diff --git a/community_images/airflow/airflow-scheduler/bitnami/README.md b/community_images/airflow/airflow-scheduler/bitnami/README.md deleted file mode 100644 index 31ba0d6622..0000000000 --- a/community_images/airflow/airflow-scheduler/bitnami/README.md +++ /dev/null @@ -1,146 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for Apache Airflow Scheduler - -RapidFort’s container optimization process hardened this Apache Airflow Scheduler container. This container is free to use and has no license limitations. - -It is the same as the [Bitnami Apache Airflow Scheduler][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is Apache Airflow Scheduler? - -> Apache Airflow (or simply Airflow) is a platform to programmatically author, schedule, and monitor workflows. - -When workflows are defined as code, they become more maintainable, versionable, testable, and collaborative. - -Use Airflow to author workflows as directed acyclic graphs (DAGs) of tasks. The Airflow scheduler executes your tasks on an array of workers while following the specified dependencies. Rich command line utilities make performing complex surgeries on DAGs a snap. The rich user interface makes it easy to visualize pipelines running in production, monitor progress, and troubleshoot issues when needed. - - -[Overview of Apache Airflow Scheduler](https://airflow.apache.org/) - -Disclaimer: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - - -## How do I use this hardened Apache Airflow Scheduler image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -$ helm repo add bitnami https://charts.bitnami.com/bitnami - -# install airflow, just replace repository with RapidFort registry -$ helm install my-airflow bitnami/airflow --set image.repository=rapidfort/airflow - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [Bitnami Apache Airflow Scheduler][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [Bitnami Apache Airflow Scheduler][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/airflow-scheduler][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links -* [`2`, `2-debian-11`, `2.7.3`, `2.7.3-debian-11-r` (2/debian-11/Dockerfile)](https://github.com/bitnami/containers/tree/main/bitnami/airflow-scheduler/2/debian-11/Dockerfile) - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=airflow-scheduler&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fairflow-scheduler?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=airflow-scheduler&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fairflow-scheduler?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=airflow-scheduler&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fairflow-scheduler?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=airflow-scheduler&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fairflow-scheduler?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=airflow-scheduler&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fairflow-scheduler?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=airflow-scheduler&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/airflow-scheduler?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/airflow-scheduler?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/airflow/airflow-scheduler/bitnami/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/airflow/airflow-scheduler/bitnami/assets/cve_reduction.webp - -[source-image-repo-link]: https://hub.docker.com/r/bitnami/airflow-scheduler -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/airflow-scheduler diff --git a/community_images/airflow/airflow-scheduler/bitnami/assets/cve_reduction.webp b/community_images/airflow/airflow-scheduler/bitnami/assets/cve_reduction.webp deleted file mode 100644 index 470cc1e8c4..0000000000 Binary files a/community_images/airflow/airflow-scheduler/bitnami/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/airflow/airflow-scheduler/bitnami/assets/metrics.webp b/community_images/airflow/airflow-scheduler/bitnami/assets/metrics.webp deleted file mode 100644 index bc6ac7709c..0000000000 Binary files a/community_images/airflow/airflow-scheduler/bitnami/assets/metrics.webp and /dev/null differ diff --git a/community_images/airflow/airflow-scheduler/bitnami/image.yml b/community_images/airflow/airflow-scheduler/bitnami/image.yml deleted file mode 100644 index 63673f8380..0000000000 --- a/community_images/airflow/airflow-scheduler/bitnami/image.yml +++ /dev/null @@ -1,24 +0,0 @@ -name: airflow-scheduler -official_name: Apache Airflow Scheduler -official_website: https://airflow.apache.org/ -source_image_provider: Bitnami -source_image_repo: docker.io/bitnami/airflow-scheduler -source_image_repo_link: https://hub.docker.com/r/bitnami/airflow-scheduler -source_image_readme: https://github.com/bitnami/containers/blob/main/bitnami/airflow-scheduler/README.md -rf_docker_link: rapidfort/airflow-scheduler -image_workflow_name: airflow_airflow_bitnami -github_location: airflow/airflow-scheduler/bitnami -report_url: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fairflow-scheduler -usage_instructions: | - $ helm repo add bitnami https://charts.bitnami.com/bitnami - - # install airflow, just replace repository with RapidFort registry - $ helm install my-airflow bitnami/airflow --set image.repository=rapidfort/airflow -what_is_text: | - Apache Airflow (or simply Airflow) is a platform to programmatically author, schedule, and monitor workflows. - - When workflows are defined as code, they become more maintainable, versionable, testable, and collaborative. - - Use Airflow to author workflows as directed acyclic graphs (DAGs) of tasks. The Airflow scheduler executes your tasks on an array of workers while following the specified dependencies. Rich command line utilities make performing complex surgeries on DAGs a snap. The rich user interface makes it easy to visualize pipelines running in production, monitor progress, and troubleshoot issues when needed. -disclaimer: | - Disclaimer: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. diff --git a/community_images/airflow/airflow-worker/bitnami/README.md b/community_images/airflow/airflow-worker/bitnami/README.md deleted file mode 100644 index a7392512fc..0000000000 --- a/community_images/airflow/airflow-worker/bitnami/README.md +++ /dev/null @@ -1,146 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for Apache Airflow Worker - -RapidFort’s container optimization process hardened this Apache Airflow Worker container. This container is free to use and has no license limitations. - -It is the same as the [Bitnami Apache Airflow Worker][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is Apache Airflow Worker? - -> Apache Airflow (or simply Airflow) is a platform to programmatically author, schedule, and monitor workflows. - -When workflows are defined as code, they become more maintainable, versionable, testable, and collaborative. - -Use Airflow to author workflows as directed acyclic graphs (DAGs) of tasks. The Airflow scheduler executes your tasks on an array of workers while following the specified dependencies. Rich command line utilities make performing complex surgeries on DAGs a snap. The rich user interface makes it easy to visualize pipelines running in production, monitor progress, and troubleshoot issues when needed. - - -[Overview of Apache Airflow Worker](https://airflow.apache.org/) - -Disclaimer: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - - -## How do I use this hardened Apache Airflow Worker image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -$ helm repo add bitnami https://charts.bitnami.com/bitnami - -# install airflow, just replace repository with RapidFort registry -$ helm install my-airflow bitnami/airflow --set image.repository=rapidfort/airflow - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [Bitnami Apache Airflow Worker][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [Bitnami Apache Airflow Worker][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/airflow-worker][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links -* [`2`, `2-debian-11`, `2.7.3`, `2.7.3-debian-11-r` (2/debian-11/Dockerfile)](https://github.com/bitnami/containers/tree/main/bitnami/airflow-worker/2/debian-11/Dockerfile) - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=airflow-worker&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fairflow-worker?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=airflow-worker&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fairflow-worker?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=airflow-worker&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fairflow-worker?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=airflow-worker&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fairflow-worker?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=airflow-worker&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fairflow-worker?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=airflow-worker&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/airflow-worker?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/airflow-worker?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/airflow/airflow-worker/bitnami/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/airflow/airflow-worker/bitnami/assets/cve_reduction.webp - -[source-image-repo-link]: https://hub.docker.com/r/bitnami/airflow-worker -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/airflow-worker diff --git a/community_images/airflow/airflow-worker/bitnami/assets/cve_reduction.webp b/community_images/airflow/airflow-worker/bitnami/assets/cve_reduction.webp deleted file mode 100644 index 821e7c1190..0000000000 Binary files a/community_images/airflow/airflow-worker/bitnami/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/airflow/airflow-worker/bitnami/assets/metrics.webp b/community_images/airflow/airflow-worker/bitnami/assets/metrics.webp deleted file mode 100644 index d2f01a4d9d..0000000000 Binary files a/community_images/airflow/airflow-worker/bitnami/assets/metrics.webp and /dev/null differ diff --git a/community_images/airflow/airflow-worker/bitnami/image.yml b/community_images/airflow/airflow-worker/bitnami/image.yml deleted file mode 100644 index b7dacbf118..0000000000 --- a/community_images/airflow/airflow-worker/bitnami/image.yml +++ /dev/null @@ -1,24 +0,0 @@ -name: airflow-worker -official_name: Apache Airflow Worker -official_website: https://airflow.apache.org/ -source_image_provider: Bitnami -source_image_repo: docker.io/bitnami/airflow-worker -source_image_repo_link: https://hub.docker.com/r/bitnami/airflow-worker -source_image_readme: https://github.com/bitnami/containers/blob/main/bitnami/airflow-worker/README.md -rf_docker_link: rapidfort/airflow-worker -image_workflow_name: airflow_airflow_bitnami -github_location: airflow/airflow-worker/bitnami -report_url: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fairflow-worker -usage_instructions: | - $ helm repo add bitnami https://charts.bitnami.com/bitnami - - # install airflow, just replace repository with RapidFort registry - $ helm install my-airflow bitnami/airflow --set image.repository=rapidfort/airflow -what_is_text: | - Apache Airflow (or simply Airflow) is a platform to programmatically author, schedule, and monitor workflows. - - When workflows are defined as code, they become more maintainable, versionable, testable, and collaborative. - - Use Airflow to author workflows as directed acyclic graphs (DAGs) of tasks. The Airflow scheduler executes your tasks on an array of workers while following the specified dependencies. Rich command line utilities make performing complex surgeries on DAGs a snap. The rich user interface makes it easy to visualize pipelines running in production, monitor progress, and troubleshoot issues when needed. -disclaimer: | - Disclaimer: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. diff --git a/community_images/airflow/airflow/bitnami/.rfignore b/community_images/airflow/airflow/bitnami/.rfignore deleted file mode 100644 index ab2510e182..0000000000 --- a/community_images/airflow/airflow/bitnami/.rfignore +++ /dev/null @@ -1,4 +0,0 @@ -opt/bitnami/common/licenses -opt/bitnami/licenses -opt/bitnami/airflow/licenses -usr/share/common-licenses diff --git a/community_images/airflow/airflow/bitnami/README.md b/community_images/airflow/airflow/bitnami/README.md deleted file mode 100644 index 256f3e6f17..0000000000 --- a/community_images/airflow/airflow/bitnami/README.md +++ /dev/null @@ -1,146 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for Apache Airflow - -RapidFort’s container optimization process hardened this Apache Airflow container. This container is free to use and has no license limitations. - -It is the same as the [Bitnami Apache Airflow][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is Apache Airflow? - -> Apache Airflow (or simply Airflow) is a platform to programmatically author, schedule, and monitor workflows. - -When workflows are defined as code, they become more maintainable, versionable, testable, and collaborative. - -Use Airflow to author workflows as directed acyclic graphs (DAGs) of tasks. The Airflow scheduler executes your tasks on an array of workers while following the specified dependencies. Rich command line utilities make performing complex surgeries on DAGs a snap. The rich user interface makes it easy to visualize pipelines running in production, monitor progress, and troubleshoot issues when needed. - - -[Overview of Apache Airflow](https://airflow.apache.org/) - -Disclaimer: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - - -## How do I use this hardened Apache Airflow image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -$ helm repo add bitnami https://charts.bitnami.com/bitnami - -# install airflow, just replace repository with RapidFort registry -$ helm install my-airflow bitnami/airflow --set image.repository=rapidfort/airflow - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [Bitnami Apache Airflow][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [Bitnami Apache Airflow][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/airflow][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links -* [`2`, `2-debian-11`, `2.7.3`, `2.7.3-debian-11-r` (2/debian-11/Dockerfile)](https://github.com/bitnami/containers/tree/main/bitnami/airflow/2/debian-11/Dockerfile) - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=airflow&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fairflow?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=airflow&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fairflow?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=airflow&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fairflow?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=airflow&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fairflow?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=airflow&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fairflow?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=airflow&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/airflow?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/airflow?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/airflow/airflow/bitnami/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/airflow/airflow/bitnami/assets/cve_reduction.webp - -[source-image-repo-link]: https://hub.docker.com/r/bitnami/airflow -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/airflow diff --git a/community_images/airflow/airflow/bitnami/assets/cve_reduction.webp b/community_images/airflow/airflow/bitnami/assets/cve_reduction.webp deleted file mode 100644 index d725bb0ea2..0000000000 Binary files a/community_images/airflow/airflow/bitnami/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/airflow/airflow/bitnami/assets/metrics.webp b/community_images/airflow/airflow/bitnami/assets/metrics.webp deleted file mode 100644 index 244ba64e7b..0000000000 Binary files a/community_images/airflow/airflow/bitnami/assets/metrics.webp and /dev/null differ diff --git a/community_images/airflow/airflow/bitnami/dc_coverage.sh b/community_images/airflow/airflow/bitnami/dc_coverage.sh deleted file mode 100755 index 9e539fb7a1..0000000000 --- a/community_images/airflow/airflow/bitnami/dc_coverage.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash - -set -x -set -e - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" - -# PROJECT_NAME=$(jq -r '.project_name' < "$JSON_PARAMS") diff --git a/community_images/airflow/airflow/bitnami/docker-compose.yml b/community_images/airflow/airflow/bitnami/docker-compose.yml deleted file mode 100644 index 4c2c3d3fe0..0000000000 --- a/community_images/airflow/airflow/bitnami/docker-compose.yml +++ /dev/null @@ -1,56 +0,0 @@ -version: '2' - -services: - postgresql: - image: docker.io/rapidfort/postgresql:10.22 - volumes: - - 'postgresql_data:/bitnami/postgresql' - environment: - - POSTGRESQL_DATABASE=bitnami_airflow - - POSTGRESQL_USERNAME=bn_airflow - - POSTGRESQL_PASSWORD=bitnami1 - # ALLOW_EMPTY_PASSWORD is recommended only for development. - - ALLOW_EMPTY_PASSWORD=yes - redis: - image: docker.io/rapidfort/redis:7.0 - volumes: - - 'redis_data:/bitnami' - environment: - # ALLOW_EMPTY_PASSWORD is recommended only for development. - - ALLOW_EMPTY_PASSWORD=yes - airflow-scheduler: - image: ${AIRFLOW_SCHEDULER_IMAGE_REPOSITORY}:${AIRFLOW_SCHEDULER_IMAGE_TAG} - cap_add: - - SYS_PTRACE - environment: - - AIRFLOW_DATABASE_NAME=bitnami_airflow - - AIRFLOW_DATABASE_USERNAME=bn_airflow - - AIRFLOW_DATABASE_PASSWORD=bitnami1 - - AIRFLOW_EXECUTOR=CeleryExecutor - - AIRFLOW_WEBSERVER_HOST=airflow - airflow-worker: - image: ${AIRFLOW_WORKER_IMAGE_REPOSITORY}:${AIRFLOW_WORKER_IMAGE_TAG} - cap_add: - - SYS_PTRACE - environment: - - AIRFLOW_DATABASE_NAME=bitnami_airflow - - AIRFLOW_DATABASE_USERNAME=bn_airflow - - AIRFLOW_DATABASE_PASSWORD=bitnami1 - - AIRFLOW_EXECUTOR=CeleryExecutor - - AIRFLOW_WEBSERVER_HOST=airflow - airflow: - image: ${AIRFLOW_IMAGE_REPOSITORY}:${AIRFLOW_IMAGE_TAG} - cap_add: - - SYS_PTRACE - environment: - - AIRFLOW_DATABASE_NAME=bitnami_airflow - - AIRFLOW_DATABASE_USERNAME=bn_airflow - - AIRFLOW_DATABASE_PASSWORD=bitnami1 - - AIRFLOW_EXECUTOR=CeleryExecutor - ports: - - '8080:8080' -volumes: - postgresql_data: - driver: local - redis_data: - driver: local diff --git a/community_images/airflow/airflow/bitnami/docker_coverage.sh b/community_images/airflow/airflow/bitnami/docker_coverage.sh deleted file mode 100755 index 87c7ba3798..0000000000 --- a/community_images/airflow/airflow/bitnami/docker_coverage.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash - -set -x -set -e - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker coverage = $JSON" - -# NETWORK_NAME=$(jq -r '.network_name' < "$JSON_PARAMS") -# ENVOY_HOST=$(jq -r '.container_details.envoy.ip_address' < "$JSON_PARAMS") diff --git a/community_images/airflow/airflow/bitnami/image.yml b/community_images/airflow/airflow/bitnami/image.yml deleted file mode 100644 index 07315480f4..0000000000 --- a/community_images/airflow/airflow/bitnami/image.yml +++ /dev/null @@ -1,76 +0,0 @@ -name: airflow -official_name: Apache Airflow -official_website: https://airflow.apache.org/ -source_image_provider: Bitnami -source_image_repo: docker.io/bitnami/airflow -source_image_repo_link: https://hub.docker.com/r/bitnami/airflow -source_image_readme: https://github.com/bitnami/containers/blob/main/bitnami/airflow/README.md -rf_docker_link: rapidfort/airflow -image_workflow_name: airflow_airflow_bitnami -github_location: airflow/airflow/bitnami -report_url: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fairflow -usage_instructions: | - $ helm repo add bitnami https://charts.bitnami.com/bitnami - - # install airflow, just replace repository with RapidFort registry - $ helm install my-airflow bitnami/airflow --set image.repository=rapidfort/airflow -what_is_text: | - Apache Airflow (or simply Airflow) is a platform to programmatically author, schedule, and monitor workflows. - - When workflows are defined as code, they become more maintainable, versionable, testable, and collaborative. - - Use Airflow to author workflows as directed acyclic graphs (DAGs) of tasks. The Airflow scheduler executes your tasks on an array of workers while following the specified dependencies. Rich command line utilities make performing complex surgeries on DAGs a snap. The rich user interface makes it easy to visualize pipelines running in production, monitor progress, and troubleshoot issues when needed. -disclaimer: | - Disclaimer: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. -input_registry: - registry: docker.io - account: bitnami -repo_sets: - - airflow: - input_base_tag: "2.7.1-debian-11-r" - airflow-scheduler: - input_base_tag: "2.7.1-debian-11-r" - airflow-worker: - input_base_tag: "2.7.1-debian-11-r" -runtimes: - - type: k8s - script: k8s_coverage.sh - helm: - repo: bitnami - repo_url: https://charts.bitnami.com/bitnami - chart: airflow - readiness_wait_deployments_suffix: - - web - - scheduler - image_keys: - airflow: - repository: "image.repository" - tag: "image.tag" - airflow-scheduler: - repository: "scheduler.image.repository" - tag: "scheduler.image.tag" - airflow-worker: - repository: "worker.image.repository" - tag: "worker.image.tag" - override_file: "overrides.yml" - helm_additional_params: - auth.username: "rf-test" - auth.password: "rf_password123!" - git.dags.enabled: true - git.dags.repositories[0].repository: https://github.com/rapidfort/airflow-example-dags - git.dags.repositories[0].name: airflow-example-dags - git.dags.repositories[0].branch: main - - - type: docker_compose - compose_file: docker-compose.yml - wait_time_sec: 300 - image_keys: - airflow: - repository: "AIRFLOW_IMAGE_REPOSITORY" - tag: "AIRFLOW_IMAGE_TAG" - airflow-scheduler: - repository: "AIRFLOW_SCHEDULER_IMAGE_REPOSITORY" - tag: "AIRFLOW_SCHEDULER_IMAGE_TAG" - airflow-worker: - repository: "AIRFLOW_WORKER_IMAGE_REPOSITORY" - tag: "AIRFLOW_WORKER_IMAGE_TAG" diff --git a/community_images/airflow/airflow/bitnami/k8s_coverage.sh b/community_images/airflow/airflow/bitnami/k8s_coverage.sh deleted file mode 100755 index c79c8d43d9..0000000000 --- a/community_images/airflow/airflow/bitnami/k8s_coverage.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash - -set -x -set -e - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for k8s coverage = $JSON" - -SCRIPTPATH=$(jq -r '.image_script_dir' < "$JSON_PARAMS") -NAMESPACE=$(jq -r '.namespace_name' < "$JSON_PARAMS") -RELEASE_NAME=$(jq -r '.release_name' < "$JSON_PARAMS") - -AIRFLOW_SERVER="${RELEASE_NAME}"."