVzVNUkhoV1JYbERNbUphVkZVM2NucHhWbmx6T0hWdGRtaHpVSFUwTlhGdGRGZFpjems1TUhGYVdpOTRSa0pOUjBGSVFqbGtOVzV1VTB4dE1FbGFSWFJJU1hWSWFtOVNTa3cwUWtGSGQwNW9hRGx1VUV0Q1YxbG9TVEZUWlhvclluaG1UekZJWm5adlFtRnBUeXQ0YlhFdlZVRm9TbWR1U2xwYVpuVlhObFJyWWtaTVRWUkJXSGhYU2l0TmNsaEpVQ3RtZEVKSGQyTnZOSGxLUnpadWRFTkVWbmxQYUhsalptcENOVGRRWjJwalduaHlVM0ZMVTAxVFRrbE9TakJEUTI5cmRsVXlVakZ4YzJWbE16Um1OVGd5TUhadlpGQldiRzlDWVhaMlFYY3ZkMEpaWldOTE0yVm9VRTVvZGxwNVdHWkRVRzE2YjJoeksyeFVhMGgwWlZaalVXMVpXbVJIT1VKb1dVTTVTRnB2U205blVYbE1aMVYzVWpoSWFHNHlNako0Vm14T1JtdGhWaXMzYkhSMWNHaFJaVWR0VVVWb00xaHZORU41VDNJeGFXOHpLekUyT0ZsRmVqVktZbVZtY2pWVllXUm9NMHAwU0V0eWFuZGxlREJYTkV0SmFrOXZZazVGZEVKMWVVUXZUazV5YlRSb1VqWnpVRzFVVnpJdk1XdDBSMVZ4ZUhjM2VUQmFZMjB6YzI5clFUZENXRE12T0ZsSmEzSjJLMnR1VVZOU1N6bHRaSE5YVTBGelluY3pXblZOTlM5ck1VWjNWRFF2UkdOR1UycHFSV2x3VDJOd04zbFRiR1JJTlRNMU5TdDRibW95YjNkRlREZHRNMkZQYTJOdFdHMVpWa1paWW1KQ1luaEdiRUpZYTIxVVNXcEtiMHc1TVhGdFEySlNhMjAxUkd0aVdYVkZMMWRIY1UxR1VrOVRhMFUyTWtsSk1tOUxNV1ZWWWxkUFQxQlFVVEZ2VVc5NWFFMTFkM0E1T0c4NWFucFhLM2hhUWxwQmFXMHhaVUkwTm1rcmJHMTFhRk42UldwRlVWaFlkazlSUm5aTFJrNVhjVzVQUnpsdFMyRmhjRXR5Y2paM1ZuaHVibEZ3TlU5M1Ewd3lSM1JrVTAxMVpUYzRXbWxpYUVseWVpOUtabFJTY2tZMVVWZ3dSelkxVGxOR09IVmxWR3BKZWpBMFRFUnhWemR1U2tvMFlteEJVVmxhYzJGNWQzZEJVV2xvTDJ4UWVVSjJOalpEUlU1eVZVaEZXbGRWT1hwRVNFczVhRzk0UjNOMVpFazVSa3RtTW1sNFRrWk9WSFl5U3pJNVZUWXpXWEI1YmtSbFNVd3pWMDF1TUVNeVdtUllkM0pPWnpSdVZVSlRhVzl5TVhCeWEybE9hV1V6UnpkSmNEVnJTR0o0V25sdGExRlVWV0kyY21SWVRqTnFMMUowTm5nNFZ6SnFlREl2T1VaeVRIQnpOSEpxUjNWdlMwVlJWMWh0V1hobGVEZHdVR1pMTDI1MU9ETndWVzh2WTI1bmRsaEJObUY0SzA1M2JIcEplVFUwUVVWa056ZzJkakU0UVRkMGRURklXbkJrWkZkeFp6VlRSMWQzYVZCR1UyYzNVVzF0WXpsSVNUQnhORlZLUVdVMFdVTjFTVEZyVjJ4WE5URkRUa2xXTlZGclEzcEdUV3hDVjFOd1kzWnlMM3AyTm5velpVeDZSM0ZxWlZNMlVXdGFTbXBqZW1GUkx6bDZNbXh5Y25GUmIzVkRhRWRCYmxOM0wwTm9VakE0YVZSQ1ZEQlpjVEpMTW01alNpODFhM3BQV214UU1rWllhbGhCT1dzNGEwcHFNamRKZVVsUmFYVkljVkJWT1VKSE1XNTRiU3RaZVRsR2VHdFBhRlJuUVRGTU1rWldZWEZzTHpKMUsyRXdjemR2TjJaT05GUllTSGRDTjFCS1YwUXlPVmx2ZFROV2VVOXZaVXd3S3prNVdXdEVaVWxZWkZsR2IzZERTekJRTTFkVFJFUnRWRFZyY0dod09VeFBhMHN5VkZCd2RteE5QU0lzSW1SaGRHRnJaWGtpT2lKQlVVbENRVWhwU0ZkaFdWUnVVbFZYUTJKdWVpczNUSFpOUnl0QlVIWlVTSHBJYkVKVlVUbEdjVVZ0VmpJMlFtUjNkMGRITUVjd1JGZGpaRTVhU25KclpEQnFaMDR2SzBsQlFVRkJabXBDT0VKbmEzRm9hMmxIT1hjd1FrSjNZV2RpZWtKMFFXZEZRVTFIWjBkRFUzRkhVMGxpTTBSUlJVaEJWRUZsUW1kc1oyaHJaMEphVVUxRlFWTTBkMFZSVVUxM1VYUlFjMFJWU0V4RFNWQXZjelJzUVdkRlVXZEVkWGt4UlhCamFqYzVkWFZYTVRSVmVHcGpNbG93WVVWRVFuZEdValpUUVZsTFFYbHNRM0Z3WTFjMGJFVlpiSEZ0YTJ4UVNFdDNha3R4U0VwWFZVY3dSa2R5VEdWcVpXSmxabGhWU1c1SFFtYzlQU0lzSW5abGNuTnBiMjRpT2lJeUlpd2lkSGx3WlNJNklrUkJWRUZmUzBWWklpd2laWGh3YVhKaGRHbHZiaUk2TVRjeE9URXhOREF3T1gwPQ==","expiresAt":1.719114009405E9,"proxyEndpoint":"https:/xxxxx.dkr.ecr.ap-south-1.amazonaws.com"}]}'
DEBUG:botocore.hooks:Event needs-retry.ecr.GetAuthorizationToken: calling handler <botocore.retryhandler.RetryHandler object at 0x7fbb52e88d30>
DEBUG:botocore.retryhandler:No retry needed.
DEBUG:root:('xxxxx', 'xxxxx-xxxxx')
DEBUG:root:library/xxxxxx
DEBUG:root:<Response [404]>
ERROR:root:Error status code: 404
DEBUG:root:<Response [404]>

Add support for arm64

I was unable to run urunner on my all ARM64 cluster (https://raymii.org/s/tutorials/My_First_Kubernetes_k3s_cluster_on_3_Orange_Pi_Zero_3s_including_k8s_dashboard_hello-node_and_failover.html)

Here is a recent pull request from canary checker that added arm64 support as an example: https://github.com/flanksource/canary-checker/pull/1956/files#diff-2e71f9191e45345b53b343fdd7b8e2622685599e60237e81e8f0859a8cc03fc7

When adding an x86 node and forcing Helm to use that node, urunner works just fine:

helm upgrade --install urunner oci://ghcr.io/texano00/urunner/helm/urunner --version 0.1.0 --values values.yaml -n urunner  --set nodeSelector."kubernetes\.io/arch"=amd64

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.