${NAMESPACE}".svc.cluster.local -AIRFLOW_PORT='8080' - -"${SCRIPTPATH}"/../../../common/selenium_tests/runner.sh "${AIRFLOW_SERVER}" "${AIRFLOW_PORT}" "${SCRIPTPATH}"/selenium_tests "${NAMESPACE}" 2>&1 diff --git a/community_images/airflow/airflow/bitnami/overrides.yml b/community_images/airflow/airflow/bitnami/overrides.yml deleted file mode 100644 index f7f43109e0..0000000000 --- a/community_images/airflow/airflow/bitnami/overrides.yml +++ /dev/null @@ -1,56 +0,0 @@ -global: - imagePullSecrets: ["rf-regcred"] -web: - image: - pullPolicy: Always - containerSecurityContext: - enabled: true - runAsUser: 1001 - allowPrivilegeEscalation: true - capabilities: - add: ["SYS_PTRACE"] - extraEnvVars: - - name: "RF_VERBOSE" - value: "0" - livenessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 - readinessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 -scheduler: - image: - pullPolicy: Always - containerSecurityContext: - enabled: true - runAsUser: 1001 - allowPrivilegeEscalation: true - capabilities: - add: ["SYS_PTRACE"] - extraEnvVars: - - name: "RF_VERBOSE" - value: "0" - livenessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 - readinessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 -worker: - image: - pullPolicy: Always - containerSecurityContext: - enabled: true - runAsUser: 1001 - allowPrivilegeEscalation: true - capabilities: - add: ["SYS_PTRACE"] - extraEnvVars: - - name: "RF_VERBOSE" - value: "0" - livenessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 - readinessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 diff --git a/community_images/airflow/airflow/bitnami/selenium_tests/airflow.side b/community_images/airflow/airflow/bitnami/selenium_tests/airflow.side deleted file mode 100644 index 867a688952..0000000000 --- a/community_images/airflow/airflow/bitnami/selenium_tests/airflow.side +++ /dev/null @@ -1,1474 +0,0 @@ -{ - "id": "ec24a438-207b-4565-b3ca-b9be555a0bc5", - "version": "2.0", - "name": "airflow", - "url": "http://172.31.36.230:8080", - "tests": [{ - "id": "c9ccfb35-304c-4227-80b6-c1c789642a8b", - "name": "enable-dags", - "commands": [{ - "id": "ab3487a5-59c6-4d5e-8b9e-eebefe7ad36c", - "comment": "", - "command": "open", - "target": "/login/?next=http%3A%2F%2F172.31.36.230%3A8080%2Fhome", - "targets": [], - "value": "" - }, { - "id": "56193521-7c51-4670-bcf5-f1ac75d00912", - "comment": "", - "command": "setWindowSize", - "target": "1200x1286", - "targets": [], - "value": "" - }, { - "id": "a775a588-e850-4d32-841f-3b0d279681f1", - "comment": "", - "command": "type", - "target": "id=username", - "targets": [ - ["id=username", "id"], - ["name=username", "name"], - ["css=#username", "css:finder"], - ["xpath=//input[@id='username']", "xpath:attributes"], - ["xpath=//div[@id='loginbox']/div/div[2]/form/div[2]/div/div/input", "xpath:idRelative"], - ["xpath=//div/input", "xpath:position"] - ], - "value": "rf-test" - }, { - "id": "5e8fe5f4-e857-4dab-9273-ff636256b12c", - "comment": "", - "command": "type", - "target": "id=password", - "targets": [ - ["id=password", "id"], - ["name=password", "name"], - ["css=#password", "css:finder"], - ["xpath=//input[@id='password']", "xpath:attributes"], - ["xpath=//div[@id='loginbox']/div/div[2]/form/div[2]/div/div[2]/input", "xpath:idRelative"], - ["xpath=//div[2]/input", "xpath:position"] - ], - "value": "rf_password123!" - }, { - "id": "c9200f66-f0f6-4278-9fea-b61c76541f9b", - "comment": "", - "command": "click", - "target": "css=.btn-primary", - "targets": [ - ["css=.btn-primary", "css:finder"], - ["xpath=//input[@value='Sign In']", "xpath:attributes"], - ["xpath=//div[@id='loginbox']/div/div[2]/form/div[3]/div/div/input", "xpath:idRelative"], - ["xpath=//div[3]/div/div/input", "xpath:position"] - ], - "value": "" - }, { - "id": "398f07cb-7139-4ab4-8d5c-6f06e722653b", - "comment": "", - "command": "click", - "target": "css=tr:nth-child(1) .switch", - "targets": [ - ["css=tr:nth-child(1) .switch", "css:finder"], - ["xpath=//div[@id='main_content']/div[2]/div/table/tbody/tr/td/label/span", "xpath:idRelative"], - ["xpath=//label/span", "xpath:position"] - ], - "value": "" - }, { - "id": "c80c8ad4-7173-49de-ae36-31c4a7982197", - "comment": "", - "command": "click", - "target": "css=tr:nth-child(2) .switch", - "targets": [ - ["css=tr:nth-child(2) .switch", "css:finder"], - ["xpath=//div[@id='main_content']/div[2]/div/table/tbody/tr[2]/td/label/span", "xpath:idRelative"], - ["xpath=//tr[2]/td/label/span", "xpath:position"] - ], - "value": "" - }, { - "id": "feba23ea-458e-4b24-b5ff-52c06e486f49", - "comment": "", - "command": "click", - "target": "css=tr:nth-child(3) .switch", - "targets": [ - ["css=tr:nth-child(3) .switch", "css:finder"], - ["xpath=//div[@id='main_content']/div[2]/div/table/tbody/tr[3]/td/label/span", "xpath:idRelative"], - ["xpath=//tr[3]/td/label/span", "xpath:position"] - ], - "value": "" - }, { - "id": "70c33b2e-48d1-4a72-b287-b9ac37f73d21", - "comment": "", - "command": "click", - "target": "css=tr:nth-child(4) .switch", - "targets": [ - ["css=tr:nth-child(4) .switch", "css:finder"], - ["xpath=//div[@id='main_content']/div[2]/div/table/tbody/tr[4]/td/label/span", "xpath:idRelative"], - ["xpath=//tr[4]/td/label/span", "xpath:position"] - ], - "value": "" - }, { - "id": "887b4b73-fbcc-4910-ba2a-587ee5fc1319", - "comment": "", - "command": "click", - "target": "css=tr:nth-child(5) .switch-label", - "targets": [ - ["css=tr:nth-child(5) .switch-label", "css:finder"], - ["xpath=//div[@id='main_content']/div[2]/div/table/tbody/tr[5]/td/label", "xpath:idRelative"], - ["xpath=//tr[5]/td/label", "xpath:position"] - ], - "value": "" - }, { - "id": "863220e2-138c-4b28-b0bc-24f29be54d3d", - "comment": "", - "command": "click", - "target": "css=tr:nth-child(6) .switch", - "targets": [ - ["css=tr:nth-child(6) .switch", "css:finder"], - ["xpath=//div[@id='main_content']/div[2]/div/table/tbody/tr[6]/td/label/span", "xpath:idRelative"], - ["xpath=//tr[6]/td/label/span", "xpath:position"] - ], - "value": "" - }, { - "id": "697d9d5e-31f1-4cea-a58d-f8407c9daac5", - "comment": "", - "command": "click", - "target": "css=tr:nth-child(7) .switch", - "targets": [ - ["css=tr:nth-child(7) .switch", "css:finder"], - ["xpath=//div[@id='main_content']/div[2]/div/table/tbody/tr[7]/td/label/span", "xpath:idRelative"], - ["xpath=//tr[7]/td/label/span", "xpath:position"] - ], - "value": "" - }, { - "id": "35626dbc-518d-4bd7-8466-2cd827a47fbd", - "comment": "", - "command": "click", - "target": "css=tr:nth-child(8) .switch", - "targets": [ - ["css=tr:nth-child(8) .switch", "css:finder"], - ["xpath=//div[@id='main_content']/div[2]/div/table/tbody/tr[8]/td/label/span", "xpath:idRelative"], - ["xpath=//tr[8]/td/label/span", "xpath:position"] - ], - "value": "" - }, { - "id": "23ea3ae4-a724-486f-adcf-7a345743d1f9", - "comment": "", - "command": "click", - "target": "css=tr:nth-child(9) .switch", - "targets": [ - ["css=tr:nth-child(9) .switch", "css:finder"], - ["xpath=//div[@id='main_content']/div[2]/div/table/tbody/tr[9]/td/label/span", "xpath:idRelative"], - ["xpath=//tr[9]/td/label/span", "xpath:position"] - ], - "value": "" - }, { - "id": "ffef4934-33c6-40c5-8cd9-343c18c7951c", - "comment": "", - "command": "runScript", - "target": "window.scrollTo(0,41.5)", - "targets": [], - "value": "" - }, { - "id": "ac865b09-f8a2-4fb3-bf9e-77a5b761ce80", - "comment": "", - "command": "click", - "target": "css=tr:nth-child(10) .switch", - "targets": [ - ["css=tr:nth-child(10) .switch", "css:finder"], - ["xpath=//div[@id='main_content']/div[2]/div/table/tbody/tr[10]/td/label/span", "xpath:idRelative"], - ["xpath=//tr[10]/td/label/span", "xpath:position"] - ], - "value": "" - }, { - "id": "2e694974-3c3b-41c6-876b-bd2421142559", - "comment": "", - "command": "click", - "target": "css=tr:nth-child(11) .switch", - "targets": [ - ["css=tr:nth-child(11) .switch", "css:finder"], - ["xpath=//div[@id='main_content']/div[2]/div/table/tbody/tr[11]/td/label/span", "xpath:idRelative"], - ["xpath=//tr[11]/td/label/span", "xpath:position"] - ], - "value": "" - }, { - "id": "65b660f1-f759-450b-bc5b-ec4d3b8bb8b2", - "comment": "", - "command": "runScript", - "target": "window.scrollTo(0,109)", - "targets": [], - "value": "" - }, { - "id": "3c261b2c-29aa-4290-b9e6-8edd12446479", - "comment": "", - "command": "click", - "target": "css=tr:nth-child(12) .switch", - "targets": [ - ["css=tr:nth-child(12) .switch", "css:finder"], - ["xpath=//div[@id='main_content']/div[2]/div/table/tbody/tr[12]/td/label/span", "xpath:idRelative"], - ["xpath=//tr[12]/td/label/span", "xpath:position"] - ], - "value": "" - }, { - "id": "4217479b-dc6e-4821-85fe-eb9f1f54ce5e", - "comment": "", - "command": "click", - "target": "css=tr:nth-child(13) .switch", - "targets": [ - ["css=tr:nth-child(13) .switch", "css:finder"], - ["xpath=//div[@id='main_content']/div[2]/div/table/tbody/tr[13]/td/label/span", "xpath:idRelative"], - ["xpath=//tr[13]/td/label/span", "xpath:position"] - ], - "value": "" - }, { - "id": "2879ad86-29b4-4489-8757-753fcdf2670b", - "comment": "", - "command": "runScript", - "target": "window.scrollTo(0,298.5)", - "targets": [], - "value": "" - }, { - "id": "8a122220-5196-46b9-a531-1c3de1b27942", - "comment": "", - "command": "click", - "target": "css=tr:nth-child(14) .switch", - "targets": [ - ["css=tr:nth-child(14) .switch", "css:finder"], - ["xpath=//div[@id='main_content']/div[2]/div/table/tbody/tr[14]/td/label/span", "xpath:idRelative"], - ["xpath=//tr[14]/td/label/span", "xpath:position"] - ], - "value": "" - }, { - "id": "3ec89979-780f-488d-98fa-47484ca06ebd", - "comment": "", - "command": "click", - "target": "css=tr:nth-child(15) .switch", - "targets": [ - ["css=tr:nth-child(15) .switch", "css:finder"], - ["xpath=//div[@id='main_content']/div[2]/div/table/tbody/tr[15]/td/label/span", "xpath:idRelative"], - ["xpath=//tr[15]/td/label/span", "xpath:position"] - ], - "value": "" - }, { - "id": "63c857b1-3b09-4a07-9fb8-d91259cd0571", - "comment": "", - "command": "click", - "target": "css=tr:nth-child(16) .switch", - "targets": [ - ["css=tr:nth-child(16) .switch", "css:finder"], - ["xpath=//div[@id='main_content']/div[2]/div/table/tbody/tr[16]/td/label/span", "xpath:idRelative"], - ["xpath=//tr[16]/td/label/span", "xpath:position"] - ], - "value": "" - }, { - "id": "0afd6d23-fdda-49d8-83d8-cd4e6b698fd9", - "comment": "", - "command": "runScript", - "target": "window.scrollTo(0,626)", - "targets": [], - "value": "" - }, { - "id": "37b97bb1-8dd1-4cce-a6f1-8ee78dd25a1e", - "comment": "", - "command": "click", - "target": "css=tr:nth-child(17) .switch", - "targets": [ - ["css=tr:nth-child(17) .switch", "css:finder"], - ["xpath=//div[@id='main_content']/div[2]/div/table/tbody/tr[17]/td/label/span", "xpath:idRelative"], - ["xpath=//tr[17]/td/label/span", "xpath:position"] - ], - "value": "" - }, { - "id": "0196759d-b8f2-40f3-a9c7-a3e51b25ae01", - "comment": "", - "command": "click", - "target": "css=tr:nth-child(18) .switch", - "targets": [ - ["css=tr:nth-child(18) .switch", "css:finder"], - ["xpath=//div[@id='main_content']/div[2]/div/table/tbody/tr[18]/td/label/span", "xpath:idRelative"], - ["xpath=//tr[18]/td/label/span", "xpath:position"] - ], - "value": "" - }, { - "id": "fba733ca-cf45-4a60-a5a0-893122088970", - "comment": "", - "command": "click", - "target": "css=tr:nth-child(19) .switch", - "targets": [ - ["css=tr:nth-child(19) .switch", "css:finder"], - ["xpath=//div[@id='main_content']/div[2]/div/table/tbody/tr[19]/td/label/span", "xpath:idRelative"], - ["xpath=//tr[19]/td/label/span", "xpath:position"] - ], - "value": "" - }, { - "id": "90fae2f4-b81d-49c9-bf0e-ea667c311c5a", - "comment": "", - "command": "click", - "target": "css=tr:nth-child(20) .switch", - "targets": [ - ["css=tr:nth-child(20) .switch", "css:finder"], - ["xpath=//div[@id='main_content']/div[2]/div/table/tbody/tr[20]/td/label/span", "xpath:idRelative"], - ["xpath=//tr[20]/td/label/span", "xpath:position"] - ], - "value": "" - }, { - "id": "ad49b6a2-4512-4209-83a8-996ca29d4014", - "comment": "", - "command": "runScript", - "target": "window.scrollTo(0,696)", - "targets": [], - "value": "" - }, { - "id": "f79d3a65-704c-4419-95e0-8d0149d398c9", - "comment": "", - "command": "click", - "target": "css=tr:nth-child(21) .switch", - "targets": [ - ["css=tr:nth-child(21) .switch", "css:finder"], - ["xpath=//div[@id='main_content']/div[2]/div/table/tbody/tr[21]/td/label/span", "xpath:idRelative"], - ["xpath=//tr[21]/td/label/span", "xpath:position"] - ], - "value": "" - }, { - "id": "c7c42771-6d78-4f82-9765-a0982fd6cd83", - "comment": "", - "command": "click", - "target": "css=tr:nth-child(22) .switch", - "targets": [ - ["css=tr:nth-child(22) .switch", "css:finder"], - ["xpath=//div[@id='main_content']/div[2]/div/table/tbody/tr[22]/td/label/span", "xpath:idRelative"], - ["xpath=//tr[22]/td/label/span", "xpath:position"] - ], - "value": "" - }, { - "id": "ea11cbcc-b206-4c79-a7c8-c2e7773a2eb0", - "comment": "", - "command": "click", - "target": "css=tr:nth-child(23) .switch", - "targets": [ - ["css=tr:nth-child(23) .switch", "css:finder"], - ["xpath=//div[@id='main_content']/div[2]/div/table/tbody/tr[23]/td/label/span", "xpath:idRelative"], - ["xpath=//tr[23]/td/label/span", "xpath:position"] - ], - "value": "" - }, { - "id": "3658c739-cb08-42bf-8892-6ddbe15b8c05", - "comment": "", - "command": "click", - "target": "css=tr:nth-child(24) .switch", - "targets": [ - ["css=tr:nth-child(24) .switch", "css:finder"], - ["xpath=//div[@id='main_content']/div[2]/div/table/tbody/tr[24]/td/label/span", "xpath:idRelative"], - ["xpath=//tr[24]/td/label/span", "xpath:position"] - ], - "value": "" - }, { - "id": "601f5bbd-5856-408f-a1c7-12442dd38b5d", - "comment": "", - "command": "click", - "target": "css=tr:nth-child(25) .switch", - "targets": [ - ["css=tr:nth-child(25) .switch", "css:finder"], - ["xpath=//div[@id='main_content']/div[2]/div/table/tbody/tr[25]/td/label/span", "xpath:idRelative"], - ["xpath=//tr[25]/td/label/span", "xpath:position"] - ], - "value": "" - }, { - "id": "03f16611-2204-4b98-9735-b300f863078e", - "comment": "", - "command": "click", - "target": "css=tr:nth-child(26) .switch", - "targets": [ - ["css=tr:nth-child(26) .switch", "css:finder"], - ["xpath=//div[@id='main_content']/div[2]/div/table/tbody/tr[26]/td/label/span", "xpath:idRelative"], - ["xpath=//tr[26]/td/label/span", "xpath:position"] - ], - "value": "" - }, { - "id": "bfc8cc5a-310e-457d-a9da-0a6505937613", - "comment": "", - "command": "click", - "target": "css=tr:nth-child(27) .switch", - "targets": [ - ["css=tr:nth-child(27) .switch", "css:finder"], - ["xpath=//div[@id='main_content']/div[2]/div/table/tbody/tr[27]/td/label/span", "xpath:idRelative"], - ["xpath=//tr[27]/td/label/span", "xpath:position"] - ], - "value": "" - }, { - "id": "4506adf9-7693-457b-a098-3fee647e082d", - "comment": "", - "command": "runScript", - "target": "window.scrollTo(0,0)", - "targets": [], - "value": "" - }, { - "id": "7f5d7cee-61f5-466c-89ee-344bdcdf841e", - "comment": "", - "command": "mouseOver", - "target": "linkText=FL", - "targets": [ - ["linkText=FL", "linkText"], - ["css=.navbar-right > .dropdown:nth-child(2) > .dropdown-toggle", "css:finder"], - ["xpath=(//a[contains(@href, '#')])[7]", "xpath:href"], - ["xpath=//ul[2]/li[2]/a", "xpath:position"], - ["xpath=//a[contains(.,'FL\n ')]", "xpath:innerText"] - ], - "value": "" - }, { - "id": "9dd98ca7-dbfe-421d-af7d-d5b2d4559a37", - "comment": "", - "command": "click", - "target": "linkText=exit_to_appLog Out", - "targets": [ - ["linkText=exit_to_appLog Out", "linkText"], - ["css=.navbar-right > .dropdown:nth-child(2) li:nth-child(3) > a", "css:finder"], - ["xpath=//a[contains(@href, '/logout/')]", "xpath:href"], - ["xpath=//ul[2]/li[2]/ul/li[3]/a", "xpath:position"], - ["xpath=//a[contains(.,'exit_to_appLog Out')]", "xpath:innerText"] - ], - "value": "" - }] - }, { - "id": "7a10ab5e-2868-43bf-bee3-f45230b54415", - "name": "view-security", - "commands": [{ - "id": "d2211051-be22-4981-86a8-44e088eea1c6", - "comment": "", - "command": "open", - "target": "/login/?next=http%3A%2F%2F172.31.36.230%3A8080%2Fhome", - "targets": [], - "value": "" - }, { - "id": "becb36c3-b99a-448b-82bb-22183ca0913f", - "comment": "", - "command": "setWindowSize", - "target": "1200x1286", - "targets": [], - "value": "" - }, { - "id": "044ec06c-eed8-4af2-8ddd-59c068b81e56", - "comment": "", - "command": "type", - "target": "id=username", - "targets": [ - ["id=username", "id"], - ["name=username", "name"], - ["css=#username", "css:finder"], - ["xpath=//input[@id='username']", "xpath:attributes"], - ["xpath=//div[@id='loginbox']/div/div[2]/form/div[2]/div/div/input", "xpath:idRelative"], - ["xpath=//div/input", "xpath:position"] - ], - "value": "rf-test" - }, { - "id": "49d45eb9-13c3-4a91-bbf0-b3a47c2d30cf", - "comment": "", - "command": "type", - "target": "id=password", - "targets": [ - ["id=password", "id"], - ["name=password", "name"], - ["css=#password", "css:finder"], - ["xpath=//input[@id='password']", "xpath:attributes"], - ["xpath=//div[@id='loginbox']/div/div[2]/form/div[2]/div/div[2]/input", "xpath:idRelative"], - ["xpath=//div[2]/input", "xpath:position"] - ], - "value": "rf_password123!" - }, { - "id": "524c4209-e4cd-476b-8923-f7f813ac805c", - "comment": "", - "command": "click", - "target": "css=.btn-primary", - "targets": [ - ["css=.btn-primary", "css:finder"], - ["xpath=//input[@value='Sign In']", "xpath:attributes"], - ["xpath=//div[@id='loginbox']/div/div[2]/form/div[3]/div/div/input", "xpath:idRelative"], - ["xpath=//div[3]/div/div/input", "xpath:position"] - ], - "value": "" - }, { - "id": "df06905a-3687-44bd-b934-3ce3820348e1", - "comment": "", - "command": "mouseOver", - "target": "linkText=Security", - "targets": [ - ["linkText=Security", "linkText"], - ["css=.nav:nth-child(1) > .dropdown:nth-child(2) > .dropdown-toggle", "css:finder"], - ["xpath=//a[contains(text(),'Security')]", "xpath:link"], - ["xpath=//a[contains(@href, 'javascript:void(0)')]", "xpath:href"], - ["xpath=//li[2]/a", "xpath:position"], - ["xpath=//a[contains(.,'Security')]", "xpath:innerText"] - ], - "value": "" - }, { - "id": "17319951-3d14-43b2-afc2-4d39713c7a10", - "comment": "", - "command": "click", - "target": "linkText=List Users", - "targets": [ - ["linkText=List Users", "linkText"], - ["css=.nav:nth-child(1) > .dropdown:nth-child(2) li:nth-child(1) > a", "css:finder"], - ["xpath=//a[contains(text(),'List Users')]", "xpath:link"], - ["xpath=//a[contains(@href, '/users/list/')]", "xpath:href"], - ["xpath=//li[2]/ul/li/a", "xpath:position"], - ["xpath=//a[contains(.,'List Users')]", "xpath:innerText"] - ], - "value": "" - }, { - "id": "b71de319-0362-4d22-ba88-bd08d1418fa6", - "comment": "", - "command": "mouseOver", - "target": "linkText=Security", - "targets": [ - ["linkText=Security", "linkText"], - ["css=.nav:nth-child(1) > .dropdown:nth-child(2) > .dropdown-toggle", "css:finder"], - ["xpath=//a[contains(text(),'Security')]", "xpath:link"], - ["xpath=//a[contains(@href, 'javascript:void(0)')]", "xpath:href"], - ["xpath=//li[2]/a", "xpath:position"], - ["xpath=//a[contains(.,'Security')]", "xpath:innerText"] - ], - "value": "" - }, { - "id": "9ab4475b-3070-4593-bdf6-6ce86f67a1ef", - "comment": "", - "command": "click", - "target": "linkText=List Roles", - "targets": [ - ["linkText=List Roles", "linkText"], - ["css=.dropdown:nth-child(2) li:nth-child(2) > a", "css:finder"], - ["xpath=//a[contains(text(),'List Roles')]", "xpath:link"], - ["xpath=//a[contains(@href, '/roles/list/')]", "xpath:href"], - ["xpath=//li[2]/ul/li[2]/a", "xpath:position"], - ["xpath=//a[contains(.,'List Roles')]", "xpath:innerText"] - ], - "value": "" - }, { - "id": "5f877d07-005f-4f98-b08a-bf5eb6ab1ee6", - "comment": "", - "command": "mouseOver", - "target": "linkText=Security", - "targets": [ - ["linkText=Security", "linkText"], - ["css=.nav:nth-child(1) > .dropdown:nth-child(2) > .dropdown-toggle", "css:finder"], - ["xpath=//a[contains(text(),'Security')]", "xpath:link"], - ["xpath=//a[contains(@href, 'javascript:void(0)')]", "xpath:href"], - ["xpath=//li[2]/a", "xpath:position"], - ["xpath=//a[contains(.,'Security')]", "xpath:innerText"] - ], - "value": "" - }, { - "id": "c3550133-4f20-4402-b04e-46537da473d2", - "comment": "", - "command": "click", - "target": "linkText=User's Statistics", - "targets": [ - ["linkText=User's Statistics", "linkText"], - ["css=.nav:nth-child(1) > .dropdown:nth-child(2) li:nth-child(3) > a", "css:finder"], - ["xpath=//a[contains(@href, '/userstatschartview/chart/')]", "xpath:href"], - ["xpath=//li[3]/a", "xpath:position"] - ], - "value": "" - }, { - "id": "dd896f9f-3a5d-45b5-b5cb-a5087b627973", - "comment": "", - "command": "mouseOver", - "target": "linkText=Security", - "targets": [ - ["linkText=Security", "linkText"], - ["css=.nav:nth-child(1) > .dropdown:nth-child(2) > .dropdown-toggle", "css:finder"], - ["xpath=//a[contains(text(),'Security')]", "xpath:link"], - ["xpath=//a[contains(@href, 'javascript:void(0)')]", "xpath:href"], - ["xpath=//li[2]/a", "xpath:position"], - ["xpath=//a[contains(.,'Security')]", "xpath:innerText"] - ], - "value": "" - }, { - "id": "6804fb61-9dbe-4afb-ab82-5ff0140839ac", - "comment": "", - "command": "click", - "target": "linkText=Actions", - "targets": [ - ["linkText=Actions", "linkText"], - ["css=.dropdown:nth-child(2) li:nth-child(5) > a", "css:finder"], - ["xpath=//a[contains(text(),'Actions')]", "xpath:link"], - ["xpath=//a[contains(@href, '/actions/list/')]", "xpath:href"], - ["xpath=//li[5]/a", "xpath:position"], - ["xpath=//a[contains(.,'Actions')]", "xpath:innerText"] - ], - "value": "" - }, { - "id": "ff0cefbb-45db-420e-979d-2320e18dd95f", - "comment": "", - "command": "mouseOver", - "target": "linkText=Security", - "targets": [ - ["linkText=Security", "linkText"], - ["css=.nav:nth-child(1) > .dropdown:nth-child(2) > .dropdown-toggle", "css:finder"], - ["xpath=//a[contains(text(),'Security')]", "xpath:link"], - ["xpath=//a[contains(@href, 'javascript:void(0)')]", "xpath:href"], - ["xpath=//li[2]/a", "xpath:position"], - ["xpath=//a[contains(.,'Security')]", "xpath:innerText"] - ], - "value": "" - }, { - "id": "eae04a24-21db-43bc-8a9f-91477a8a9354", - "comment": "", - "command": "click", - "target": "linkText=Resources", - "targets": [ - ["linkText=Resources", "linkText"], - ["css=.dropdown:nth-child(2) li:nth-child(6) > a", "css:finder"], - ["xpath=//a[contains(text(),'Resources')]", "xpath:link"], - ["xpath=//a[contains(@href, '/resources/list/')]", "xpath:href"], - ["xpath=//li[6]/a", "xpath:position"], - ["xpath=//a[contains(.,'Resources')]", "xpath:innerText"] - ], - "value": "" - }, { - "id": "959e2e11-22c6-4ea8-ae0f-1ca1f004b4df", - "comment": "", - "command": "mouseOver", - "target": "linkText=Security", - "targets": [ - ["linkText=Security", "linkText"], - ["css=.nav:nth-child(1) > .dropdown:nth-child(2) > .dropdown-toggle", "css:finder"], - ["xpath=//a[contains(text(),'Security')]", "xpath:link"], - ["xpath=//a[contains(@href, 'javascript:void(0)')]", "xpath:href"], - ["xpath=//li[2]/a", "xpath:position"], - ["xpath=//a[contains(.,'Security')]", "xpath:innerText"] - ], - "value": "" - }, { - "id": "9b479d7b-cd63-4706-b042-ed77465f509a", - "comment": "", - "command": "click", - "target": "linkText=Permissions", - "targets": [ - ["linkText=Permissions", "linkText"], - ["css=.dropdown:nth-child(2) li:nth-child(7) > a", "css:finder"], - ["xpath=//a[contains(text(),'Permissions')]", "xpath:link"], - ["xpath=//a[contains(@href, '/permissions/list/')]", "xpath:href"], - ["xpath=//li[7]/a", "xpath:position"], - ["xpath=//a[contains(.,'Permissions')]", "xpath:innerText"] - ], - "value": "" - }, { - "id": "3b73c194-591f-4315-9496-52990e56687b", - "comment": "", - "command": "mouseOver", - "target": "linkText=FL", - "targets": [ - ["linkText=FL", "linkText"], - ["css=.navbar-right > .dropdown:nth-child(2) > .dropdown-toggle", "css:finder"], - ["xpath=(//a[contains(@href, '#')])[7]", "xpath:href"], - ["xpath=//ul[2]/li[2]/a", "xpath:position"], - ["xpath=//a[contains(.,'FL\n ')]", "xpath:innerText"] - ], - "value": "" - }, { - "id": "257748d9-b617-46a5-b31f-88cfe60c56e8", - "comment": "", - "command": "click", - "target": "linkText=exit_to_appLog Out", - "targets": [ - ["linkText=exit_to_appLog Out", "linkText"], - ["css=.navbar-right > .dropdown:nth-child(2) li:nth-child(3) > a", "css:finder"], - ["xpath=//a[contains(@href, '/logout/')]", "xpath:href"], - ["xpath=//ul[2]/li[2]/ul/li[3]/a", "xpath:position"], - ["xpath=//a[contains(.,'exit_to_appLog Out')]", "xpath:innerText"] - ], - "value": "" - }] - }, { - "id": "210a57ed-eba1-4adc-a71f-266a2745cc04", - "name": "view-browse", - "commands": [{ - "id": "108e0c66-c2e0-4161-b45e-b7141019bc67", - "comment": "", - "command": "open", - "target": "/login/?next=http%3A%2F%2F172.31.36.230%3A8080%2Fhome", - "targets": [], - "value": "" - }, { - "id": "3b4dcaa0-0949-4781-b8e4-57786b2b4fe5", - "comment": "", - "command": "setWindowSize", - "target": "1200x1286", - "targets": [], - "value": "" - }, { - "id": "7a2c1def-2d42-40d5-be38-3a9a8ff30a63", - "comment": "", - "command": "type", - "target": "id=username", - "targets": [ - ["id=username", "id"], - ["name=username", "name"], - ["css=#username", "css:finder"], - ["xpath=//input[@id='username']", "xpath:attributes"], - ["xpath=//div[@id='loginbox']/div/div[2]/form/div[2]/div/div/input", "xpath:idRelative"], - ["xpath=//div/input", "xpath:position"] - ], - "value": "rf-test" - }, { - "id": "73334175-0d89-45c5-8fc2-a1dc94af8549", - "comment": "", - "command": "type", - "target": "id=password", - "targets": [ - ["id=password", "id"], - ["name=password", "name"], - ["css=#password", "css:finder"], - ["xpath=//input[@id='password']", "xpath:attributes"], - ["xpath=//div[@id='loginbox']/div/div[2]/form/div[2]/div/div[2]/input", "xpath:idRelative"], - ["xpath=//div[2]/input", "xpath:position"] - ], - "value": "rf_password123!" - }, { - "id": "4b1a47b3-be41-404b-9174-7cbe64df63dd", - "comment": "", - "command": "click", - "target": "css=.btn-primary", - "targets": [ - ["css=.btn-primary", "css:finder"], - ["xpath=//input[@value='Sign In']", "xpath:attributes"], - ["xpath=//div[@id='loginbox']/div/div[2]/form/div[3]/div/div/input", "xpath:idRelative"], - ["xpath=//div[3]/div/div/input", "xpath:position"] - ], - "value": "" - }, { - "id": "7ccc80e3-afa0-4444-8cca-331c8389c553", - "comment": "", - "command": "mouseOver", - "target": "linkText=Browse", - "targets": [ - ["linkText=Browse", "linkText"], - ["css=.dropdown:nth-child(3) > .dropdown-toggle", "css:finder"], - ["xpath=//a[contains(text(),'Browse')]", "xpath:link"], - ["xpath=(//a[contains(@href, 'javascript:void(0)')])[2]", "xpath:href"], - ["xpath=//div[2]/ul/li[3]/a", "xpath:position"], - ["xpath=//a[contains(.,'Browse')]", "xpath:innerText"] - ], - "value": "" - }, { - "id": "7fcfb079-6a9c-4042-8151-67952856b996", - "comment": "", - "command": "click", - "target": "linkText=DAG Runs", - "targets": [ - ["linkText=DAG Runs", "linkText"], - ["css=.dropdown:nth-child(3) li:nth-child(1) > a", "css:finder"], - ["xpath=//a[contains(text(),'DAG Runs')]", "xpath:link"], - ["xpath=//a[contains(@href, '/dagrun/list/')]", "xpath:href"], - ["xpath=//li[3]/ul/li/a", "xpath:position"], - ["xpath=//a[contains(.,'DAG Runs')]", "xpath:innerText"] - ], - "value": "" - }, { - "id": "dd990db9-f0f3-436d-9325-8c5512556c51", - "comment": "", - "command": "mouseOver", - "target": "linkText=Browse", - "targets": [ - ["linkText=Browse", "linkText"], - ["css=.dropdown:nth-child(3) > .dropdown-toggle", "css:finder"], - ["xpath=//a[contains(text(),'Browse')]", "xpath:link"], - ["xpath=(//a[contains(@href, 'javascript:void(0)')])[2]", "xpath:href"], - ["xpath=//div[2]/ul/li[3]/a", "xpath:position"], - ["xpath=//a[contains(.,'Browse')]", "xpath:innerText"] - ], - "value": "" - }, { - "id": "43aa0fa7-4afa-4636-b40f-4f5fd5678d7f", - "comment": "", - "command": "click", - "target": "linkText=Jobs", - "targets": [ - ["linkText=Jobs", "linkText"], - ["css=.dropdown:nth-child(3) li:nth-child(2) > a", "css:finder"], - ["xpath=//a[contains(text(),'Jobs')]", "xpath:link"], - ["xpath=//a[contains(@href, '/job/list/')]", "xpath:href"], - ["xpath=//li[3]/ul/li[2]/a", "xpath:position"], - ["xpath=//a[contains(.,'Jobs')]", "xpath:innerText"] - ], - "value": "" - }, { - "id": "4e5db979-c2ff-4c36-9c09-e1c87de938c0", - "comment": "", - "command": "click", - "target": "linkText=2", - "targets": [ - ["linkText=2", "linkText"], - ["css=.pagination > li:nth-child(4) > a", "css:finder"], - ["xpath=//a[contains(text(),'2')]", "xpath:link"], - ["xpath=//a[contains(@href, '/job/list/?page_JobModelView=1')]", "xpath:href"], - ["xpath=//div[2]/div/ul/li[4]/a", "xpath:position"] - ], - "value": "" - }, { - "id": "a254f539-edf2-484a-9e48-e5746842195b", - "comment": "", - "command": "click", - "target": "linkText=3", - "targets": [ - ["linkText=3", "linkText"], - ["css=.pagination > li:nth-child(5) > a", "css:finder"], - ["xpath=//a[contains(text(),'3')]", "xpath:link"], - ["xpath=//a[contains(@href, '/job/list/?page_JobModelView=2')]", "xpath:href"], - ["xpath=//div[2]/div/ul/li[5]/a", "xpath:position"], - ["xpath=//a[contains(.,'3')]", "xpath:innerText"] - ], - "value": "" - }, { - "id": "eae808fa-ce9b-4d06-acb2-599d70925eb6", - "comment": "", - "command": "mouseOver", - "target": "linkText=Browse", - "targets": [ - ["linkText=Browse", "linkText"], - ["css=.dropdown:nth-child(3) > .dropdown-toggle", "css:finder"], - ["xpath=//a[contains(text(),'Browse')]", "xpath:link"], - ["xpath=(//a[contains(@href, 'javascript:void(0)')])[2]", "xpath:href"], - ["xpath=//div[2]/ul/li[3]/a", "xpath:position"], - ["xpath=//a[contains(.,'Browse')]", "xpath:innerText"] - ], - "value": "" - }, { - "id": "a07c856b-4df1-4399-962d-6ed734f18a68", - "comment": "", - "command": "click", - "target": "linkText=Audit Logs", - "targets": [ - ["linkText=Audit Logs", "linkText"], - ["css=.dropdown:nth-child(3) li:nth-child(3) > a", "css:finder"], - ["xpath=//a[contains(text(),'Audit Logs')]", "xpath:link"], - ["xpath=//a[contains(@href, '/log/list/')]", "xpath:href"], - ["xpath=//li[3]/ul/li[3]/a", "xpath:position"], - ["xpath=//a[contains(.,'Audit Logs')]", "xpath:innerText"] - ], - "value": "" - }, { - "id": "8644bc4d-245e-480f-b76d-b027fec477d0", - "comment": "", - "command": "mouseOver", - "target": "linkText=Browse", - "targets": [ - ["linkText=Browse", "linkText"], - ["css=.dropdown:nth-child(3) > .dropdown-toggle", "css:finder"], - ["xpath=//a[contains(text(),'Browse')]", "xpath:link"], - ["xpath=(//a[contains(@href, 'javascript:void(0)')])[2]", "xpath:href"], - ["xpath=//div[2]/ul/li[3]/a", "xpath:position"], - ["xpath=//a[contains(.,'Browse')]", "xpath:innerText"] - ], - "value": "" - }, { - "id": "90aa7911-0971-40c6-a6f5-f7e353f095b1", - "comment": "", - "command": "click", - "target": "linkText=Task Instances", - "targets": [ - ["linkText=Task Instances", "linkText"], - ["css=.dropdown:nth-child(3) li:nth-child(4) > a", "css:finder"], - ["xpath=//a[contains(text(),'Task Instances')]", "xpath:link"], - ["xpath=//a[contains(@href, '/taskinstance/list/')]", "xpath:href"], - ["xpath=//li[4]/a", "xpath:position"], - ["xpath=//a[contains(.,'Task Instances')]", "xpath:innerText"] - ], - "value": "" - }, { - "id": "f0ce2e3d-b1e1-466a-9bdc-cdbb8cd255f2", - "comment": "", - "command": "click", - "target": "linkText=2", - "targets": [ - ["linkText=2", "linkText"], - ["css=.pagination > li:nth-child(4) > a", "css:finder"], - ["xpath=//a[contains(text(),'2')]", "xpath:link"], - ["xpath=//a[contains(@href, '/taskinstance/list/?page_TaskInstanceModelView=1')]", "xpath:href"], - ["xpath=//div[2]/div/ul/li[4]/a", "xpath:position"] - ], - "value": "" - }, { - "id": "b80ffa23-9e2b-425b-9fc9-40105e217c42", - "comment": "", - "command": "mouseOver", - "target": "linkText=Browse", - "targets": [ - ["linkText=Browse", "linkText"], - ["css=.dropdown:nth-child(3) > .dropdown-toggle", "css:finder"], - ["xpath=//a[contains(text(),'Browse')]", "xpath:link"], - ["xpath=(//a[contains(@href, 'javascript:void(0)')])[2]", "xpath:href"], - ["xpath=//div[2]/ul/li[3]/a", "xpath:position"], - ["xpath=//a[contains(.,'Browse')]", "xpath:innerText"] - ], - "value": "" - }, { - "id": "b11a362d-9e4f-45a7-b060-56525f7072d5", - "comment": "", - "command": "click", - "target": "linkText=Task Reschedules", - "targets": [ - ["linkText=Task Reschedules", "linkText"], - ["css=.dropdown:nth-child(3) li:nth-child(5) > a", "css:finder"], - ["xpath=//a[contains(text(),'Task Reschedules')]", "xpath:link"], - ["xpath=//a[contains(@href, '/taskreschedule/list/')]", "xpath:href"], - ["xpath=//li[3]/ul/li[5]/a", "xpath:position"], - ["xpath=//a[contains(.,'Task Reschedules')]", "xpath:innerText"] - ], - "value": "" - }, { - "id": "401f2b37-43d9-4b94-87fd-c38c3fd3ad8d", - "comment": "", - "command": "mouseOver", - "target": "linkText=Browse", - "targets": [ - ["linkText=Browse", "linkText"], - ["css=.dropdown:nth-child(3) > .dropdown-toggle", "css:finder"], - ["xpath=//a[contains(text(),'Browse')]", "xpath:link"], - ["xpath=(//a[contains(@href, 'javascript:void(0)')])[2]", "xpath:href"], - ["xpath=//div[2]/ul/li[3]/a", "xpath:position"], - ["xpath=//a[contains(.,'Browse')]", "xpath:innerText"] - ], - "value": "" - }, { - "id": "3d1074bf-0157-405f-81d3-89b5dab8a319", - "comment": "", - "command": "click", - "target": "linkText=Triggers", - "targets": [ - ["linkText=Triggers", "linkText"], - ["css=.dropdown:nth-child(3) li:nth-child(6) > a", "css:finder"], - ["xpath=//a[contains(text(),'Triggers')]", "xpath:link"], - ["xpath=//a[contains(@href, '/triggerview/list/')]", "xpath:href"], - ["xpath=//li[3]/ul/li[6]/a", "xpath:position"], - ["xpath=//a[contains(.,'Triggers')]", "xpath:innerText"] - ], - "value": "" - }, { - "id": "6d1d7136-b921-483d-9c38-5e015cf1f3cf", - "comment": "", - "command": "mouseOver", - "target": "linkText=Browse", - "targets": [ - ["linkText=Browse", "linkText"], - ["css=.dropdown:nth-child(3) > .dropdown-toggle", "css:finder"], - ["xpath=//a[contains(text(),'Browse')]", "xpath:link"], - ["xpath=(//a[contains(@href, 'javascript:void(0)')])[2]", "xpath:href"], - ["xpath=//div[2]/ul/li[3]/a", "xpath:position"], - ["xpath=//a[contains(.,'Browse')]", "xpath:innerText"] - ], - "value": "" - }, { - "id": "0e15307d-b5d4-4ae6-8b9f-cce59a96d347", - "comment": "", - "command": "click", - "target": "linkText=SLA Misses", - "targets": [ - ["linkText=SLA Misses", "linkText"], - ["css=.dropdown:nth-child(3) li:nth-child(7) > a", "css:finder"], - ["xpath=//a[contains(text(),'SLA Misses')]", "xpath:link"], - ["xpath=//a[contains(@href, '/slamiss/list/')]", "xpath:href"], - ["xpath=//li[3]/ul/li[7]/a", "xpath:position"], - ["xpath=//a[contains(.,'SLA Misses')]", "xpath:innerText"] - ], - "value": "" - }, { - "id": "ed38201b-9ea8-4a40-919e-632590052974", - "comment": "", - "command": "mouseOver", - "target": "linkText=Browse", - "targets": [ - ["linkText=Browse", "linkText"], - ["css=.dropdown:nth-child(3) > .dropdown-toggle", "css:finder"], - ["xpath=//a[contains(text(),'Browse')]", "xpath:link"], - ["xpath=(//a[contains(@href, 'javascript:void(0)')])[2]", "xpath:href"], - ["xpath=//div[2]/ul/li[3]/a", "xpath:position"], - ["xpath=//a[contains(.,'Browse')]", "xpath:innerText"] - ], - "value": "" - }, { - "id": "2954c362-0734-403a-b38b-0543bb424ffd", - "comment": "", - "command": "click", - "target": "linkText=DAG Dependencies", - "targets": [ - ["linkText=DAG Dependencies", "linkText"], - ["css=li:nth-child(8) > a", "css:finder"], - ["xpath=//a[contains(text(),'DAG Dependencies')]", "xpath:link"], - ["xpath=//a[contains(@href, '/dag-dependencies')]", "xpath:href"], - ["xpath=//li[8]/a", "xpath:position"], - ["xpath=//a[contains(.,'DAG Dependencies')]", "xpath:innerText"] - ], - "value": "" - }, { - "id": "57bc755a-2b19-4a12-a2bc-8066e7d9fb3e", - "comment": "", - "command": "mouseOver", - "target": "css=.navbar-user-icon > span", - "targets": [ - ["css=.navbar-user-icon > span", "css:finder"], - ["xpath=//span/span", "xpath:position"] - ], - "value": "" - }, { - "id": "ebb5974a-64ef-4754-81ea-621e7c276594", - "comment": "", - "command": "click", - "target": "linkText=exit_to_appLog Out", - "targets": [ - ["linkText=exit_to_appLog Out", "linkText"], - ["css=.navbar-right > .dropdown:nth-child(2) li:nth-child(3) > a", "css:finder"], - ["xpath=//a[contains(@href, '/logout/')]", "xpath:href"], - ["xpath=//ul[2]/li[2]/ul/li[3]/a", "xpath:position"], - ["xpath=//a[contains(.,'exit_to_appLog Out')]", "xpath:innerText"] - ], - "value": "" - }] - }, { - "id": "34364c6a-2c61-4ba1-956f-493bfa972061", - "name": "test-admin", - "commands": [{ - "id": "c025a704-892f-4b1f-bd17-6e7df351b6a1", - "comment": "", - "command": "open", - "target": "/login/?next=http%3A%2F%2F172.31.36.230%3A8080%2Fhome", - "targets": [], - "value": "" - }, { - "id": "6c237660-786c-4ef3-9003-0ff0426f6229", - "comment": "", - "command": "setWindowSize", - "target": "1200x1286", - "targets": [], - "value": "" - }, { - "id": "49424ffd-ec36-4715-9f54-d21e7b9b745a", - "comment": "", - "command": "type", - "target": "id=username", - "targets": [ - ["id=username", "id"], - ["name=username", "name"], - ["css=#username", "css:finder"], - ["xpath=//input[@id='username']", "xpath:attributes"], - ["xpath=//div[@id='loginbox']/div/div[2]/form/div[2]/div/div/input", "xpath:idRelative"], - ["xpath=//div/input", "xpath:position"] - ], - "value": "rf-test" - }, { - "id": "ed3bcf26-1899-4963-86c7-62bb5131baa6", - "comment": "", - "command": "type", - "target": "id=password", - "targets": [ - ["id=password", "id"], - ["name=password", "name"], - ["css=#password", "css:finder"], - ["xpath=//input[@id='password']", "xpath:attributes"], - ["xpath=//div[@id='loginbox']/div/div[2]/form/div[2]/div/div[2]/input", "xpath:idRelative"], - ["xpath=//div[2]/input", "xpath:position"] - ], - "value": "rf_password123!" - }, { - "id": "4c2b270c-17ad-44a9-9f84-d07e8fb74c3a", - "comment": "", - "command": "click", - "target": "css=.btn-primary", - "targets": [ - ["css=.btn-primary", "css:finder"], - ["xpath=//input[@value='Sign In']", "xpath:attributes"], - ["xpath=//div[@id='loginbox']/div/div[2]/form/div[3]/div/div/input", "xpath:idRelative"], - ["xpath=//div[3]/div/div/input", "xpath:position"] - ], - "value": "" - }, { - "id": "26ecf8d7-5c4a-4ba6-b59d-3e1451b1e53c", - "comment": "", - "command": "mouseOver", - "target": "linkText=Admin", - "targets": [ - ["linkText=Admin", "linkText"], - ["css=.dropdown:nth-child(4) > .dropdown-toggle", "css:finder"], - ["xpath=//a[contains(text(),'Admin')]", "xpath:link"], - ["xpath=(//a[contains(@href, 'javascript:void(0)')])[3]", "xpath:href"], - ["xpath=//div[2]/ul/li[4]/a", "xpath:position"], - ["xpath=//a[contains(.,'Admin')]", "xpath:innerText"] - ], - "value": "" - }, { - "id": "fc64018b-66b5-45ba-9c9c-cff9c5f438e5", - "comment": "", - "command": "click", - "target": "linkText=Variables", - "targets": [ - ["linkText=Variables", "linkText"], - ["css=.dropdown:nth-child(4) li:nth-child(1) > a", "css:finder"], - ["xpath=//a[contains(text(),'Variables')]", "xpath:link"], - ["xpath=//a[contains(@href, '/variable/list/')]", "xpath:href"], - ["xpath=//li[4]/ul/li/a", "xpath:position"], - ["xpath=//a[contains(.,'Variables')]", "xpath:innerText"] - ], - "value": "" - }, { - "id": "2a39a000-7f6b-43ae-a7b7-b715d4346e6e", - "comment": "", - "command": "mouseOver", - "target": "linkText=Admin", - "targets": [ - ["linkText=Admin", "linkText"], - ["css=.dropdown:nth-child(4) > .dropdown-toggle", "css:finder"], - ["xpath=//a[contains(text(),'Admin')]", "xpath:link"], - ["xpath=(//a[contains(@href, 'javascript:void(0)')])[3]", "xpath:href"], - ["xpath=//div[2]/ul/li[4]/a", "xpath:position"], - ["xpath=//a[contains(.,'Admin')]", "xpath:innerText"] - ], - "value": "" - }, { - "id": "6e546d77-48cb-4e81-9075-ae39906eebab", - "comment": "", - "command": "click", - "target": "linkText=Configurations", - "targets": [ - ["linkText=Configurations", "linkText"], - ["css=.dropdown:nth-child(4) li:nth-child(2) > a", "css:finder"], - ["xpath=//a[contains(text(),'Configurations')]", "xpath:link"], - ["xpath=//a[contains(@href, '/configuration')]", "xpath:href"], - ["xpath=//li[4]/ul/li[2]/a", "xpath:position"], - ["xpath=//a[contains(.,'Configurations')]", "xpath:innerText"] - ], - "value": "" - }, { - "id": "a3d1f773-8ff1-4f30-9d1f-f69677b06c04", - "comment": "", - "command": "mouseOver", - "target": "linkText=Admin", - "targets": [ - ["linkText=Admin", "linkText"], - ["css=.dropdown:nth-child(4) > .dropdown-toggle", "css:finder"], - ["xpath=//a[contains(text(),'Admin')]", "xpath:link"], - ["xpath=(//a[contains(@href, 'javascript:void(0)')])[3]", "xpath:href"], - ["xpath=//div[2]/ul/li[4]/a", "xpath:position"], - ["xpath=//a[contains(.,'Admin')]", "xpath:innerText"] - ], - "value": "" - }, { - "id": "9c3d5fce-5fd8-4fce-af57-9dbc1a6e8f38", - "comment": "", - "command": "click", - "target": "linkText=Connections", - "targets": [ - ["linkText=Connections", "linkText"], - ["css=.dropdown:nth-child(4) li:nth-child(3) > a", "css:finder"], - ["xpath=//a[contains(text(),'Connections')]", "xpath:link"], - ["xpath=//a[contains(@href, '/connection/list/')]", "xpath:href"], - ["xpath=//li[4]/ul/li[3]/a", "xpath:position"], - ["xpath=//a[contains(.,'Connections')]", "xpath:innerText"] - ], - "value": "" - }, { - "id": "4f346035-2387-4600-aefc-5f1c1bcf66f3", - "comment": "", - "command": "mouseOver", - "target": "linkText=Admin", - "targets": [ - ["linkText=Admin", "linkText"], - ["css=.dropdown:nth-child(4) > .dropdown-toggle", "css:finder"], - ["xpath=//a[contains(text(),'Admin')]", "xpath:link"], - ["xpath=(//a[contains(@href, 'javascript:void(0)')])[3]", "xpath:href"], - ["xpath=//div[2]/ul/li[4]/a", "xpath:position"], - ["xpath=//a[contains(.,'Admin')]", "xpath:innerText"] - ], - "value": "" - }, { - "id": "726370af-681e-4f4b-8160-ca948fe87428", - "comment": "", - "command": "click", - "target": "linkText=Plugins", - "targets": [ - ["linkText=Plugins", "linkText"], - ["css=.dropdown:nth-child(4) li:nth-child(4) > a", "css:finder"], - ["xpath=//a[contains(text(),'Plugins')]", "xpath:link"], - ["xpath=//a[contains(@href, '/plugin')]", "xpath:href"], - ["xpath=//li[4]/ul/li[4]/a", "xpath:position"], - ["xpath=//a[contains(.,'Plugins')]", "xpath:innerText"] - ], - "value": "" - }, { - "id": "7e6a0d1f-3134-40b6-a2bb-8505d0e6761f", - "comment": "", - "command": "mouseOver", - "target": "linkText=Admin", - "targets": [ - ["linkText=Admin", "linkText"], - ["css=.dropdown:nth-child(4) > .dropdown-toggle", "css:finder"], - ["xpath=//a[contains(text(),'Admin')]", "xpath:link"], - ["xpath=(//a[contains(@href, 'javascript:void(0)')])[3]", "xpath:href"], - ["xpath=//div[2]/ul/li[4]/a", "xpath:position"], - ["xpath=//a[contains(.,'Admin')]", "xpath:innerText"] - ], - "value": "" - }, { - "id": "1b26c7b1-67a8-41e7-9cc3-4ad4aefa150b", - "comment": "", - "command": "click", - "target": "linkText=Providers", - "targets": [ - ["linkText=Providers", "linkText"], - ["css=.dropdown:nth-child(4) li:nth-child(5) > a", "css:finder"], - ["xpath=//a[contains(text(),'Providers')]", "xpath:link"], - ["xpath=//a[contains(@href, '/provider')]", "xpath:href"], - ["xpath=//li[4]/ul/li[5]/a", "xpath:position"], - ["xpath=//a[contains(.,'Providers')]", "xpath:innerText"] - ], - "value": "" - }, { - "id": "d5730038-47aa-459f-8b07-35b62ab26c05", - "comment": "", - "command": "mouseOver", - "target": "linkText=Admin", - "targets": [ - ["linkText=Admin", "linkText"], - ["css=.dropdown:nth-child(4) > .dropdown-toggle", "css:finder"], - ["xpath=//a[contains(text(),'Admin')]", "xpath:link"], - ["xpath=(//a[contains(@href, 'javascript:void(0)')])[3]", "xpath:href"], - ["xpath=//div[2]/ul/li[4]/a", "xpath:position"], - ["xpath=//a[contains(.,'Admin')]", "xpath:innerText"] - ], - "value": "" - }, { - "id": "59cc72fb-c120-4d55-a11a-46c324cb6123", - "comment": "", - "command": "click", - "target": "linkText=Pools", - "targets": [ - ["linkText=Pools", "linkText"], - ["css=.dropdown:nth-child(4) li:nth-child(6) > a", "css:finder"], - ["xpath=//a[contains(text(),'Pools')]", "xpath:link"], - ["xpath=//a[contains(@href, '/pool/list/')]", "xpath:href"], - ["xpath=//li[4]/ul/li[6]/a", "xpath:position"], - ["xpath=//a[contains(.,'Pools')]", "xpath:innerText"] - ], - "value": "" - }, { - "id": "9798d5ce-1b9d-4a33-aeb5-76630febbf48", - "comment": "", - "command": "mouseOver", - "target": "linkText=Admin", - "targets": [ - ["linkText=Admin", "linkText"], - ["css=.dropdown:nth-child(4) > .dropdown-toggle", "css:finder"], - ["xpath=//a[contains(text(),'Admin')]", "xpath:link"], - ["xpath=(//a[contains(@href, 'javascript:void(0)')])[3]", "xpath:href"], - ["xpath=//div[2]/ul/li[4]/a", "xpath:position"], - ["xpath=//a[contains(.,'Admin')]", "xpath:innerText"] - ], - "value": "" - }, { - "id": "2455c759-43fc-4053-b13c-2be2e20231db", - "comment": "", - "command": "click", - "target": "linkText=XComs", - "targets": [ - ["linkText=XComs", "linkText"], - ["css=.dropdown:nth-child(4) li:nth-child(7) > a", "css:finder"], - ["xpath=//a[contains(text(),'XComs')]", "xpath:link"], - ["xpath=//a[contains(@href, '/xcom/list/')]", "xpath:href"], - ["xpath=//li[4]/ul/li[7]/a", "xpath:position"], - ["xpath=//a[contains(.,'XComs')]", "xpath:innerText"] - ], - "value": "" - }, { - "id": "db3abae9-d3bc-4287-943c-8901a1ab19d5", - "comment": "", - "command": "click", - "target": "linkText=2", - "targets": [ - ["linkText=2", "linkText"], - ["css=.pagination > li:nth-child(4) > a", "css:finder"], - ["xpath=//a[contains(text(),'2')]", "xpath:link"], - ["xpath=//a[contains(@href, '/xcom/list/?page_XComModelView=1')]", "xpath:href"], - ["xpath=//div[2]/div/ul/li[4]/a", "xpath:position"] - ], - "value": "" - }, { - "id": "e4e6b4d0-d0e8-4c65-8d65-d7e52c3700d2", - "comment": "", - "command": "mouseOver", - "target": "css=.navbar-user-icon > span", - "targets": [ - ["css=.navbar-user-icon > span", "css:finder"], - ["xpath=//span/span", "xpath:position"] - ], - "value": "" - }, { - "id": "3fcc8bc8-811b-4859-a7ec-d6d4ff7faaf3", - "comment": "", - "command": "click", - "target": "linkText=exit_to_appLog Out", - "targets": [ - ["linkText=exit_to_appLog Out", "linkText"], - ["css=.navbar-right > .dropdown:nth-child(2) li:nth-child(3) > a", "css:finder"], - ["xpath=//a[contains(@href, '/logout/')]", "xpath:href"], - ["xpath=//ul[2]/li[2]/ul/li[3]/a", "xpath:position"], - ["xpath=//a[contains(.,'exit_to_appLog Out')]", "xpath:innerText"] - ], - "value": "" - }] - }, { - "id": "a61723b5-71f2-4f32-a7d0-95fc037a2fd4", - "name": "test-docs", - "commands": [{ - "id": "e0e78768-61dd-4ac7-aa7e-b8375c113d42", - "comment": "", - "command": "open", - "target": "/login/?next=http%3A%2F%2F172.31.36.230%3A8080%2Fhome", - "targets": [], - "value": "" - }, { - "id": "8e1297fd-d906-4aab-ad92-da00d71325f6", - "comment": "", - "command": "setWindowSize", - "target": "1200x1286", - "targets": [], - "value": "" - }, { - "id": "8652a493-0598-45d0-b6dc-7d26216cdd0a", - "comment": "", - "command": "type", - "target": "id=username", - "targets": [ - ["id=username", "id"], - ["name=username", "name"], - ["css=#username", "css:finder"], - ["xpath=//input[@id='username']", "xpath:attributes"], - ["xpath=//div[@id='loginbox']/div/div[2]/form/div[2]/div/div/input", "xpath:idRelative"], - ["xpath=//div/input", "xpath:position"] - ], - "value": "rf-test" - }, { - "id": "2b2e5049-805b-42d9-907d-b625821f8cdb", - "comment": "", - "command": "type", - "target": "id=password", - "targets": [ - ["id=password", "id"], - ["name=password", "name"], - ["css=#password", "css:finder"], - ["xpath=//input[@id='password']", "xpath:attributes"], - ["xpath=//div[@id='loginbox']/div/div[2]/form/div[2]/div/div[2]/input", "xpath:idRelative"], - ["xpath=//div[2]/input", "xpath:position"] - ], - "value": "rf_password123!" - }, { - "id": "39df11d8-d9c0-4f79-94b8-8882409b34a8", - "comment": "", - "command": "sendKeys", - "target": "id=password", - "targets": [ - ["id=password", "id"], - ["name=password", "name"], - ["css=#password", "css:finder"], - ["xpath=//input[@id='password']", "xpath:attributes"], - ["xpath=//div[@id='loginbox']/div/div[2]/form/div[2]/div/div[2]/input", "xpath:idRelative"], - ["xpath=//div[2]/input", "xpath:position"] - ], - "value": "${KEY_ENTER}" - }, { - "id": "79dbb5a0-9224-4846-b61c-bb9a3a8f6c55", - "comment": "", - "command": "mouseOver", - "target": "linkText=Docs", - "targets": [ - ["linkText=Docs", "linkText"], - ["css=.dropdown:nth-child(5) > .dropdown-toggle", "css:finder"], - ["xpath=//a[contains(text(),'Docs')]", "xpath:link"], - ["xpath=(//a[contains(@href, 'javascript:void(0)')])[4]", "xpath:href"], - ["xpath=//div[2]/ul/li[5]/a", "xpath:position"], - ["xpath=//a[contains(.,'Docs')]", "xpath:innerText"] - ], - "value": "" - }, { - "id": "eed63b1e-ccae-42be-a5da-6c367452d64c", - "comment": "", - "command": "click", - "target": "linkText=REST API Reference (Swagger UI)", - "targets": [ - ["linkText=REST API Reference (Swagger UI)", "linkText"], - ["css=.dropdown:nth-child(5) li:nth-child(4) > a", "css:finder"], - ["xpath=//a[contains(text(),'REST API Reference (Swagger UI)')]", "xpath:link"], - ["xpath=//a[contains(@href, '/api/v1/ui/')]", "xpath:href"], - ["xpath=//li[5]/ul/li[4]/a", "xpath:position"], - ["xpath=//a[contains(.,'REST API Reference (Swagger UI)')]", "xpath:innerText"] - ], - "value": "" - }, { - "id": "bf981a40-4fe6-474a-9f96-3bb0ab680981", - "comment": "", - "command": "open", - "target": "/home", - "targets": [], - "value": "" - }, { - "id": "8cf59b96-1090-429d-8696-9fa0b123e913", - "comment": "", - "command": "mouseOver", - "target": "css=.dropdown:nth-child(5) .caret", - "targets": [ - ["css=.dropdown:nth-child(5) .caret", "css:finder"], - ["xpath=//li[5]/a/b", "xpath:position"] - ], - "value": "" - }, { - "id": "eb156e5a-ded5-42cc-99ba-32afb1e9568f", - "comment": "", - "command": "click", - "target": "linkText=REST API Reference (Redoc)", - "targets": [ - ["linkText=REST API Reference (Redoc)", "linkText"], - ["css=.dropdown:nth-child(5) li:nth-child(5) > a", "css:finder"], - ["xpath=//a[contains(text(),'REST API Reference (Redoc)')]", "xpath:link"], - ["xpath=//a[contains(@href, '/redoc')]", "xpath:href"], - ["xpath=//li[5]/ul/li[5]/a", "xpath:position"], - ["xpath=//a[contains(.,'REST API Reference (Redoc)')]", "xpath:innerText"] - ], - "value": "" - }, { - "id": "beb8950b-b825-4a5a-b5d6-f8141c4200e8", - "comment": "", - "command": "open", - "target": "/home", - "targets": [], - "value": "" - }, { - "id": "a874d4fc-d4bc-4e17-b103-65de1813af21", - "comment": "", - "command": "mouseOver", - "target": "css=.navbar-user-icon > span", - "targets": [ - ["css=.navbar-user-icon > span", "css:finder"], - ["xpath=//span/span", "xpath:position"] - ], - "value": "" - }, { - "id": "a405a102-f70d-4b9f-b19e-4e1d51e3d5d6", - "comment": "", - "command": "click", - "target": "linkText=exit_to_appLog Out", - "targets": [ - ["linkText=exit_to_appLog Out", "linkText"], - ["css=.navbar-right > .dropdown:nth-child(2) li:nth-child(3) > a", "css:finder"], - ["xpath=//a[contains(@href, '/logout/')]", "xpath:href"], - ["xpath=//ul[2]/li[2]/ul/li[3]/a", "xpath:position"], - ["xpath=//a[contains(.,'exit_to_appLog Out')]", "xpath:innerText"] - ], - "value": "" - }] - }], - "suites": [{ - "id": "85e0b6e8-8166-406f-b074-a857c6f11512", - "name": "Default Suite", - "persistSession": false, - "parallel": false, - "timeout": 300, - "tests": [] - }], - "urls": ["http://172.31.36.230:8080/"], - "plugins": [] -} \ No newline at end of file diff --git a/community_images/airflow/airflow/bitnami/selenium_tests/conftest.py b/community_images/airflow/airflow/bitnami/selenium_tests/conftest.py deleted file mode 100644 index ce945b43c0..0000000000 --- a/community_images/airflow/airflow/bitnami/selenium_tests/conftest.py +++ /dev/null @@ -1,23 +0,0 @@ -"""The conftest file for running selenium test.""" -# pylint: skip-file - -# conftest.py -import pytest # pylint: disable=import-error - - -def pytest_addoption(parser): - """The function to add options""" - parser.addoption("--server", action="store", help="wordpress server") - parser.addoption("--port", action="store", - help="port for wordpress container") - - -@pytest.fixture -def params(request): - """the params""" - config_params = {} - config_params['server'] = request.config.getoption('--server') - config_params['port'] = request.config.getoption('--port') - if config_params['server'] is None or config_params['port'] is None: - pytest.skip() - return config_params diff --git a/community_images/airflow/airflow/bitnami/selenium_tests/test_enablealldags.py b/community_images/airflow/airflow/bitnami/selenium_tests/test_enablealldags.py deleted file mode 100644 index 41499cb434..0000000000 --- a/community_images/airflow/airflow/bitnami/selenium_tests/test_enablealldags.py +++ /dev/null @@ -1,114 +0,0 @@ -# Generated by Selenium IDE -# pylint: skip-file - -import pytest -import time -import json -from selenium import webdriver -from selenium.webdriver.chrome.options import Options -from selenium.webdriver.common.by import By -from selenium.webdriver.common.action_chains import ActionChains -from selenium.webdriver.support import expected_conditions -from selenium.webdriver.support.wait import WebDriverWait -from selenium.webdriver.common.keys import Keys -from selenium.webdriver.common.desired_capabilities import DesiredCapabilities - - -class TestEnablealldags(): - def setup_method(self, method): # pylint: disable=unused-argument - """setup method.""" - chrome_options = Options() - chrome_options.add_argument("--headless") - chrome_options.add_argument('--disable-dev-shm-usage') - chrome_options.add_argument("disable-infobars") - chrome_options.add_argument("--disable-extensions") - chrome_options.add_argument("--disable-gpu") - chrome_options.add_argument("--no-sandbox") - self.driver = webdriver.Chrome( - options=chrome_options) # pylint: disable=attribute-defined-outside-init - self.driver.implicitly_wait(10) - - def teardown_method(self, method): # pylint: disable=unused-argument - """teardown method.""" - self.driver.quit() - - def test_enablealldags(self, params): - self.driver.get( - "http://{}:{}/".format( - params["server"], - params["port"])) # pylint: disable=consider-using-f-string - self.driver.set_window_size(1440, 790) - self.driver.find_element(By.ID, "username").send_keys("rf-test") - self.driver.find_element( - By.ID, "password").send_keys("rf_password123!") - self.driver.find_element(By.CSS_SELECTOR, ".btn-primary").click() - element = self.driver.find_element( - By.CSS_SELECTOR, ".active:nth-child(2) .material-icons") - actions = ActionChains(self.driver) - actions.move_to_element(element).perform() - element = self.driver.find_element(By.CSS_SELECTOR, "body") - actions = ActionChains(self.driver) - actions.move_to_element(element).perform() - self.driver.find_element( - By.CSS_SELECTOR, "tr:nth-child(1) .switch").click() - self.driver.find_element( - By.CSS_SELECTOR, "tr:nth-child(2) .switch").click() - self.driver.find_element( - By.CSS_SELECTOR, "tr:nth-child(3) .switch").click() - self.driver.find_element( - By.CSS_SELECTOR, "tr:nth-child(4) .switch").click() - self.driver.find_element( - By.CSS_SELECTOR, "tr:nth-child(5) .switch").click() - self.driver.find_element( - By.CSS_SELECTOR, "tr:nth-child(6) .switch").click() - self.driver.find_element( - By.CSS_SELECTOR, "tr:nth-child(7) > td:nth-child(1)").click() - self.driver.find_element( - By.CSS_SELECTOR, "tr:nth-child(7) .switch").click() - self.driver.find_element( - By.CSS_SELECTOR, "tr:nth-child(8) .switch").click() - self.driver.execute_script("window.scrollTo(0,624)") - self.driver.execute_script("window.scrollTo(0,567)") - self.driver.find_element( - By.CSS_SELECTOR, "tr:nth-child(9) .switch").click() - self.driver.find_element( - By.CSS_SELECTOR, "tr:nth-child(10) .switch").click() - self.driver.find_element( - By.CSS_SELECTOR, "tr:nth-child(11) .switch").click() - self.driver.find_element( - By.CSS_SELECTOR, "tr:nth-child(12) .switch").click() - self.driver.find_element( - By.CSS_SELECTOR, "tr:nth-child(13) .switch").click() - self.driver.find_element( - By.CSS_SELECTOR, "tr:nth-child(14) .switch").click() - self.driver.find_element( - By.CSS_SELECTOR, "tr:nth-child(15) .switch").click() - self.driver.find_element( - By.CSS_SELECTOR, "tr:nth-child(16) .switch").click() - self.driver.find_element( - By.CSS_SELECTOR, "tr:nth-child(17) .switch").click() - self.driver.find_element( - By.CSS_SELECTOR, "tr:nth-child(18) .switch").click() - self.driver.execute_script("window.scrollTo(0,895)") - self.driver.find_element( - By.CSS_SELECTOR, "tr:nth-child(19) .switch").click() - self.driver.find_element( - By.CSS_SELECTOR, "tr:nth-child(20) .switch").click() - self.driver.find_element( - By.CSS_SELECTOR, "tr:nth-child(21) .switch").click() - self.driver.find_element( - By.CSS_SELECTOR, "tr:nth-child(22) .switch").click() - self.driver.find_element( - By.CSS_SELECTOR, "tr:nth-child(23) .switch").click() - self.driver.find_element( - By.CSS_SELECTOR, "tr:nth-child(24) .switch").click() - element = self.driver.find_element(By.LINK_TEXT, "‹") - actions = ActionChains(self.driver) - actions.move_to_element(element).perform() - self.driver.find_element( - By.CSS_SELECTOR, "tr:nth-child(25) .switch").click() - self.driver.find_element( - By.CSS_SELECTOR, "tr:nth-child(26) .switch").click() - self.driver.find_element( - By.CSS_SELECTOR, "tr:nth-child(27) .switch").click() - self.driver.close() diff --git a/community_images/airflow/airflow/bitnami/selenium_tests/test_testadmin.py b/community_images/airflow/airflow/bitnami/selenium_tests/test_testadmin.py deleted file mode 100644 index f53c24d809..0000000000 --- a/community_images/airflow/airflow/bitnami/selenium_tests/test_testadmin.py +++ /dev/null @@ -1,78 +0,0 @@ -# Generated by Selenium IDE -# pylint: skip-file - -import pytest -import time -import json -from selenium import webdriver -from selenium.webdriver.chrome.options import Options -from selenium.webdriver.common.by import By -from selenium.webdriver.common.action_chains import ActionChains -from selenium.webdriver.support import expected_conditions -from selenium.webdriver.support.wait import WebDriverWait -from selenium.webdriver.common.keys import Keys -from selenium.webdriver.common.desired_capabilities import DesiredCapabilities - - -class TestTestadmin(): - def setup_method(self, method): # pylint: disable=unused-argument - """setup method.""" - chrome_options = Options() - chrome_options.add_argument("--headless") - chrome_options.add_argument('--disable-dev-shm-usage') - chrome_options.add_argument("disable-infobars") - chrome_options.add_argument("--disable-extensions") - chrome_options.add_argument("--disable-gpu") - chrome_options.add_argument("--no-sandbox") - self.driver = webdriver.Chrome( - options=chrome_options) # pylint: disable=attribute-defined-outside-init - self.driver.implicitly_wait(10) - - def teardown_method(self, method): # pylint: disable=unused-argument - """teardown method.""" - self.driver.quit() - - def test_testadmin(self, params): - self.driver.get( - "http://{}:{}/".format( - params["server"], - params["port"])) # pylint: disable=consider-using-f-string - self.driver.set_window_size(1200, 1286) - self.driver.find_element(By.ID, "username").send_keys("rf-test") - self.driver.find_element( - By.ID, "password").send_keys("rf_password123!") - self.driver.find_element(By.CSS_SELECTOR, ".btn-primary").click() - element = self.driver.find_element(By.LINK_TEXT, "Admin") - actions = ActionChains(self.driver) - actions.move_to_element(element).perform() - self.driver.find_element(By.LINK_TEXT, "Variables").click() - element = self.driver.find_element(By.LINK_TEXT, "Admin") - actions = ActionChains(self.driver) - actions.move_to_element(element).perform() - self.driver.find_element(By.LINK_TEXT, "Configurations").click() - element = self.driver.find_element(By.LINK_TEXT, "Admin") - actions = ActionChains(self.driver) - actions.move_to_element(element).perform() - self.driver.find_element(By.LINK_TEXT, "Connections").click() - element = self.driver.find_element(By.LINK_TEXT, "Admin") - actions = ActionChains(self.driver) - actions.move_to_element(element).perform() - self.driver.find_element(By.LINK_TEXT, "Plugins").click() - element = self.driver.find_element(By.LINK_TEXT, "Admin") - actions = ActionChains(self.driver) - actions.move_to_element(element).perform() - self.driver.find_element(By.LINK_TEXT, "Providers").click() - element = self.driver.find_element(By.LINK_TEXT, "Admin") - actions = ActionChains(self.driver) - actions.move_to_element(element).perform() - self.driver.find_element(By.LINK_TEXT, "Pools").click() - element = self.driver.find_element(By.LINK_TEXT, "Admin") - actions = ActionChains(self.driver) - actions.move_to_element(element).perform() - self.driver.find_element(By.LINK_TEXT, "XComs").click() - element = self.driver.find_element( - By.CSS_SELECTOR, ".navbar-user-icon > span") - actions = ActionChains(self.driver) - actions.move_to_element(element).perform() - self.driver.find_element(By.LINK_TEXT, "exit_to_appLog Out").click() - self.driver.close() diff --git a/community_images/airflow/airflow/bitnami/selenium_tests/test_viewbrowse.py b/community_images/airflow/airflow/bitnami/selenium_tests/test_viewbrowse.py deleted file mode 100644 index 7416ba376e..0000000000 --- a/community_images/airflow/airflow/bitnami/selenium_tests/test_viewbrowse.py +++ /dev/null @@ -1,83 +0,0 @@ -# Generated by Selenium IDE -# pylint: skip-file - -import pytest -import time -import json -from selenium import webdriver -from selenium.webdriver.chrome.options import Options -from selenium.webdriver.common.by import By -from selenium.webdriver.common.action_chains import ActionChains -from selenium.webdriver.support import expected_conditions -from selenium.webdriver.support.wait import WebDriverWait -from selenium.webdriver.common.keys import Keys -from selenium.webdriver.common.desired_capabilities import DesiredCapabilities - - -class TestViewbrowse(): - def setup_method(self, method): # pylint: disable=unused-argument - """setup method.""" - chrome_options = Options() - chrome_options.add_argument("--headless") - chrome_options.add_argument('--disable-dev-shm-usage') - chrome_options.add_argument("disable-infobars") - chrome_options.add_argument("--disable-extensions") - chrome_options.add_argument("--disable-gpu") - chrome_options.add_argument("--no-sandbox") - self.driver = webdriver.Chrome( - options=chrome_options) # pylint: disable=attribute-defined-outside-init - self.driver.implicitly_wait(10) - - def teardown_method(self, method): # pylint: disable=unused-argument - """teardown method.""" - self.driver.quit() - - def test_viewbrowse(self, params): - self.driver.get( - "http://{}:{}/".format( - params["server"], - params["port"])) # pylint: disable=consider-using-f-string - self.driver.set_window_size(1200, 1286) - self.driver.find_element(By.ID, "username").send_keys("rf-test") - self.driver.find_element( - By.ID, "password").send_keys("rf_password123!") - self.driver.find_element(By.CSS_SELECTOR, ".btn-primary").click() - element = self.driver.find_element(By.LINK_TEXT, "Browse") - actions = ActionChains(self.driver) - actions.move_to_element(element).perform() - self.driver.find_element(By.LINK_TEXT, "DAG Runs").click() - element = self.driver.find_element(By.LINK_TEXT, "Browse") - actions = ActionChains(self.driver) - actions.move_to_element(element).perform() - self.driver.find_element(By.LINK_TEXT, "Jobs").click() - element = self.driver.find_element(By.LINK_TEXT, "Browse") - actions = ActionChains(self.driver) - actions.move_to_element(element).perform() - self.driver.find_element(By.LINK_TEXT, "Audit Logs").click() - element = self.driver.find_element(By.LINK_TEXT, "Browse") - actions = ActionChains(self.driver) - actions.move_to_element(element).perform() - self.driver.find_element(By.LINK_TEXT, "Task Instances").click() - self.driver.find_element(By.LINK_TEXT, "2").click() - element = self.driver.find_element(By.LINK_TEXT, "Browse") - actions = ActionChains(self.driver) - actions.move_to_element(element).perform() - self.driver.find_element(By.LINK_TEXT, "Task Reschedules").click() - element = self.driver.find_element(By.LINK_TEXT, "Browse") - actions = ActionChains(self.driver) - actions.move_to_element(element).perform() - self.driver.find_element(By.LINK_TEXT, "Triggers").click() - element = self.driver.find_element(By.LINK_TEXT, "Browse") - actions = ActionChains(self.driver) - actions.move_to_element(element).perform() - self.driver.find_element(By.LINK_TEXT, "SLA Misses").click() - element = self.driver.find_element(By.LINK_TEXT, "Browse") - actions = ActionChains(self.driver) - actions.move_to_element(element).perform() - self.driver.find_element(By.LINK_TEXT, "DAG Dependencies").click() - element = self.driver.find_element( - By.CSS_SELECTOR, ".navbar-user-icon > span") - actions = ActionChains(self.driver) - actions.move_to_element(element).perform() - self.driver.find_element(By.LINK_TEXT, "exit_to_appLog Out").click() - self.driver.close() diff --git a/community_images/airflow/airflow/bitnami/selenium_tests/test_viewsecurity.py b/community_images/airflow/airflow/bitnami/selenium_tests/test_viewsecurity.py deleted file mode 100644 index 8caccbdb34..0000000000 --- a/community_images/airflow/airflow/bitnami/selenium_tests/test_viewsecurity.py +++ /dev/null @@ -1,73 +0,0 @@ -# Generated by Selenium IDE -# pylint: skip-file - -import pytest -import time -import json -from selenium import webdriver -from selenium.webdriver.chrome.options import Options -from selenium.webdriver.common.by import By -from selenium.webdriver.common.action_chains import ActionChains -from selenium.webdriver.support import expected_conditions -from selenium.webdriver.support.wait import WebDriverWait -from selenium.webdriver.common.keys import Keys -from selenium.webdriver.common.desired_capabilities import DesiredCapabilities - - -class TestViewsecurity(): - def setup_method(self, method): # pylint: disable=unused-argument - """setup method.""" - chrome_options = Options() - chrome_options.add_argument("--headless") - chrome_options.add_argument('--disable-dev-shm-usage') - chrome_options.add_argument("disable-infobars") - chrome_options.add_argument("--disable-extensions") - chrome_options.add_argument("--disable-gpu") - chrome_options.add_argument("--no-sandbox") - self.driver = webdriver.Chrome( - options=chrome_options) # pylint: disable=attribute-defined-outside-init - self.driver.implicitly_wait(10) - - def teardown_method(self, method): # pylint: disable=unused-argument - """teardown method.""" - self.driver.quit() - - def test_viewsecurity(self, params): - self.driver.get( - "http://{}:{}/".format( - params["server"], - params["port"])) # pylint: disable=consider-using-f-string - self.driver.set_window_size(1200, 1286) - self.driver.find_element(By.ID, "username").send_keys("rf-test") - self.driver.find_element( - By.ID, "password").send_keys("rf_password123!") - self.driver.find_element(By.CSS_SELECTOR, ".btn-primary").click() - element = self.driver.find_element(By.LINK_TEXT, "Security") - actions = ActionChains(self.driver) - actions.move_to_element(element).perform() - self.driver.find_element(By.LINK_TEXT, "List Users").click() - element = self.driver.find_element(By.LINK_TEXT, "Security") - actions = ActionChains(self.driver) - actions.move_to_element(element).perform() - self.driver.find_element(By.LINK_TEXT, "List Roles").click() - element = self.driver.find_element(By.LINK_TEXT, "Security") - actions = ActionChains(self.driver) - actions.move_to_element(element).perform() - self.driver.find_element(By.LINK_TEXT, "User\'s Statistics").click() - element = self.driver.find_element(By.LINK_TEXT, "Security") - actions = ActionChains(self.driver) - actions.move_to_element(element).perform() - self.driver.find_element(By.LINK_TEXT, "Actions").click() - element = self.driver.find_element(By.LINK_TEXT, "Security") - actions = ActionChains(self.driver) - actions.move_to_element(element).perform() - self.driver.find_element(By.LINK_TEXT, "Resources").click() - element = self.driver.find_element(By.LINK_TEXT, "Security") - actions = ActionChains(self.driver) - actions.move_to_element(element).perform() - self.driver.find_element(By.LINK_TEXT, "Permissions").click() - element = self.driver.find_element(By.LINK_TEXT, "FL") - actions = ActionChains(self.driver) - actions.move_to_element(element).perform() - self.driver.find_element(By.LINK_TEXT, "exit_to_appLog Out").click() - self.driver.close() diff --git a/community_images/airflow/airflow/ironbank/.rfignore b/community_images/airflow/airflow/ironbank/.rfignore deleted file mode 100644 index 5259a7013b..0000000000 --- a/community_images/airflow/airflow/ironbank/.rfignore +++ /dev/null @@ -1 +0,0 @@ -/usr/share/licenses diff --git a/community_images/airflow/airflow/ironbank/README.md b/community_images/airflow/airflow/ironbank/README.md deleted file mode 100644 index 6aa92dad2f..0000000000 --- a/community_images/airflow/airflow/ironbank/README.md +++ /dev/null @@ -1,145 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for Apache Airflow Ironbank - -RapidFort’s container optimization process hardened this Apache Airflow Ironbank container. This container is free to use and has no license limitations. - -It is the same as the [Platform One Apache Airflow Ironbank][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is Apache Airflow Ironbank? - -> Apache Airflow (or simply Airflow) is a platform to programmatically author, schedule, and monitor workflows. - -When workflows are defined as code, they become more maintainable, versionable, testable, and collaborative. - -Use Airflow to author workflows as directed acyclic graphs (DAGs) of tasks. The Airflow scheduler executes your tasks on an array of workers while following the specified dependencies. Rich command line utilities make performing complex surgeries on DAGs a snap. The rich user interface makes it easy to visualize pipelines running in production, monitor progress, and troubleshoot issues when needed. - - -[Overview of Apache Airflow Ironbank](https://airflow.apache.org/) - -Disclaimer: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - - -## How do I use this hardened Apache Airflow Ironbank image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -$ helm repo add bitnami https://charts.bitnami.com/bitnami - -# install airflow, just replace repository with RapidFort registry -$ helm install my-airflow bitnami/airflow --set image.repository=rapidfort/airflow-ib - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [Platform One Apache Airflow Ironbank][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [Platform One Apache Airflow Ironbank][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/airflow-ib][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=airflow-ib&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fapache%2Fairflow%2Fairflow?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=airflow-ib&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fapache%2Fairflow%2Fairflow?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=airflow-ib&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fapache%2Fairflow%2Fairflow?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=airflow-ib&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fapache%2Fairflow%2Fairflow?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=airflow-ib&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fapache%2Fairflow%2Fairflow?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=airflow-ib&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/airflow-ib?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/airflow-ib?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/airflow/airflow/ironbank/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/airflow/airflow/ironbank/assets/cve_reduction.webp - -[source-image-repo-link]: https://registry1.dso.mil/harbor/projects/3/repositories/opensource%2Fapache%2Fairflow%2Fairflow -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/airflow-ib diff --git a/community_images/airflow/airflow/ironbank/assets/cve_reduction.webp b/community_images/airflow/airflow/ironbank/assets/cve_reduction.webp deleted file mode 100644 index c2c081bd06..0000000000 Binary files a/community_images/airflow/airflow/ironbank/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/airflow/airflow/ironbank/assets/metrics.webp b/community_images/airflow/airflow/ironbank/assets/metrics.webp deleted file mode 100644 index b110bbe053..0000000000 Binary files a/community_images/airflow/airflow/ironbank/assets/metrics.webp and /dev/null differ diff --git a/community_images/airflow/airflow/ironbank/dc_coverage.sh b/community_images/airflow/airflow/ironbank/dc_coverage.sh deleted file mode 100755 index 6dcf18cd85..0000000000 --- a/community_images/airflow/airflow/ironbank/dc_coverage.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/bash - -set -x -set -e - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" - -PROJECT_NAME=$(jq -r '.project_name' < "$JSON_PARAMS") - -# shellcheck disable=SC1091 -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -AIRFLOW_CONTAINER=${PROJECT_NAME}-airflow-ib-1 - -# Add a user for web app -docker exec "${AIRFLOW_CONTAINER}" airflow users create --role Admin --username rf-test --password rf_password123! --email rf-test@nomail.com --firstname rf --lastname test - -AIRFLOW_PORT='8080' -"${SCRIPTPATH}"/../../../common/selenium_tests/runner-dc.sh "localhost" "${AIRFLOW_PORT}" "${SCRIPTPATH}"/selenium_tests 2>&1 diff --git a/community_images/airflow/airflow/ironbank/docker-compose.yml b/community_images/airflow/airflow/ironbank/docker-compose.yml deleted file mode 100644 index 9802dfa587..0000000000 --- a/community_images/airflow/airflow/ironbank/docker-compose.yml +++ /dev/null @@ -1,41 +0,0 @@ -version: '3' - -services: - postgresql: - image: docker.io/rapidfort/postgresql:10.22 - volumes: - - 'postgresql_data:/bitnami/postgresql' - environment: - - POSTGRESQL_DATABASE=bitnami_airflow - - POSTGRESQL_USERNAME=bn_airflow - - POSTGRESQL_PASSWORD=bitnami1 - # ALLOW_EMPTY_PASSWORD is recommended only for development. - - ALLOW_EMPTY_PASSWORD=yes - redis: - image: docker.io/rapidfort/redis:7.0 - volumes: - - 'redis_data:/bitnami' - environment: - # ALLOW_EMPTY_PASSWORD is recommended only for development. - - ALLOW_EMPTY_PASSWORD=yes - airflow-ib: - image: ${AIRFLOW_IMAGE_REPOSITORY}:${AIRFLOW_IMAGE_TAG} - command: bash -c "airflow db init && (airflow webserver & airflow scheduler)" - cap_add: - - SYS_PTRACE - environment: - - AIRFLOW_DATABASE_NAME=bitnami_airflow - - AIRFLOW_DATABASE_USERNAME=bn_airflow - - AIRFLOW_DATABASE_PASSWORD=bitnami1 - - AIRFLOW_EXECUTOR=CeleryExecutor - - AIRFLOW__CORE__LOAD_EXAMPLES=true - ports: - - '8080:8080' - depends_on: - - postgresql - - redis -volumes: - postgresql_data: - driver: local - redis_data: - driver: local diff --git a/community_images/airflow/airflow/ironbank/image.yml b/community_images/airflow/airflow/ironbank/image.yml deleted file mode 100644 index 9f987e5c33..0000000000 --- a/community_images/airflow/airflow/ironbank/image.yml +++ /dev/null @@ -1,39 +0,0 @@ -name: airflow-ib -official_name: Apache Airflow Ironbank -official_website: https://airflow.apache.org/ -source_image_provider: Platform One -source_image_repo: registry1.dso.mil/ironbank/opensource/apache/airflow/airflow -source_image_repo_link: https://registry1.dso.mil/harbor/projects/3/repositories/opensource%2Fapache%2Fairflow%2Fairflow -source_image_readme: https://repo1.dso.mil/dsop/opensource/apache/airflow/airflow/-/blob/development/README.md -rf_docker_link: rapidfort/airflow-ib -image_workflow_name: airflow_airflow_ironbank -github_location: airflow/airflow/ironbank -report_url: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fapache%2Fairflow%2Fairflow -usage_instructions: | - $ helm repo add bitnami https://charts.bitnami.com/bitnami - - # install airflow, just replace repository with RapidFort registry - $ helm install my-airflow bitnami/airflow --set image.repository=rapidfort/airflow-ib -what_is_text: | - Apache Airflow (or simply Airflow) is a platform to programmatically author, schedule, and monitor workflows. - - When workflows are defined as code, they become more maintainable, versionable, testable, and collaborative. - - Use Airflow to author workflows as directed acyclic graphs (DAGs) of tasks. The Airflow scheduler executes your tasks on an array of workers while following the specified dependencies. Rich command line utilities make performing complex surgeries on DAGs a snap. The rich user interface makes it easy to visualize pipelines running in production, monitor progress, and troubleshoot issues when needed. -disclaimer: | - Disclaimer: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. -input_registry: - registry: registry1.dso.mil - account: ironbank -repo_sets: - - opensource/apache/airflow/airflow: - input_base_tag: "2.6." - output_repo: airflow-ib -runtimes: - - type: docker_compose - script: dc_coverage.sh - compose_file: docker-compose.yml - image_keys: - airflow-ib: - repository: "AIRFLOW_IMAGE_REPOSITORY" - tag: "AIRFLOW_IMAGE_TAG" diff --git a/community_images/airflow/airflow/ironbank/selenium_tests/conftest.py b/community_images/airflow/airflow/ironbank/selenium_tests/conftest.py deleted file mode 100644 index ce945b43c0..0000000000 --- a/community_images/airflow/airflow/ironbank/selenium_tests/conftest.py +++ /dev/null @@ -1,23 +0,0 @@ -"""The conftest file for running selenium test.""" -# pylint: skip-file - -# conftest.py -import pytest # pylint: disable=import-error - - -def pytest_addoption(parser): - """The function to add options""" - parser.addoption("--server", action="store", help="wordpress server") - parser.addoption("--port", action="store", - help="port for wordpress container") - - -@pytest.fixture -def params(request): - """the params""" - config_params = {} - config_params['server'] = request.config.getoption('--server') - config_params['port'] = request.config.getoption('--port') - if config_params['server'] is None or config_params['port'] is None: - pytest.skip() - return config_params diff --git a/community_images/airflow/airflow/ironbank/selenium_tests/test_enablealldags.py b/community_images/airflow/airflow/ironbank/selenium_tests/test_enablealldags.py deleted file mode 100644 index b20697c6d6..0000000000 --- a/community_images/airflow/airflow/ironbank/selenium_tests/test_enablealldags.py +++ /dev/null @@ -1,108 +0,0 @@ -# Generated by Selenium IDE -# pylint: skip-file - -import pytest -import time -import json -from selenium import webdriver -from selenium.webdriver.chrome.options import Options -from selenium.webdriver.common.by import By -from selenium.webdriver.common.action_chains import ActionChains -from selenium.webdriver.support import expected_conditions -from selenium.webdriver.support.wait import WebDriverWait -from selenium.webdriver.common.keys import Keys -from selenium.webdriver.common.desired_capabilities import DesiredCapabilities - - -class TestEnablealldags(): - def setup_method(self, method): # pylint: disable=unused-argument - """setup method.""" - chrome_options = Options() - chrome_options.add_argument("--headless") - chrome_options.add_argument('--disable-dev-shm-usage') - chrome_options.add_argument("disable-infobars") - chrome_options.add_argument("--disable-extensions") - chrome_options.add_argument("--disable-gpu") - chrome_options.add_argument("--no-sandbox") - self.driver = webdriver.Chrome( - options=chrome_options) # pylint: disable=attribute-defined-outside-init - self.driver.implicitly_wait(10) - - def teardown_method(self, method): # pylint: disable=unused-argument - """teardown method.""" - self.driver.quit() - - def test_enablealldags(self, params): - self.driver.get( - "http://{}:{}/".format( - params["server"], - params["port"])) # pylint: disable=consider-using-f-string - self.driver.set_window_size(1440, 790) - self.driver.find_element(By.ID, "username").send_keys("rf-test") - self.driver.find_element( - By.ID, "password").send_keys("rf_password123!") - self.driver.find_element(By.CSS_SELECTOR, ".btn-primary").click() - element = self.driver.find_element( - By.CSS_SELECTOR, ".active:nth-child(2) .material-icons") - actions = ActionChains(self.driver) - actions.move_to_element(element).perform() - element = self.driver.find_element(By.CSS_SELECTOR, "body") - actions = ActionChains(self.driver) - actions.move_to_element(element).perform() - self.driver.find_element( - By.CSS_SELECTOR, "tr:nth-child(1) .switch").click() - self.driver.find_element( - By.CSS_SELECTOR, "tr:nth-child(2) .switch").click() - self.driver.find_element( - By.CSS_SELECTOR, "tr:nth-child(3) .switch").click() - self.driver.find_element( - By.CSS_SELECTOR, "tr:nth-child(4) .switch").click() - self.driver.find_element( - By.CSS_SELECTOR, "tr:nth-child(5) .switch").click() - self.driver.find_element( - By.CSS_SELECTOR, "tr:nth-child(6) .switch").click() - self.driver.find_element( - By.CSS_SELECTOR, "tr:nth-child(7) > td:nth-child(1)").click() - self.driver.find_element( - By.CSS_SELECTOR, "tr:nth-child(7) .switch").click() - self.driver.find_element( - By.CSS_SELECTOR, "tr:nth-child(8) .switch").click() - self.driver.find_element( - By.CSS_SELECTOR, "tr:nth-child(9) .switch").click() - self.driver.find_element( - By.CSS_SELECTOR, "tr:nth-child(10) .switch").click() - self.driver.find_element( - By.CSS_SELECTOR, "tr:nth-child(11) .switch").click() - self.driver.find_element( - By.CSS_SELECTOR, "tr:nth-child(12) .switch").click() - self.driver.find_element( - By.CSS_SELECTOR, "tr:nth-child(13) .switch").click() - self.driver.find_element( - By.CSS_SELECTOR, "tr:nth-child(14) .switch").click() - self.driver.find_element( - By.CSS_SELECTOR, "tr:nth-child(15) .switch").click() - self.driver.find_element( - By.CSS_SELECTOR, "tr:nth-child(16) .switch").click() - self.driver.find_element( - By.CSS_SELECTOR, "tr:nth-child(17) .switch").click() - self.driver.find_element( - By.CSS_SELECTOR, "tr:nth-child(18) .switch").click() - self.driver.find_element( - By.CSS_SELECTOR, "tr:nth-child(19) .switch").click() - self.driver.find_element( - By.CSS_SELECTOR, "tr:nth-child(20) .switch").click() - self.driver.find_element( - By.CSS_SELECTOR, "tr:nth-child(21) .switch").click() - self.driver.find_element( - By.CSS_SELECTOR, "tr:nth-child(22) .switch").click() - self.driver.find_element( - By.CSS_SELECTOR, "tr:nth-child(23) .switch").click() - self.driver.find_element( - By.CSS_SELECTOR, "tr:nth-child(24) .switch").click() - self.driver.find_element( - By.CSS_SELECTOR, "tr:nth-child(25) .switch").click() - self.driver.find_element( - By.CSS_SELECTOR, "tr:nth-child(26) .switch").click() - self.driver.find_element( - By.CSS_SELECTOR, "tr:nth-child(27) .switch").click() - self.driver.close() diff --git a/community_images/airflow/airflow/ironbank/selenium_tests/test_testadmin.py b/community_images/airflow/airflow/ironbank/selenium_tests/test_testadmin.py deleted file mode 100644 index 92866b96a1..0000000000 --- a/community_images/airflow/airflow/ironbank/selenium_tests/test_testadmin.py +++ /dev/null @@ -1,73 +0,0 @@ -# Generated by Selenium IDE -# pylint: skip-file - -import pytest -import time -import json -from selenium import webdriver -from selenium.webdriver.chrome.options import Options -from selenium.webdriver.common.by import By -from selenium.webdriver.common.action_chains import ActionChains -from selenium.webdriver.support import expected_conditions -from selenium.webdriver.support.wait import WebDriverWait -from selenium.webdriver.common.keys import Keys -from selenium.webdriver.common.desired_capabilities import DesiredCapabilities - - -class TestTestadmin(): - def setup_method(self, method): # pylint: disable=unused-argument - """setup method.""" - chrome_options = Options() - chrome_options.add_argument("--headless") - chrome_options.add_argument('--disable-dev-shm-usage') - chrome_options.add_argument("disable-infobars") - chrome_options.add_argument("--disable-extensions") - chrome_options.add_argument("--disable-gpu") - chrome_options.add_argument("--no-sandbox") - self.driver = webdriver.Chrome( - options=chrome_options) # pylint: disable=attribute-defined-outside-init - self.driver.implicitly_wait(10) - - def teardown_method(self, method): # pylint: disable=unused-argument - """teardown method.""" - self.driver.quit() - - def test_testadmin(self, params): - self.driver.get( - "http://{}:{}/".format( - params["server"], - params["port"])) # pylint: disable=consider-using-f-string - self.driver.set_window_size(1200, 1286) - self.driver.find_element(By.ID, "username").send_keys("rf-test") - self.driver.find_element( - By.ID, "password").send_keys("rf_password123!") - self.driver.find_element(By.CSS_SELECTOR, ".btn-primary").click() - element = self.driver.find_element(By.LINK_TEXT, "Admin") - actions = ActionChains(self.driver) - actions.move_to_element(element).perform() - self.driver.find_element(By.LINK_TEXT, "Variables").click() - element = self.driver.find_element(By.LINK_TEXT, "Admin") - actions = ActionChains(self.driver) - actions.move_to_element(element).perform() - self.driver.find_element(By.LINK_TEXT, "Configurations").click() - element = self.driver.find_element(By.LINK_TEXT, "Admin") - actions = ActionChains(self.driver) - actions.move_to_element(element).perform() - self.driver.find_element(By.LINK_TEXT, "Connections").click() - element = self.driver.find_element(By.LINK_TEXT, "Admin") - actions = ActionChains(self.driver) - actions.move_to_element(element).perform() - self.driver.find_element(By.LINK_TEXT, "Plugins").click() - element = self.driver.find_element(By.LINK_TEXT, "Admin") - actions = ActionChains(self.driver) - actions.move_to_element(element).perform() - self.driver.find_element(By.LINK_TEXT, "Providers").click() - element = self.driver.find_element(By.LINK_TEXT, "Admin") - actions = ActionChains(self.driver) - actions.move_to_element(element).perform() - self.driver.find_element(By.LINK_TEXT, "Pools").click() - element = self.driver.find_element(By.LINK_TEXT, "Admin") - actions = ActionChains(self.driver) - actions.move_to_element(element).perform() - self.driver.find_element(By.LINK_TEXT, "XComs").click() - self.driver.close() diff --git a/community_images/airflow/airflow/ironbank/selenium_tests/test_viewbrowse.py b/community_images/airflow/airflow/ironbank/selenium_tests/test_viewbrowse.py deleted file mode 100644 index 0e77de1ddb..0000000000 --- a/community_images/airflow/airflow/ironbank/selenium_tests/test_viewbrowse.py +++ /dev/null @@ -1,78 +0,0 @@ -# Generated by Selenium IDE -# pylint: skip-file - -import pytest -import time -import json -from selenium import webdriver -from selenium.webdriver.chrome.options import Options -from selenium.webdriver.common.by import By -from selenium.webdriver.common.action_chains import ActionChains -from selenium.webdriver.support import expected_conditions -from selenium.webdriver.support.wait import WebDriverWait -from selenium.webdriver.common.keys import Keys -from selenium.webdriver.common.desired_capabilities import DesiredCapabilities - - -class TestViewbrowse(): - def setup_method(self, method): # pylint: disable=unused-argument - """setup method.""" - chrome_options = Options() - chrome_options.add_argument("--headless") - chrome_options.add_argument('--disable-dev-shm-usage') - chrome_options.add_argument("disable-infobars") - chrome_options.add_argument("--disable-extensions") - chrome_options.add_argument("--disable-gpu") - chrome_options.add_argument("--no-sandbox") - self.driver = webdriver.Chrome( - options=chrome_options) # pylint: disable=attribute-defined-outside-init - self.driver.implicitly_wait(10) - - def teardown_method(self, method): # pylint: disable=unused-argument - """teardown method.""" - self.driver.quit() - - def test_viewbrowse(self, params): - self.driver.get( - "http://{}:{}/".format( - params["server"], - params["port"])) # pylint: disable=consider-using-f-string - self.driver.set_window_size(1200, 1286) - self.driver.find_element(By.ID, "username").send_keys("rf-test") - self.driver.find_element( - By.ID, "password").send_keys("rf_password123!") - self.driver.find_element(By.CSS_SELECTOR, ".btn-primary").click() - element = self.driver.find_element(By.LINK_TEXT, "Browse") - actions = ActionChains(self.driver) - actions.move_to_element(element).perform() - self.driver.find_element(By.LINK_TEXT, "DAG Runs").click() - element = self.driver.find_element(By.LINK_TEXT, "Browse") - actions = ActionChains(self.driver) - actions.move_to_element(element).perform() - self.driver.find_element(By.LINK_TEXT, "Jobs").click() - element = self.driver.find_element(By.LINK_TEXT, "Browse") - actions = ActionChains(self.driver) - actions.move_to_element(element).perform() - self.driver.find_element(By.LINK_TEXT, "Audit Logs").click() - element = self.driver.find_element(By.LINK_TEXT, "Browse") - actions = ActionChains(self.driver) - actions.move_to_element(element).perform() - self.driver.find_element(By.LINK_TEXT, "Task Instances").click() - self.driver.find_element(By.LINK_TEXT, "example_branch_labels").click() - element = self.driver.find_element(By.LINK_TEXT, "Browse") - actions = ActionChains(self.driver) - actions.move_to_element(element).perform() - self.driver.find_element(By.LINK_TEXT, "Task Reschedules").click() - element = self.driver.find_element(By.LINK_TEXT, "Browse") - actions = ActionChains(self.driver) - actions.move_to_element(element).perform() - self.driver.find_element(By.LINK_TEXT, "Triggers").click() - element = self.driver.find_element(By.LINK_TEXT, "Browse") - actions = ActionChains(self.driver) - actions.move_to_element(element).perform() - self.driver.find_element(By.LINK_TEXT, "SLA Misses").click() - element = self.driver.find_element(By.LINK_TEXT, "Browse") - actions = ActionChains(self.driver) - actions.move_to_element(element).perform() - self.driver.find_element(By.LINK_TEXT, "DAG Dependencies").click() - self.driver.close() diff --git a/community_images/airflow/airflow/ironbank/selenium_tests/test_viewsecurity.py b/community_images/airflow/airflow/ironbank/selenium_tests/test_viewsecurity.py deleted file mode 100644 index 7e21c869f5..0000000000 --- a/community_images/airflow/airflow/ironbank/selenium_tests/test_viewsecurity.py +++ /dev/null @@ -1,69 +0,0 @@ -# Generated by Selenium IDE -# pylint: skip-file - -import pytest -import time -import json -from selenium import webdriver -from selenium.webdriver.chrome.options import Options -from selenium.webdriver.common.by import By -from selenium.webdriver.common.action_chains import ActionChains -from selenium.webdriver.support import expected_conditions -from selenium.webdriver.support.wait import WebDriverWait -from selenium.webdriver.common.keys import Keys -from selenium.webdriver.common.desired_capabilities import DesiredCapabilities - - -class TestViewsecurity(): - def setup_method(self, method): # pylint: disable=unused-argument - """setup method.""" - chrome_options = Options() - chrome_options.add_argument("--headless") - chrome_options.add_argument('--disable-dev-shm-usage') - chrome_options.add_argument("disable-infobars") - chrome_options.add_argument("--disable-extensions") - chrome_options.add_argument("--disable-gpu") - chrome_options.add_argument("--no-sandbox") - self.driver = webdriver.Chrome( - options=chrome_options) # pylint: disable=attribute-defined-outside-init - self.driver.implicitly_wait(10) - - def teardown_method(self, method): # pylint: disable=unused-argument - """teardown method.""" - self.driver.quit() - - def test_viewsecurity(self, params): - self.driver.get( - "http://{}:{}/".format( - params["server"], - params["port"])) # pylint: disable=consider-using-f-string - self.driver.set_window_size(1200, 1286) - self.driver.find_element(By.ID, "username").send_keys("rf-test") - self.driver.find_element( - By.ID, "password").send_keys("rf_password123!") - self.driver.find_element(By.CSS_SELECTOR, ".btn-primary").click() - element = self.driver.find_element(By.LINK_TEXT, "Security") - actions = ActionChains(self.driver) - actions.move_to_element(element).perform() - self.driver.find_element(By.LINK_TEXT, "List Users").click() - element = self.driver.find_element(By.LINK_TEXT, "Security") - actions = ActionChains(self.driver) - actions.move_to_element(element).perform() - self.driver.find_element(By.LINK_TEXT, "List Roles").click() - element = self.driver.find_element(By.LINK_TEXT, "Security") - actions = ActionChains(self.driver) - actions.move_to_element(element).perform() - self.driver.find_element(By.LINK_TEXT, "User\'s Statistics").click() - element = self.driver.find_element(By.LINK_TEXT, "Security") - actions = ActionChains(self.driver) - actions.move_to_element(element).perform() - self.driver.find_element(By.LINK_TEXT, "Actions").click() - element = self.driver.find_element(By.LINK_TEXT, "Security") - actions = ActionChains(self.driver) - actions.move_to_element(element).perform() - self.driver.find_element(By.LINK_TEXT, "Resources").click() - element = self.driver.find_element(By.LINK_TEXT, "Security") - actions = ActionChains(self.driver) - actions.move_to_element(element).perform() - self.driver.find_element(By.LINK_TEXT, "Permissions").click() - self.driver.close() diff --git a/community_images/apache/bitnami/.rfignore b/community_images/apache/bitnami/.rfignore deleted file mode 100644 index aeb23a6e50..0000000000 --- a/community_images/apache/bitnami/.rfignore +++ /dev/null @@ -1,6 +0,0 @@ -opt/bitnami/apache/include -opt/bitnami/licenses -opt/bitnami/apache/licenses -usr/share/common-licenses -opt/bitnami/apache2/licenses -lib/init diff --git a/community_images/apache/bitnami/README.md b/community_images/apache/bitnami/README.md deleted file mode 100644 index 4d69806d4a..0000000000 --- a/community_images/apache/bitnami/README.md +++ /dev/null @@ -1,142 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for Apache - -RapidFort’s container optimization process hardened this Apache container. This container is free to use and has no license limitations. - -It is the same as the [Bitnami Apache][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is Apache? - -> The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows. httpd is the Apache HyperText Transfer Protocol (HTTP) server program. It is designed to be run as a standalone daemon process. When used like this it will create a pool of child processes or threads to handle requests. - - -[Overview of Apache](https://httpd.apache.org/) - -Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - - -## How do I use this hardened Apache image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -$ helm repo add bitnami https://charts.bitnami.com/apache - -# install apache, just replace repository with RapidFort registry -$ helm install my-apache bitnami/apache --set image.repository=rapidfort/apache - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [Bitnami Apache][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [Bitnami Apache][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/apache][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links -* [`2.4`, `2.4-debian-11`, `2.4.58`, `2.4.58-debian-11-r` (2.4/debian-11/Dockerfile)](https://github.com/bitnami/containers/tree/main/bitnami/apache/2.4/debian-11/Dockerfile) - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=apache&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fapache?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=apache&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fapache?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=apache&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fapache?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=apache&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fapache?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=apache&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fapache?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=apache&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/apache?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/apache?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/apache/bitnami/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/apache/bitnami/assets/cve_reduction.webp - -[source-image-repo-link]: https://hub.docker.com/r/bitnami/apache -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/apache diff --git a/community_images/apache/bitnami/assets/cve_reduction.webp b/community_images/apache/bitnami/assets/cve_reduction.webp deleted file mode 100644 index 4e40520110..0000000000 Binary files a/community_images/apache/bitnami/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/apache/bitnami/assets/metrics.webp b/community_images/apache/bitnami/assets/metrics.webp deleted file mode 100644 index 34988c24ef..0000000000 Binary files a/community_images/apache/bitnami/assets/metrics.webp and /dev/null differ diff --git a/community_images/apache/bitnami/coverage_script.sh b/community_images/apache/bitnami/coverage_script.sh deleted file mode 100755 index 7354905c6f..0000000000 --- a/community_images/apache/bitnami/coverage_script.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/bash - -set -x -set -e -ls /opt/bitnami/apache2/modules/ -httpd -M -sed -i '/LoadModule /d' /opt/bitnami/apache2/conf/httpd.conf -cat /opt/bitnami/scripts/modules_list >> /opt/bitnami/apache2/conf/httpd.conf -#cat /opt/bitnami/apache2/conf/httpd.conf -/opt/bitnami/scripts/apache/reload.sh -/opt/bitnami/scripts/apache/status.sh - -httpd -M -#Modules excluded: ["unixd_module" "pagespeed_module" "pagespeed_ap24_module" "mpm_worker_module" "mpm_event_module"] diff --git a/community_images/apache/bitnami/dc_coverage.sh b/community_images/apache/bitnami/dc_coverage.sh deleted file mode 100755 index ef57905147..0000000000 --- a/community_images/apache/bitnami/dc_coverage.sh +++ /dev/null @@ -1,40 +0,0 @@ -#!/bin/bash - -set -x -set -e - -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -# shellcheck disable=SC1091 -. "${SCRIPTPATH}"/../../common/scripts/bash_helper.sh - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" - -PROJECT_NAME=$(jq -r '.project_name' < "$JSON_PARAMS") - -CONTAINER_NAME="${PROJECT_NAME}"-apache-1 - -# exec into container and run coverage script -docker exec -i "${CONTAINER_NAME}" bash -c /opt/bitnami/scripts/coverage_script.sh - -# log for debugging -docker inspect "${CONTAINER_NAME}" - -# find non-tls and tls port -docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"8080/tcp\"[0].HostPort" -docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"8443/tcp\"[0].HostPort" -NON_TLS_PORT=$(docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"8080/tcp\"[0].HostPort") -TLS_PORT=$(docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"8443/tcp\"[0].HostPort") - -# run curl in loop for different endpoints -for i in {1..20}; -do - echo "Attempt $i" - curl http://localhost:"${NON_TLS_PORT}" - with_backoff curl https://localhost:"${TLS_PORT}" -k -v -done - diff --git a/community_images/apache/bitnami/docker-compose.yml b/community_images/apache/bitnami/docker-compose.yml deleted file mode 100644 index cb7a8aff53..0000000000 --- a/community_images/apache/bitnami/docker-compose.yml +++ /dev/null @@ -1,14 +0,0 @@ -version: '2' - -services: - apache: - image: ${APACHE_IMAGE_REPOSITORY}:${APACHE_IMAGE_TAG} - user: root - volumes: - - ./modules_list:/opt/bitnami/scripts/modules_list:ro - - ./coverage_script.sh:/opt/bitnami/scripts/coverage_script.sh - cap_add: - - SYS_PTRACE - ports: - - '0.0.0.0::8080' - - '0.0.0.0::8443' diff --git a/community_images/apache/bitnami/docker_coverage.sh b/community_images/apache/bitnami/docker_coverage.sh deleted file mode 100755 index b720d0f871..0000000000 --- a/community_images/apache/bitnami/docker_coverage.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash - -set -x -set -e - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker coverage = $JSON" - -APACHE_HOST=$(jq -r '.container_details.apache.ip_address' < "$JSON_PARAMS") - -# Install Apache benchmark testing tool -sudo apt-get install apache2-utils -y -sudo apt-get install apache2 -y - -# testing using apache benchmark tool -ab -t 100 -n 10000 -c 10 http://"${APACHE_HOST}":8080/ diff --git a/community_images/apache/bitnami/image.yml b/community_images/apache/bitnami/image.yml deleted file mode 100644 index c187b9da2e..0000000000 --- a/community_images/apache/bitnami/image.yml +++ /dev/null @@ -1,58 +0,0 @@ -name: apache -official_name: Apache -official_website: https://httpd.apache.org/ -source_image_provider: Bitnami -source_image_repo: docker.io/bitnami/apache -source_image_repo_link: https://hub.docker.com/r/bitnami/apache -source_image_readme: https://github.com/bitnami/containers/blob/main/bitnami/apache/README.md -rf_docker_link: rapidfort/apache -image_workflow_name: apache_bitnami -github_location: apache/bitnami -report_url: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fapache -usage_instructions: | - $ helm repo add bitnami https://charts.bitnami.com/apache - - # install apache, just replace repository with RapidFort registry - $ helm install my-apache bitnami/apache --set image.repository=rapidfort/apache -what_is_text: | - The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows. httpd is the Apache HyperText Transfer Protocol (HTTP) server program. It is designed to be run as a standalone daemon process. When used like this it will create a pool of child processes or threads to handle requests. -disclaimer: | - Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. -input_registry: - registry: docker.io - account: bitnami -repo_sets: - - apache: - input_base_tag: "2.7.1-debian-11-r" -runtimes: - - type: k8s - script: k8s_coverage.sh - helm: - repo: bitnami - repo_url: https://charts.bitnami.com/bitnami - chart: apache - tls_certs: - generate: true - secret_name: localhost-server-tls - common_name: localhost - image_keys: - apache: - repository: "image.repository" - tag: "image.tag" - override_file: "overrides.yml" - - type: docker_compose - script: dc_coverage.sh - compose_file: docker-compose.yml - tls_certs: - generate: true - out_dir: certs - image_keys: - apache: - repository: "APACHE_IMAGE_REPOSITORY" - tag: "APACHE_IMAGE_TAG" - - type: docker - script: docker_coverage.sh - tls_certs: - generate: true - out_dir: certs - diff --git a/community_images/apache/bitnami/k8s_coverage.sh b/community_images/apache/bitnami/k8s_coverage.sh deleted file mode 100755 index 72ca4770eb..0000000000 --- a/community_images/apache/bitnami/k8s_coverage.sh +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/bash - -set -x -set -e - -JSON_PARAMS="$1" - -NAMESPACE=$(jq -r '.namespace_name' < "$JSON_PARAMS") -RELEASE_NAME=$(jq -r '.release_name' < "$JSON_PARAMS") - -# fetch service url and store the urls in URLS file -rm -f URLS -minikube service "${RELEASE_NAME}" -n "${NAMESPACE}" --url | tee -a URLS - -# Changing "http" to "https" in the urls file -sed -i '2,2s/http/https/' URLS -cat URLS - -# curl to urls -while read -r p; -do - curl -k "${p}" -done -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for Apache IronBank - -RapidFort’s container optimization process hardened this Apache IronBank container. This container is free to use and has no license limitations. - -It is the same as the [Platform One Apache IronBank][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is Apache IronBank? - -> The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows. httpd is the Apache HyperText Transfer Protocol (HTTP) server program. It is designed to be run as a standalone daemon process. When used like this it will create a pool of child processes or threads to handle requests. - - -[Overview of Apache IronBank](https://httpd.apache.org/) - -Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - - -## How do I use this hardened Apache IronBank image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -# Using docker run: -$ docker run -dit --name my-apache-app -p 8080:80 -v "$PWD":/var/www/html/ rapidfort/apache2-ib -# PWD can be replaced with the directory containing all your HTML. - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [Platform One Apache IronBank][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [Platform One Apache IronBank][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/apache2-ib][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=apache-ib&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fapache%2Fapache2?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=apache-ib&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fapache%2Fapache2?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=apache-ib&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fapache%2Fapache2?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=apache-ib&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fapache%2Fapache2?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=apache-ib&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fapache%2Fapache2?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=apache-ib&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/apache2-ib?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/apache2-ib?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/apache/ironbank/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/apache/ironbank/assets/cve_reduction.webp - -[source-image-repo-link]: https://registry1.dso.mil/harbor/projects/3/repositories/opensource%2Fapache%2Fapache2 -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/apache2-ib diff --git a/community_images/apache/ironbank/assets/cve_reduction.webp b/community_images/apache/ironbank/assets/cve_reduction.webp deleted file mode 100644 index 985d06ac02..0000000000 Binary files a/community_images/apache/ironbank/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/apache/ironbank/assets/metrics.webp b/community_images/apache/ironbank/assets/metrics.webp deleted file mode 100644 index eca94a944c..0000000000 Binary files a/community_images/apache/ironbank/assets/metrics.webp and /dev/null differ diff --git a/community_images/apache/ironbank/configs/index.html b/community_images/apache/ironbank/configs/index.html deleted file mode 100644 index 97ba60829a..0000000000 --- a/community_images/apache/ironbank/configs/index.html +++ /dev/null @@ -1,9 +0,0 @@ - - - - RapidFort - - -

Apache Server Test Page

- - diff --git a/community_images/apache/ironbank/configs/server-configs/httpd.conf b/community_images/apache/ironbank/configs/server-configs/httpd.conf deleted file mode 100644 index d4b31abd15..0000000000 --- a/community_images/apache/ironbank/configs/server-configs/httpd.conf +++ /dev/null @@ -1,345 +0,0 @@ -# -# This is the main Apache HTTP server configuration file. It contains the -# configuration directives that give the server its instructions. -# See for detailed information. -# In particular, see -# -# for a discussion of each configuration directive. -# -# See the httpd.conf(5) man page for more information on this configuration, -# and httpd.service(8) on using and configuring the httpd service. -# -# Do NOT simply read the instructions in here without understanding -# what they do. They're here only as hints or reminders. If you are unsure -# consult the online docs. You have been warned. -# -# Configuration and logfile names: If the filenames you specify for many -# of the server's control files begin with "/" (or "drive:/" for Win32), the -# server will use that explicit path. If the filenames do *not* begin -# with "/", the value of ServerRoot is prepended -- so 'log/access_log' -# with ServerRoot set to '/www' will be interpreted by the -# server as '/www/log/access_log', where as '/log/access_log' will be -# interpreted as '/log/access_log'. - -# -# ServerRoot: The top of the directory tree under which the server's -# configuration, error, and log files are kept. -# -# Do not add a slash at the end of the directory path. If you point -# ServerRoot at a non-local disk, be sure to specify a local disk on the -# Mutex directive, if file-based mutexes are used. If you wish to share the -# same ServerRoot for multiple httpd daemons, you will need to change at -# least PidFile. -# -ServerRoot "/etc/httpd" - -# -# Listen: Allows you to bind Apache to specific IP addresses and/or -# ports, instead of the default. See also the -# directive. -# -# Change this to Listen on specific IP addresses as shown below to -# prevent Apache from glomming onto all bound IP addresses. -# -#Listen 12.34.56.78:80 -#Listen 80 -# -# Dynamic Shared Object (DSO) Support -# -# To be able to use the functionality of a module which was built as a DSO you -# have to place corresponding `LoadModule' lines at this location so the -# directives contained in it are actually available _before_ they are used. -# Statically compiled modules (those listed by `httpd -l') do not need -# to be loaded here. -# -# Example: -# LoadModule foo_module modules/mod_foo.so -# - - -# -# If you wish httpd to run as a different user or group, you must run -# httpd as root initially and it will switch. -# -# User/Group: The name (or #number) of the user/group to run httpd as. -# It is usually good practice to create a dedicated user and group for -# running httpd, as with most system services. -# -User apache -Group apache - -# 'Main' server configuration -# -# The directives in this section set up the values used by the 'main' -# server, which responds to any requests that aren't handled by a -# definition. These values also provide defaults for -# any containers you may define later in the file. -# -# All of these directives may appear inside containers, -# in which case these default settings will be overridden for the -# virtual host being defined. -# - -# -# ServerAdmin: Your address, where problems with the server should be -# e-mailed. This address appears on some server-generated pages, such -# as error documents. e.g. admin@your-domain.com -# -ServerAdmin root@localhost - -# -# Deny access to the entirety of your server's filesystem. You must -# explicitly permit access to web content directories in other -# blocks below. -# - - AllowOverride none - Require all denied - - -# -# Note that from this point forward you must specifically allow -# particular features to be enabled - so if something's not working as -# you might expect, make sure that you have specifically enabled it -# below. -# - -# -# DocumentRoot: The directory out of which you will serve your -# documents. By default, all requests are taken from this directory, but -# symbolic links and aliases may be used to point to other locations. -# -DocumentRoot "/var/www/html" - -# -# Relax access to content within /var/www. -# - - AllowOverride None - # Allow open access: - Require all granted - - -# Further relax access to the default document root: - - # - # Possible values for the Options directive are "None", "All", - # or any combination of: - # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews - # - # Note that "MultiViews" must be named *explicitly* --- "Options All" - # doesn't give it to you. - # - # The Options directive is both complicated and important. Please see - # http://httpd.apache.org/docs/2.4/mod/core.html#options - # for more information. - # - Options Indexes FollowSymLinks - - # - # AllowOverride controls what directives may be placed in .htaccess files. - # It can be "All", "None", or any combination of the keywords: - # Options FileInfo AuthConfig Limit - # - AllowOverride None - - # - # Controls who can get stuff from this server. - # - Require all granted - - -# -# DirectoryIndex: sets the file that Apache will serve if a directory -# is requested. -# - - DirectoryIndex index.html - - -# -# The following lines prevent .htaccess and .htpasswd files from being -# viewed by Web clients. -# - - Require all denied - - -# -# ErrorLog: The location of the error log file. -# If you do not specify an ErrorLog directive within a -# container, error messages relating to that virtual host will be -# logged here. If you *do* define an error logfile for a -# container, that host's errors will be logged there and not here. -# -ErrorLog /proc/self/fd/2 - -# -# LogLevel: Control the number of messages logged to the error_log. -# Possible values include: debug, info, notice, warn, error, crit, -# alert, emerg. -# -LogLevel warn - - - # - # The following directives define some format nicknames for use with - # a CustomLog directive (see below). - # - LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined - LogFormat "%h %l %u %t \"%r\" %>s %b" common - - - # You need to enable mod_logio.c to use %I and %O - LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio - - - # - # The location and format of the access logfile (Common Logfile Format). - # If you do not define any access logfiles within a - # container, they will be logged here. Contrariwise, if you *do* - # define per- access logfiles, transactions will be - # logged therein and *not* in this file. - # - #CustomLog "logs/access_log" common - - # - # If you prefer a logfile with access, agent, and referer information - # (Combined Logfile Format) you can use the following directive. - # - CustomLog /proc/self/fd/1 combined - - - - # - # Redirect: Allows you to tell clients about documents that used to - # exist in your server's namespace, but do not anymore. The client - # will make a new request for the document at its new location. - # Example: - # Redirect permanent /foo http://www.example.com/bar - - # - # Alias: Maps web paths into filesystem paths and is used to - # access content that does not live under the DocumentRoot. - # Example: - # Alias /webpath /full/filesystem/path - # - # If you include a trailing / on /webpath then the server will - # require it to be present in the URL. You will also likely - # need to provide a section to allow access to - # the filesystem path. - - # - # ScriptAlias: This controls which directories contain server scripts. - # ScriptAliases are essentially the same as Aliases, except that - # documents in the target directory are treated as applications and - # run by the server when requested rather than as documents sent to the - # client. The same rules about trailing "/" apply to ScriptAlias - # directives as to Alias. - # - ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" - - - -# -# "/var/www/cgi-bin" should be changed to whatever your ScriptAliased -# CGI directory exists, if you have that configured. -# - - AllowOverride None - Options None - Require all granted - - - - # - # TypesConfig points to the file containing the list of mappings from - # filename extension to MIME-type. - # - TypesConfig /etc/mime.types - - # - # AddType allows you to add to or override the MIME configuration - # file specified in TypesConfig for specific file types. - # - #AddType application/x-gzip .tgz - # - # AddEncoding allows you to have certain browsers uncompress - # information on the fly. Note: Not all browsers support this. - # - #AddEncoding x-compress .Z - #AddEncoding x-gzip .gz .tgz - # - # If the AddEncoding directives above are commented-out, then you - # ssbably should define those extensions to indicate media types: - # - AddType application/x-compress .Z - AddType application/x-gzip .gz .tgz - # - # AddHandler allows you to map certain file extensions to "handlers": - # actions unrelated to filetype. These can be either built into the server - # or added with the Action directive (see below) - # - # To use CGI scripts outside of ScriptAliased directories: - # (You will also need to add "ExecCGI" to the "Options" directive.) - # - #AddHandler cgi-script .cgi - - # For type maps (negotiated resources): - #AddHandler type-map var - - # - # Filters allow you to process content before it is sent to the client. - # - # To parse .shtml files for server-side includes (SSI): - # (You will also need to add "Includes" to the "Options" directive.) - # - AddType text/html .shtml - AddOutputFilter INCLUDES .shtml - - -# -# Specify a default charset for all content served; this enables -# interpretation of all content as UTF-8 by default. To use the -# default browser choice (ISO-8859-1), or to allow the META tags -# in HTML content to override this choice, comment out this -# directive: -# -AddDefaultCharset UTF-8 - - - # - # The mod_mime_magic module allows the server to use various hints from the - # contents of the file itself to determine its type. The MIMEMagicFile - # directive tells the module where the hint definitions are located. - # - MIMEMagicFile conf/magic - - -# -# Customizable error responses come in three flavors: -# 1) plain text 2) local redirects 3) external redirects -# -# Some examples: -#ErrorDocument 500 "The server made a boo boo." -#ErrorDocument 404 /missing.html -#ErrorDocument 404 "/cgi-bin/missing_handler.pl" -#ErrorDocument 402 http://www.example.com/subscription_info.html -# - -# -# EnableMMAP and EnableSendfile: On systems that support it, -# memory-mapping or the sendfile syscall may be used to deliver -# files. This usually improves server performance, but must -# be turned off when serving from networked-mounted -# filesystems or if support for these functions is otherwise -# broken on your system. -# Defaults if commented: EnableMMAP On, EnableSendfile Off -# -#EnableMMAP off -EnableSendfile on - -# Supplemental configuration -# -# Load config files in the "/etc/httpd/conf.d" directory, if any. -IncludeOptional conf.d/*.conf \ No newline at end of file diff --git a/community_images/apache/ironbank/configs/server-configs/httpd1.conf b/community_images/apache/ironbank/configs/server-configs/httpd1.conf deleted file mode 100755 index 9dc416b0f0..0000000000 --- a/community_images/apache/ironbank/configs/server-configs/httpd1.conf +++ /dev/null @@ -1,217 +0,0 @@ -ServerRoot "/etc/httpd" -Listen 80 -# Modules -LoadModule access_compat_module modules/mod_access_compat.so -LoadModule actions_module modules/mod_actions.so -LoadModule alias_module modules/mod_alias.so -LoadModule allowmethods_module modules/mod_allowmethods.so -LoadModule asis_module modules/mod_asis.so -LoadModule auth_basic_module modules/mod_auth_basic.so -LoadModule auth_digest_module modules/mod_auth_digest.so -LoadModule auth_form_module modules/mod_auth_form.so -LoadModule authn_anon_module modules/mod_authn_anon.so -LoadModule authn_core_module modules/mod_authn_core.so -LoadModule authn_dbd_module modules/mod_authn_dbd.so -LoadModule authn_dbm_module modules/mod_authn_dbm.so -LoadModule authn_file_module modules/mod_authn_file.so -LoadModule authn_socache_module modules/mod_authn_socache.so -LoadModule authz_core_module modules/mod_authz_core.so -LoadModule authz_dbd_module modules/mod_authz_dbd.so -LoadModule authz_dbm_module modules/mod_authz_dbm.so -LoadModule authz_groupfile_module modules/mod_authz_groupfile.so -LoadModule authz_host_module modules/mod_authz_host.so -LoadModule authz_owner_module modules/mod_authz_owner.so -LoadModule authz_user_module modules/mod_authz_user.so -LoadModule autoindex_module modules/mod_autoindex.so -LoadModule brotli_module modules/mod_brotli.so -LoadModule buffer_module modules/mod_buffer.so -LoadModule cache_module modules/mod_cache.so -LoadModule cache_disk_module modules/mod_cache_disk.so -LoadModule cache_socache_module modules/mod_cache_socache.so -LoadModule cgi_module modules/mod_cgi.so -LoadModule cgid_module modules/mod_cgid.so -LoadModule charset_lite_module modules/mod_charset_lite.so -LoadModule data_module modules/mod_data.so -LoadModule dav_module modules/mod_dav.so -LoadModule dav_fs_module modules/mod_dav_fs.so -LoadModule dav_lock_module modules/mod_dav_lock.so -LoadModule dbd_module modules/mod_dbd.so -LoadModule deflate_module modules/mod_deflate.so -LoadModule dialup_module modules/mod_dialup.so -LoadModule dir_module modules/mod_dir.so -LoadModule dumpio_module modules/mod_dumpio.so -LoadModule echo_module modules/mod_echo.so -LoadModule env_module modules/mod_env.so -LoadModule expires_module modules/mod_expires.so -LoadModule ext_filter_module modules/mod_ext_filter.so -LoadModule filter_module modules/mod_filter.so -LoadModule headers_module modules/mod_headers.so -LoadModule status_module modules/mod_status.so -LoadModule watchdog_module modules/mod_watchdog.so -LoadModule heartbeat_module modules/mod_heartbeat.so -LoadModule heartmonitor_module modules/mod_heartmonitor.so -LoadModule http2_module modules/mod_http2.so -LoadModule include_module modules/mod_include.so -LoadModule info_module modules/mod_info.so -LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so -LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so -LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so -LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so -LoadModule log_config_module modules/mod_log_config.so -LoadModule log_debug_module modules/mod_log_debug.so -LoadModule log_forensic_module modules/mod_log_forensic.so -LoadModule logio_module modules/mod_logio.so -LoadModule lua_module modules/mod_lua.so -LoadModule macro_module modules/mod_macro.so -LoadModule mime_module modules/mod_mime.so -LoadModule mime_magic_module modules/mod_mime_magic.so -LoadModule mpm_event_module modules/mod_mpm_event.so -#LoadModule mpm_prefork_module modules/mod_mpm_prefork.so -#LoadModule mpm_worker_module modules/mod_mpm_worker.so -LoadModule negotiation_module modules/mod_negotiation.so -LoadModule unixd_module modules/mod_unixd.so -LoadModule proxy_module modules/mod_proxy.so -LoadModule proxy_ajp_module modules/mod_proxy_ajp.so -LoadModule proxy_balancer_module modules/mod_proxy_balancer.so -LoadModule proxy_connect_module modules/mod_proxy_connect.so -LoadModule proxy_express_module modules/mod_proxy_express.so -LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so -LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so -LoadModule proxy_ftp_module modules/mod_proxy_ftp.so -LoadModule proxy_hcheck_module modules/mod_proxy_hcheck.so -LoadModule proxy_http_module modules/mod_proxy_http.so -LoadModule proxy_http2_module modules/mod_proxy_http2.so -LoadModule proxy_scgi_module modules/mod_proxy_scgi.so -LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so -LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so -LoadModule ratelimit_module modules/mod_ratelimit.so -LoadModule reflector_module modules/mod_reflector.so -LoadModule remoteip_module modules/mod_remoteip.so -LoadModule reqtimeout_module modules/mod_reqtimeout.so -LoadModule request_module modules/mod_request.so -LoadModule rewrite_module modules/mod_rewrite.so -LoadModule sed_module modules/mod_sed.so -LoadModule session_module modules/mod_session.so -LoadModule session_cookie_module modules/mod_session_cookie.so -LoadModule session_crypto_module modules/mod_session_crypto.so -LoadModule session_dbd_module modules/mod_session_dbd.so -LoadModule setenvif_module modules/mod_setenvif.so -LoadModule slotmem_plain_module modules/mod_slotmem_plain.so -LoadModule slotmem_shm_module modules/mod_slotmem_shm.so -LoadModule socache_dbm_module modules/mod_socache_dbm.so -LoadModule socache_memcache_module modules/mod_socache_memcache.so -LoadModule socache_shmcb_module modules/mod_socache_shmcb.so -LoadModule speling_module modules/mod_speling.so -LoadModule ssl_module modules/mod_ssl.so -LoadModule substitute_module modules/mod_substitute.so -LoadModule suexec_module modules/mod_suexec.so -LoadModule unique_id_module modules/mod_unique_id.so -LoadModule userdir_module modules/mod_userdir.so -LoadModule usertrack_module modules/mod_usertrack.so -LoadModule version_module modules/mod_version.so -LoadModule vhost_alias_module modules/mod_vhost_alias.so - - -User apache -Group apache - -Include conf.modules.d/*.conf - -ServerAdmin you@example.com -ServerName Rapid - - - AllowOverride none - Require all denied - - -DocumentRoot "/var/www/html" - - Options Indexes FollowSymLinks - AllowOverride None - Require all granted - - - AllowOverride None - # Allow open access: - Require all granted - - - - DirectoryIndex index.html - - - - Require all denied - - -ErrorLog /proc/self/fd/2 - -LogLevel warn - - - LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined - LogFormat "%h %l %u %t \"%r\" %>s %b" common - - - LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio - - CustomLog /proc/self/fd/1 common - - - - ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" - - - - # - # ScriptSock: On threaded servers, designate the path to the UNIX - # socket used to communicate with the CGI daemon of mod_cgid. - # - #Scriptsock cgisock - - - - AllowOverride None - Options None - Require all granted - - - - RequestHeader unset Proxy early - - - - TypesConfig /etc/mime.types - AddType application/x-compress .Z - AddType application/x-gzip .gz .tgz - AddType text/html .shtml - AddOutputFilter INCLUDES .shtml - -AddDefaultCharset UTF-8 -# SSL -Listen 8443 https -SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES -SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES -SSLHonorCipherOrder on -SSLProtocol all -SSLv3 -SSLProxyProtocol all -SSLv3 -SSLPassPhraseDialog builtin -SSLSessionCache "shmcb:/run/httpd/sslcache(512000)" -SSLSessionCacheTimeout 300 - -# General setup for the virtual host -DocumentRoot "/var/www/html" -ErrorLog /proc/self/fd/2 -TransferLog /proc/self/fd/1 -SSLEngine on -SSLCertificateFile "/etc/pki/tls/certs/localhost.crt" -SSLCertificateKeyFile "/etc/pki/tls/private/localhost.key" -BrowserMatch "MSIE [2-5]" \ - nokeepalive ssl-unclean-shutdown \ - downgrade-1.0 force-response-1.0 - -CustomLog /proc/self/fd/1 \ - "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" - - \ No newline at end of file diff --git a/community_images/apache/ironbank/configs/server-configs/httpd2.conf b/community_images/apache/ironbank/configs/server-configs/httpd2.conf deleted file mode 100755 index 3e81edc942..0000000000 --- a/community_images/apache/ironbank/configs/server-configs/httpd2.conf +++ /dev/null @@ -1,190 +0,0 @@ -ServerRoot "/etc/httpd" -Listen 80 - -# Modules -LoadModule access_compat_module modules/mod_access_compat.so -LoadModule actions_module modules/mod_actions.so -LoadModule alias_module modules/mod_alias.so -LoadModule allowmethods_module modules/mod_allowmethods.so -LoadModule asis_module modules/mod_asis.so -LoadModule auth_basic_module modules/mod_auth_basic.so -LoadModule auth_digest_module modules/mod_auth_digest.so -LoadModule auth_form_module modules/mod_auth_form.so -LoadModule authn_anon_module modules/mod_authn_anon.so -LoadModule authn_core_module modules/mod_authn_core.so -LoadModule authn_dbd_module modules/mod_authn_dbd.so -LoadModule authn_dbm_module modules/mod_authn_dbm.so -LoadModule authn_file_module modules/mod_authn_file.so -LoadModule authn_socache_module modules/mod_authn_socache.so -LoadModule authz_core_module modules/mod_authz_core.so -LoadModule authz_dbd_module modules/mod_authz_dbd.so -LoadModule authz_dbm_module modules/mod_authz_dbm.so -LoadModule authz_groupfile_module modules/mod_authz_groupfile.so -LoadModule authz_host_module modules/mod_authz_host.so -LoadModule authz_owner_module modules/mod_authz_owner.so -LoadModule authz_user_module modules/mod_authz_user.so -LoadModule autoindex_module modules/mod_autoindex.so -LoadModule brotli_module modules/mod_brotli.so -LoadModule buffer_module modules/mod_buffer.so -LoadModule cache_module modules/mod_cache.so -LoadModule cache_disk_module modules/mod_cache_disk.so -LoadModule cache_socache_module modules/mod_cache_socache.so -LoadModule cgi_module modules/mod_cgi.so -LoadModule cgid_module modules/mod_cgid.so -LoadModule charset_lite_module modules/mod_charset_lite.so -LoadModule data_module modules/mod_data.so -LoadModule dav_module modules/mod_dav.so -LoadModule dav_fs_module modules/mod_dav_fs.so -LoadModule dav_lock_module modules/mod_dav_lock.so -LoadModule dbd_module modules/mod_dbd.so -LoadModule deflate_module modules/mod_deflate.so -LoadModule dialup_module modules/mod_dialup.so -LoadModule dir_module modules/mod_dir.so -LoadModule dumpio_module modules/mod_dumpio.so -LoadModule echo_module modules/mod_echo.so -LoadModule env_module modules/mod_env.so -LoadModule expires_module modules/mod_expires.so -LoadModule ext_filter_module modules/mod_ext_filter.so -LoadModule filter_module modules/mod_filter.so -LoadModule headers_module modules/mod_headers.so -LoadModule status_module modules/mod_status.so -LoadModule watchdog_module modules/mod_watchdog.so -LoadModule heartbeat_module modules/mod_heartbeat.so -LoadModule heartmonitor_module modules/mod_heartmonitor.so -LoadModule http2_module modules/mod_http2.so -LoadModule include_module modules/mod_include.so -LoadModule info_module modules/mod_info.so -LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so -LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so -LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so -LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so -LoadModule log_config_module modules/mod_log_config.so -LoadModule log_debug_module modules/mod_log_debug.so -LoadModule log_forensic_module modules/mod_log_forensic.so -LoadModule logio_module modules/mod_logio.so -LoadModule lua_module modules/mod_lua.so -LoadModule macro_module modules/mod_macro.so -LoadModule mime_module modules/mod_mime.so -LoadModule mime_magic_module modules/mod_mime_magic.so -# LoadModule mpm_event_module modules/mod_mpm_event.so -LoadModule mpm_prefork_module modules/mod_mpm_prefork.so -#LoadModule mpm_worker_module modules/mod_mpm_worker.so -LoadModule negotiation_module modules/mod_negotiation.so -LoadModule unixd_module modules/mod_unixd.so -LoadModule proxy_module modules/mod_proxy.so -LoadModule proxy_ajp_module modules/mod_proxy_ajp.so -LoadModule proxy_balancer_module modules/mod_proxy_balancer.so -LoadModule proxy_connect_module modules/mod_proxy_connect.so -LoadModule proxy_express_module modules/mod_proxy_express.so -LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so -LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so -LoadModule proxy_ftp_module modules/mod_proxy_ftp.so -LoadModule proxy_hcheck_module modules/mod_proxy_hcheck.so -LoadModule proxy_http_module modules/mod_proxy_http.so -LoadModule proxy_http2_module modules/mod_proxy_http2.so -LoadModule proxy_scgi_module modules/mod_proxy_scgi.so -LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so -LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so -LoadModule ratelimit_module modules/mod_ratelimit.so -LoadModule reflector_module modules/mod_reflector.so -LoadModule remoteip_module modules/mod_remoteip.so -LoadModule reqtimeout_module modules/mod_reqtimeout.so -LoadModule request_module modules/mod_request.so -LoadModule rewrite_module modules/mod_rewrite.so -LoadModule sed_module modules/mod_sed.so -LoadModule session_module modules/mod_session.so -LoadModule session_cookie_module modules/mod_session_cookie.so -LoadModule session_crypto_module modules/mod_session_crypto.so -LoadModule session_dbd_module modules/mod_session_dbd.so -LoadModule setenvif_module modules/mod_setenvif.so -LoadModule slotmem_plain_module modules/mod_slotmem_plain.so -LoadModule slotmem_shm_module modules/mod_slotmem_shm.so -LoadModule socache_dbm_module modules/mod_socache_dbm.so -LoadModule socache_memcache_module modules/mod_socache_memcache.so -LoadModule socache_shmcb_module modules/mod_socache_shmcb.so -LoadModule speling_module modules/mod_speling.so -LoadModule ssl_module modules/mod_ssl.so -LoadModule substitute_module modules/mod_substitute.so -LoadModule suexec_module modules/mod_suexec.so -LoadModule unique_id_module modules/mod_unique_id.so -LoadModule userdir_module modules/mod_userdir.so -LoadModule usertrack_module modules/mod_usertrack.so -LoadModule version_module modules/mod_version.so -LoadModule vhost_alias_module modules/mod_vhost_alias.so - - -User apache -Group apache - - -ServerAdmin you@example.com - - - AllowOverride none - Require all denied - - -DocumentRoot "/var/www/html" - - Options Indexes FollowSymLinks - AllowOverride None - Require all granted - - - AllowOverride None - # Allow open access: - Require all granted - - - - DirectoryIndex index.html - - - - Require all denied - - -ErrorLog /proc/self/fd/2 - -LogLevel warn - - - LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined - LogFormat "%h %l %u %t \"%r\" %>s %b" common - - - LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio - - CustomLog /proc/self/fd/1 common - - - - ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" - - - - # - # ScriptSock: On threaded servers, designate the path to the UNIX - # socket used to communicate with the CGI daemon of mod_cgid. - # - #Scriptsock cgisock - - - - AllowOverride None - Options None - Require all granted - - - - RequestHeader unset Proxy early - - - - TypesConfig /etc/mime.types - AddType application/x-compress .Z - AddType application/x-gzip .gz .tgz - AddType text/html .shtml - AddOutputFilter INCLUDES .shtml - -AddDefaultCharset UTF-8 \ No newline at end of file diff --git a/community_images/apache/ironbank/configs/server-configs/httpd3.conf b/community_images/apache/ironbank/configs/server-configs/httpd3.conf deleted file mode 100755 index 3b1bd4d09a..0000000000 --- a/community_images/apache/ironbank/configs/server-configs/httpd3.conf +++ /dev/null @@ -1,190 +0,0 @@ -ServerRoot "/etc/httpd" -Listen 80 - -# Modules -LoadModule access_compat_module modules/mod_access_compat.so -LoadModule actions_module modules/mod_actions.so -LoadModule alias_module modules/mod_alias.so -LoadModule allowmethods_module modules/mod_allowmethods.so -LoadModule asis_module modules/mod_asis.so -LoadModule auth_basic_module modules/mod_auth_basic.so -LoadModule auth_digest_module modules/mod_auth_digest.so -LoadModule auth_form_module modules/mod_auth_form.so -LoadModule authn_anon_module modules/mod_authn_anon.so -LoadModule authn_core_module modules/mod_authn_core.so -LoadModule authn_dbd_module modules/mod_authn_dbd.so -LoadModule authn_dbm_module modules/mod_authn_dbm.so -LoadModule authn_file_module modules/mod_authn_file.so -LoadModule authn_socache_module modules/mod_authn_socache.so -LoadModule authz_core_module modules/mod_authz_core.so -LoadModule authz_dbd_module modules/mod_authz_dbd.so -LoadModule authz_dbm_module modules/mod_authz_dbm.so -LoadModule authz_groupfile_module modules/mod_authz_groupfile.so -LoadModule authz_host_module modules/mod_authz_host.so -LoadModule authz_owner_module modules/mod_authz_owner.so -LoadModule authz_user_module modules/mod_authz_user.so -LoadModule autoindex_module modules/mod_autoindex.so -LoadModule brotli_module modules/mod_brotli.so -LoadModule buffer_module modules/mod_buffer.so -LoadModule cache_module modules/mod_cache.so -LoadModule cache_disk_module modules/mod_cache_disk.so -LoadModule cache_socache_module modules/mod_cache_socache.so -LoadModule cgi_module modules/mod_cgi.so -LoadModule cgid_module modules/mod_cgid.so -LoadModule charset_lite_module modules/mod_charset_lite.so -LoadModule data_module modules/mod_data.so -LoadModule dav_module modules/mod_dav.so -LoadModule dav_fs_module modules/mod_dav_fs.so -LoadModule dav_lock_module modules/mod_dav_lock.so -LoadModule dbd_module modules/mod_dbd.so -LoadModule deflate_module modules/mod_deflate.so -LoadModule dialup_module modules/mod_dialup.so -LoadModule dir_module modules/mod_dir.so -LoadModule dumpio_module modules/mod_dumpio.so -LoadModule echo_module modules/mod_echo.so -LoadModule env_module modules/mod_env.so -LoadModule expires_module modules/mod_expires.so -LoadModule ext_filter_module modules/mod_ext_filter.so -LoadModule filter_module modules/mod_filter.so -LoadModule headers_module modules/mod_headers.so -LoadModule status_module modules/mod_status.so -LoadModule watchdog_module modules/mod_watchdog.so -LoadModule heartbeat_module modules/mod_heartbeat.so -LoadModule heartmonitor_module modules/mod_heartmonitor.so -LoadModule http2_module modules/mod_http2.so -LoadModule include_module modules/mod_include.so -LoadModule info_module modules/mod_info.so -LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so -LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so -LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so -LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so -LoadModule log_config_module modules/mod_log_config.so -LoadModule log_debug_module modules/mod_log_debug.so -LoadModule log_forensic_module modules/mod_log_forensic.so -LoadModule logio_module modules/mod_logio.so -LoadModule lua_module modules/mod_lua.so -LoadModule macro_module modules/mod_macro.so -LoadModule mime_module modules/mod_mime.so -LoadModule mime_magic_module modules/mod_mime_magic.so -# LoadModule mpm_event_module modules/mod_mpm_event.so -#LoadModule mpm_prefork_module modules/mod_mpm_prefork.so -LoadModule mpm_worker_module modules/mod_mpm_worker.so -LoadModule negotiation_module modules/mod_negotiation.so -LoadModule unixd_module modules/mod_unixd.so -LoadModule proxy_module modules/mod_proxy.so -LoadModule proxy_ajp_module modules/mod_proxy_ajp.so -LoadModule proxy_balancer_module modules/mod_proxy_balancer.so -LoadModule proxy_connect_module modules/mod_proxy_connect.so -LoadModule proxy_express_module modules/mod_proxy_express.so -LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so -LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so -LoadModule proxy_ftp_module modules/mod_proxy_ftp.so -LoadModule proxy_hcheck_module modules/mod_proxy_hcheck.so -LoadModule proxy_http_module modules/mod_proxy_http.so -LoadModule proxy_http2_module modules/mod_proxy_http2.so -LoadModule proxy_scgi_module modules/mod_proxy_scgi.so -LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so -LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so -LoadModule ratelimit_module modules/mod_ratelimit.so -LoadModule reflector_module modules/mod_reflector.so -LoadModule remoteip_module modules/mod_remoteip.so -LoadModule reqtimeout_module modules/mod_reqtimeout.so -LoadModule request_module modules/mod_request.so -LoadModule rewrite_module modules/mod_rewrite.so -LoadModule sed_module modules/mod_sed.so -LoadModule session_module modules/mod_session.so -LoadModule session_cookie_module modules/mod_session_cookie.so -LoadModule session_crypto_module modules/mod_session_crypto.so -LoadModule session_dbd_module modules/mod_session_dbd.so -LoadModule setenvif_module modules/mod_setenvif.so -LoadModule slotmem_plain_module modules/mod_slotmem_plain.so -LoadModule slotmem_shm_module modules/mod_slotmem_shm.so -LoadModule socache_dbm_module modules/mod_socache_dbm.so -LoadModule socache_memcache_module modules/mod_socache_memcache.so -LoadModule socache_shmcb_module modules/mod_socache_shmcb.so -LoadModule speling_module modules/mod_speling.so -LoadModule ssl_module modules/mod_ssl.so -LoadModule substitute_module modules/mod_substitute.so -LoadModule suexec_module modules/mod_suexec.so -LoadModule unique_id_module modules/mod_unique_id.so -LoadModule userdir_module modules/mod_userdir.so -LoadModule usertrack_module modules/mod_usertrack.so -LoadModule version_module modules/mod_version.so -LoadModule vhost_alias_module modules/mod_vhost_alias.so - - -User apache -Group apache - - -ServerAdmin you@example.com - - - AllowOverride none - Require all denied - - -DocumentRoot "/var/www/html" - - Options Indexes FollowSymLinks - AllowOverride None - Require all granted - - - AllowOverride None - # Allow open access: - Require all granted - - - - DirectoryIndex index.html - - - - Require all denied - - -ErrorLog /proc/self/fd/2 - -LogLevel warn - - - LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined - LogFormat "%h %l %u %t \"%r\" %>s %b" common - - - LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio - - CustomLog /proc/self/fd/1 common - - - - ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" - - - - # - # ScriptSock: On threaded servers, designate the path to the UNIX - # socket used to communicate with the CGI daemon of mod_cgid. - # - #Scriptsock cgisock - - - - AllowOverride None - Options None - Require all granted - - - - RequestHeader unset Proxy early - - - - TypesConfig /etc/mime.types - AddType application/x-compress .Z - AddType application/x-gzip .gz .tgz - AddType text/html .shtml - AddOutputFilter INCLUDES .shtml - -AddDefaultCharset UTF-8 \ No newline at end of file diff --git a/community_images/apache/ironbank/dc_coverage.sh b/community_images/apache/ironbank/dc_coverage.sh deleted file mode 100755 index 835423f4e7..0000000000 --- a/community_images/apache/ironbank/dc_coverage.sh +++ /dev/null @@ -1,63 +0,0 @@ -#!/bin/bash - -set -x -set -e - -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -# shellcheck disable=SC1091 -. "${SCRIPTPATH}"/../../common/scripts/bash_helper.sh - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" - -PROJECT_NAME=$(jq -r '.project_name' < "$JSON_PARAMS") - -CONTAINER_NAME="${PROJECT_NAME}"-apache-1 - -# checking all modules and config test -docker exec -i "${CONTAINER_NAME}" httpd -M -docker exec -i "${CONTAINER_NAME}" apachectl configtest - -# log for debugging -docker inspect "${CONTAINER_NAME}" - -# find non-tls and tls port -docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"80/tcp\"[0].HostPort" -docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"8443/tcp\"[0].HostPort" -NON_TLS_PORT=$(docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"80/tcp\"[0].HostPort") -TLS_PORT=$(docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"8443/tcp\"[0].HostPort") - -# run curl in loop for different endpoints -# Apache Server 1 (MPM Event module enabled, ssl enabled) -for i in {1..5}; -do - echo "Attempt on Apache-server-1 $i" - curl http://localhost:"${NON_TLS_PORT}" - with_backoff curl https://localhost:"${TLS_PORT}" -k -v -done -# Apache Server 2 (MPM Prefork module enabled) -NON_TLS_PORT=$(docker inspect "${PROJECT_NAME}"-apache-prefork-mpm-1 | jq -r ".[].NetworkSettings.Ports.\"80/tcp\"[0].HostPort") -for i in {1..5}; -do - echo "Attempt on Apache-server-2 $i" - curl http://localhost:"${NON_TLS_PORT}" -done -# Apache Server 3 (MPM Worker module enable) -NON_TLS_PORT=$(docker inspect "${PROJECT_NAME}"-apache-worker-mpm-1 | jq -r ".[].NetworkSettings.Ports.\"80/tcp\"[0].HostPort") -for i in {1..5}; -do - echo "Attempt on Apache-server-3 $i" - curl http://localhost:"${NON_TLS_PORT}" -done - -# Install Apache benchmark testing tool -sudo apt-get install apache2-utils -y -sudo apt-get install apache2 -y - -APACHE_HOST=$(docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Networks.\"${PROJECT_NAME}_default\".IPAddress") -# testing using apache benchmark tool -ab -t 100 -n 10000 -c 10 http://"${APACHE_HOST}":80/ \ No newline at end of file diff --git a/community_images/apache/ironbank/docker-compose.yml b/community_images/apache/ironbank/docker-compose.yml deleted file mode 100755 index 5149a2ab51..0000000000 --- a/community_images/apache/ironbank/docker-compose.yml +++ /dev/null @@ -1,51 +0,0 @@ -version: '2' - -services: - apache: - image: ${APACHE_IMAGE_REPOSITORY}:${APACHE_IMAGE_TAG} - user: root - volumes: - - ./configs/index.html:/var/www/html/index.html - - ./configs/server-configs/httpd1.conf:/etc/httpd/conf/httpd.conf - - ./certs/server.crt:/etc/pki/tls/certs/localhost.crt - - ./certs/server.key:/etc/pki/tls/private/localhost.key - cap_add: - - SYS_PTRACE - ports: - - "0.0.0.0::80" - - "0.0.0.0::8443" - apache-prefork-mpm: - image: ${APACHE_IMAGE_REPOSITORY}:${APACHE_IMAGE_TAG} - user: root - volumes: - - ./configs/index.html:/var/www/html/index.html - - ./configs/server-configs/httpd2.conf:/etc/httpd/conf/httpd.conf - - ./certs/server.crt:/etc/pki/tls/certs/localhost.crt - - ./certs/server.key:/etc/pki/tls/private/localhost.key - cap_add: - - SYS_PTRACE - ports: - - "0.0.0.0::80" - command: - - /bin/bash - - -c - - | - ./configure --enable-mpms-shared='prefork' - - apache-worker-mpm: - image: ${APACHE_IMAGE_REPOSITORY}:${APACHE_IMAGE_TAG} - user: root - volumes: - - ./configs/index.html:/var/www/html/index.html - - ./configs/server-configs/httpd3.conf:/etc/httpd/conf/httpd.conf - - ./certs/server.crt:/etc/pki/tls/certs/localhost.crt - - ./certs/server.key:/etc/pki/tls/private/localhost.key - cap_add: - - SYS_PTRACE - ports: - - "0.0.0.0::80" - command: - - /bin/bash - - -c - - | - ./configure --enable-mpms-shared='worker' diff --git a/community_images/apache/ironbank/image.yml b/community_images/apache/ironbank/image.yml deleted file mode 100755 index 3cb1820676..0000000000 --- a/community_images/apache/ironbank/image.yml +++ /dev/null @@ -1,37 +0,0 @@ -name: apache-ib -official_name: Apache IronBank -official_website: https://httpd.apache.org/ -source_image_provider: Platform One -source_image_repo: registry1.dso.mil/ironbank/opensource/apache/apache2 -source_image_repo_link: https://registry1.dso.mil/harbor/projects/3/repositories/opensource%2Fapache%2Fapache2 -source_image_readme: https://repo1.dso.mil/dsop/opensource/apache/apache2/-/blob/development/README.md -rf_docker_link: rapidfort/apache2-ib -image_workflow_name: apache_ironbank -github_location: apache/ironbank -report_url: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fapache%2Fapache2 -usage_instructions: | - # Using docker run: - $ docker run -dit --name my-apache-app -p 8080:80 -v "$PWD":/var/www/html/ rapidfort/apache2-ib - # PWD can be replaced with the directory containing all your HTML. -what_is_text: | - The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows. httpd is the Apache HyperText Transfer Protocol (HTTP) server program. It is designed to be run as a standalone daemon process. When used like this it will create a pool of child processes or threads to handle requests. -disclaimer: | - Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. -input_registry: - registry: registry1.dso.mil - account: ironbank -repo_sets: - - opensource/apache/apache2: - input_base_tag: "2.4." - output_repo: apache2-ib -runtimes: - - type: docker_compose - script: dc_coverage.sh - compose_file: docker-compose.yml - tls_certs: - generate: true - out_dir: certs - image_keys: - apache2-ib: - repository: "APACHE_IMAGE_REPOSITORY" - tag: "APACHE_IMAGE_TAG" diff --git a/community_images/apache/official/.rfignore b/community_images/apache/official/.rfignore deleted file mode 100644 index c0e20dc2c1..0000000000 --- a/community_images/apache/official/.rfignore +++ /dev/null @@ -1,2 +0,0 @@ -usr/share/common-licenses -/usr/local/apache2/include diff --git a/community_images/apache/official/README.md b/community_images/apache/official/README.md deleted file mode 100755 index 62e4cd5998..0000000000 --- a/community_images/apache/official/README.md +++ /dev/null @@ -1,142 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for Apache Official - -RapidFort’s container optimization process hardened this Apache Official container. This container is free to use and has no license limitations. - -It is the same as the [The Docker Community Apache Official][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is Apache Official? - -> The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows. httpd is the Apache HyperText Transfer Protocol (HTTP) server program. It is designed to be run as a standalone daemon process. When used like this it will create a pool of child processes or threads to handle requests. - - -[Overview of Apache Official](https://httpd.apache.org/) - -Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - - -## How do I use this hardened Apache Official image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -# Using docker run: -$ docker run -dit --name my-apache-app -p 8080:80 -v "$PWD":/usr/local/apache2/htdocs/ rapidfort/apache-official -# PWD can be replaced with the directory containing all your HTML. - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [The Docker Community Apache Official][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [The Docker Community Apache Official][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/apache-official][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links -* [`2.4.54`, `2.4`, `2`, `latest`, `2.4.54-bullseye`, `2.4-bullseye`, `2-bullseye`, `bullseye`](https://github.com/docker-library/httpd/blob/f3b7fd9c8ef59d1ad46c8b2a27df3e02d822834f/2.4/Dockerfile) -* [`2.4.54-alpine`, `2.4-alpine`, `2-alpine`, `alpine`, `2.4.54-alpine3.16`, `2.4-alpine3.16`, `2-alpine3.16`, `alpine3.16`](https://github.com/docker-library/httpd/blob/f3b7fd9c8ef59d1ad46c8b2a27df3e02d822834f/2.4/alpine/Dockerfile) - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=apache-official&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fhttpd?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=apache-official&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fhttpd?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=apache-official&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fhttpd?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=apache-official&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fhttpd?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=apache-official&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fhttpd?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=apache-official&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/apache-official?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/apache-official?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/apache/official/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/apache/official/assets/cve_reduction.webp - -[source-image-repo-link]: https://hub.docker.com/_/httpd -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/apache-official diff --git a/community_images/apache/official/assets/cve_reduction.webp b/community_images/apache/official/assets/cve_reduction.webp deleted file mode 100644 index ae88fbf5b5..0000000000 Binary files a/community_images/apache/official/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/apache/official/assets/metrics.webp b/community_images/apache/official/assets/metrics.webp deleted file mode 100644 index 9bb35cbc5b..0000000000 Binary files a/community_images/apache/official/assets/metrics.webp and /dev/null differ diff --git a/community_images/apache/official/configs/index.html b/community_images/apache/official/configs/index.html deleted file mode 100644 index 97ba60829a..0000000000 --- a/community_images/apache/official/configs/index.html +++ /dev/null @@ -1,9 +0,0 @@ - - - - RapidFort - - -

Apache Server Test Page

- - diff --git a/community_images/apache/official/configs/server-configs/httpd1.conf b/community_images/apache/official/configs/server-configs/httpd1.conf deleted file mode 100644 index c52f510317..0000000000 --- a/community_images/apache/official/configs/server-configs/httpd1.conf +++ /dev/null @@ -1,209 +0,0 @@ -ServerRoot "/usr/local/apache2" -Listen 80 -# Modules -LoadModule access_compat_module modules/mod_access_compat.so -LoadModule actions_module modules/mod_actions.so -LoadModule alias_module modules/mod_alias.so -LoadModule allowmethods_module modules/mod_allowmethods.so -LoadModule asis_module modules/mod_asis.so -LoadModule auth_basic_module modules/mod_auth_basic.so -LoadModule auth_digest_module modules/mod_auth_digest.so -LoadModule auth_form_module modules/mod_auth_form.so -LoadModule authn_anon_module modules/mod_authn_anon.so -LoadModule authn_core_module modules/mod_authn_core.so -LoadModule authn_dbd_module modules/mod_authn_dbd.so -LoadModule authn_dbm_module modules/mod_authn_dbm.so -LoadModule authn_file_module modules/mod_authn_file.so -LoadModule authn_socache_module modules/mod_authn_socache.so -LoadModule authnz_fcgi_module modules/mod_authnz_fcgi.so -LoadModule authnz_ldap_module modules/mod_authnz_ldap.so -LoadModule authz_core_module modules/mod_authz_core.so -LoadModule authz_dbd_module modules/mod_authz_dbd.so -LoadModule authz_dbm_module modules/mod_authz_dbm.so -LoadModule authz_groupfile_module modules/mod_authz_groupfile.so -LoadModule authz_host_module modules/mod_authz_host.so -LoadModule authz_owner_module modules/mod_authz_owner.so -LoadModule authz_user_module modules/mod_authz_user.so -LoadModule autoindex_module modules/mod_autoindex.so -LoadModule brotli_module modules/mod_brotli.so -LoadModule bucketeer_module modules/mod_bucketeer.so -LoadModule buffer_module modules/mod_buffer.so -LoadModule cache_module modules/mod_cache.so -LoadModule cache_disk_module modules/mod_cache_disk.so -LoadModule cache_socache_module modules/mod_cache_socache.so -LoadModule case_filter_module modules/mod_case_filter.so -LoadModule case_filter_in_module modules/mod_case_filter_in.so -LoadModule cern_meta_module modules/mod_cern_meta.so -LoadModule cgi_module modules/mod_cgi.so -LoadModule cgid_module modules/mod_cgid.so -LoadModule charset_lite_module modules/mod_charset_lite.so -LoadModule data_module modules/mod_data.so -LoadModule dav_module modules/mod_dav.so -LoadModule dav_fs_module modules/mod_dav_fs.so -LoadModule dav_lock_module modules/mod_dav_lock.so -LoadModule dbd_module modules/mod_dbd.so -LoadModule deflate_module modules/mod_deflate.so -LoadModule dialup_module modules/mod_dialup.so -LoadModule dir_module modules/mod_dir.so -LoadModule dumpio_module modules/mod_dumpio.so -LoadModule echo_module modules/mod_echo.so -LoadModule env_module modules/mod_env.so -LoadModule example_hooks_module modules/mod_example_hooks.so -LoadModule example_ipc_module modules/mod_example_ipc.so -LoadModule expires_module modules/mod_expires.so -LoadModule ext_filter_module modules/mod_ext_filter.so -LoadModule file_cache_module modules/mod_file_cache.so -LoadModule filter_module modules/mod_filter.so -LoadModule headers_module modules/mod_headers.so -LoadModule status_module modules/mod_status.so -LoadModule watchdog_module modules/mod_watchdog.so -LoadModule heartbeat_module modules/mod_heartbeat.so -LoadModule heartmonitor_module modules/mod_heartmonitor.so -LoadModule http2_module modules/mod_http2.so -LoadModule ident_module modules/mod_ident.so -LoadModule imagemap_module modules/mod_imagemap.so -LoadModule include_module modules/mod_include.so -LoadModule info_module modules/mod_info.so -LoadModule isapi_module modules/mod_isapi.so -LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so -LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so -LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so -LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so -LoadModule ldap_module modules/mod_ldap.so -LoadModule log_config_module modules/mod_log_config.so -LoadModule log_debug_module modules/mod_log_debug.so -LoadModule log_forensic_module modules/mod_log_forensic.so -LoadModule logio_module modules/mod_logio.so -LoadModule lua_module modules/mod_lua.so -LoadModule macro_module modules/mod_macro.so -LoadModule md_module modules/mod_md.so -LoadModule mime_module modules/mod_mime.so -LoadModule mime_magic_module modules/mod_mime_magic.so -LoadModule mpm_event_module modules/mod_mpm_event.so -#LoadModule mpm_prefork_module modules/mod_mpm_prefork.so -#LoadModule mpm_worker_module modules/mod_mpm_worker.so -LoadModule negotiation_module modules/mod_negotiation.so -LoadModule unixd_module modules/mod_unixd.so -LoadModule optional_fn_export_module modules/mod_optional_fn_export.so -LoadModule optional_fn_import_module modules/mod_optional_fn_import.so -LoadModule optional_hook_export_module modules/mod_optional_hook_export.so -LoadModule optional_hook_import_module modules/mod_optional_hook_import.so -LoadModule proxy_module modules/mod_proxy.so -LoadModule proxy_ajp_module modules/mod_proxy_ajp.so -LoadModule proxy_balancer_module modules/mod_proxy_balancer.so -LoadModule proxy_connect_module modules/mod_proxy_connect.so -LoadModule proxy_express_module modules/mod_proxy_express.so -LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so -LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so -LoadModule proxy_ftp_module modules/mod_proxy_ftp.so -LoadModule proxy_hcheck_module modules/mod_proxy_hcheck.so -LoadModule proxy_http_module modules/mod_proxy_http.so -LoadModule proxy_http2_module modules/mod_proxy_http2.so -LoadModule proxy_scgi_module modules/mod_proxy_scgi.so -LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so -LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so -LoadModule ratelimit_module modules/mod_ratelimit.so -LoadModule reflector_module modules/mod_reflector.so -LoadModule remoteip_module modules/mod_remoteip.so -LoadModule reqtimeout_module modules/mod_reqtimeout.so -LoadModule request_module modules/mod_request.so -LoadModule rewrite_module modules/mod_rewrite.so -LoadModule sed_module modules/mod_sed.so -LoadModule session_module modules/mod_session.so -LoadModule session_cookie_module modules/mod_session_cookie.so -LoadModule session_crypto_module modules/mod_session_crypto.so -LoadModule session_dbd_module modules/mod_session_dbd.so -LoadModule setenvif_module modules/mod_setenvif.so -LoadModule slotmem_plain_module modules/mod_slotmem_plain.so -LoadModule slotmem_shm_module modules/mod_slotmem_shm.so -LoadModule socache_dbm_module modules/mod_socache_dbm.so -LoadModule socache_memcache_module modules/mod_socache_memcache.so -LoadModule socache_redis_module modules/mod_socache_redis.so -LoadModule socache_shmcb_module modules/mod_socache_shmcb.so -LoadModule speling_module modules/mod_speling.so -LoadModule ssl_module modules/mod_ssl.so -LoadModule substitute_module modules/mod_substitute.so -LoadModule suexec_module modules/mod_suexec.so -LoadModule unique_id_module modules/mod_unique_id.so -LoadModule userdir_module modules/mod_userdir.so -LoadModule usertrack_module modules/mod_usertrack.so -LoadModule version_module modules/mod_version.so -LoadModule vhost_alias_module modules/mod_vhost_alias.so -LoadModule xml2enc_module modules/mod_xml2enc.so -Include conf/extra/httpd-ssl.conf - -User www-data -Group www-data - - -ServerAdmin you@example.com - - - AllowOverride none - Require all denied - - -DocumentRoot "/usr/local/apache2/htdocs" - - Options Indexes FollowSymLinks - AllowOverride None - Require all granted - - - - DirectoryIndex index.html - - - - Require all denied - - -ErrorLog /proc/self/fd/2 - -LogLevel warn - - - LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined - LogFormat "%h %l %u %t \"%r\" %>s %b" common - - - LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio - - CustomLog /proc/self/fd/1 common - - - - ScriptAlias /cgi-bin/ "/usr/local/apache2/cgi-bin/" - - - - # - # ScriptSock: On threaded servers, designate the path to the UNIX - # socket used to communicate with the CGI daemon of mod_cgid. - # - #Scriptsock cgisock - - - - AllowOverride None - Options None - Require all granted - - - - RequestHeader unset Proxy early - - - - TypesConfig conf/mime.types - AddType application/x-compress .Z - AddType application/x-gzip .gz .tgz - - - -Include conf/extra/proxy-html.conf - - -SSLRandomSeed startup builtin -SSLRandomSeed connect builtin - \ No newline at end of file diff --git a/community_images/apache/official/configs/server-configs/httpd2.conf b/community_images/apache/official/configs/server-configs/httpd2.conf deleted file mode 100644 index 3895dc6759..0000000000 --- a/community_images/apache/official/configs/server-configs/httpd2.conf +++ /dev/null @@ -1,210 +0,0 @@ -ServerRoot "/usr/local/apache2" -Listen 80 - -# Modules -LoadModule access_compat_module modules/mod_access_compat.so -LoadModule actions_module modules/mod_actions.so -LoadModule alias_module modules/mod_alias.so -LoadModule allowmethods_module modules/mod_allowmethods.so -LoadModule asis_module modules/mod_asis.so -LoadModule auth_basic_module modules/mod_auth_basic.so -LoadModule auth_digest_module modules/mod_auth_digest.so -LoadModule auth_form_module modules/mod_auth_form.so -LoadModule authn_anon_module modules/mod_authn_anon.so -LoadModule authn_core_module modules/mod_authn_core.so -LoadModule authn_dbd_module modules/mod_authn_dbd.so -LoadModule authn_dbm_module modules/mod_authn_dbm.so -LoadModule authn_file_module modules/mod_authn_file.so -LoadModule authn_socache_module modules/mod_authn_socache.so -LoadModule authnz_fcgi_module modules/mod_authnz_fcgi.so -LoadModule authnz_ldap_module modules/mod_authnz_ldap.so -LoadModule authz_core_module modules/mod_authz_core.so -LoadModule authz_dbd_module modules/mod_authz_dbd.so -LoadModule authz_dbm_module modules/mod_authz_dbm.so -LoadModule authz_groupfile_module modules/mod_authz_groupfile.so -LoadModule authz_host_module modules/mod_authz_host.so -LoadModule authz_owner_module modules/mod_authz_owner.so -LoadModule authz_user_module modules/mod_authz_user.so -LoadModule autoindex_module modules/mod_autoindex.so -LoadModule brotli_module modules/mod_brotli.so -LoadModule bucketeer_module modules/mod_bucketeer.so -LoadModule buffer_module modules/mod_buffer.so -LoadModule cache_module modules/mod_cache.so -LoadModule cache_disk_module modules/mod_cache_disk.so -LoadModule cache_socache_module modules/mod_cache_socache.so -LoadModule case_filter_module modules/mod_case_filter.so -LoadModule case_filter_in_module modules/mod_case_filter_in.so -LoadModule cern_meta_module modules/mod_cern_meta.so -LoadModule cgi_module modules/mod_cgi.so -LoadModule cgid_module modules/mod_cgid.so -LoadModule charset_lite_module modules/mod_charset_lite.so -LoadModule data_module modules/mod_data.so -LoadModule dav_module modules/mod_dav.so -LoadModule dav_fs_module modules/mod_dav_fs.so -LoadModule dav_lock_module modules/mod_dav_lock.so -LoadModule dbd_module modules/mod_dbd.so -LoadModule deflate_module modules/mod_deflate.so -LoadModule dialup_module modules/mod_dialup.so -LoadModule dir_module modules/mod_dir.so -LoadModule dumpio_module modules/mod_dumpio.so -LoadModule echo_module modules/mod_echo.so -LoadModule env_module modules/mod_env.so -LoadModule example_hooks_module modules/mod_example_hooks.so -LoadModule example_ipc_module modules/mod_example_ipc.so -LoadModule expires_module modules/mod_expires.so -LoadModule ext_filter_module modules/mod_ext_filter.so -LoadModule file_cache_module modules/mod_file_cache.so -LoadModule filter_module modules/mod_filter.so -LoadModule headers_module modules/mod_headers.so -LoadModule status_module modules/mod_status.so -LoadModule watchdog_module modules/mod_watchdog.so -LoadModule heartbeat_module modules/mod_heartbeat.so -LoadModule heartmonitor_module modules/mod_heartmonitor.so -LoadModule http2_module modules/mod_http2.so -LoadModule ident_module modules/mod_ident.so -LoadModule imagemap_module modules/mod_imagemap.so -LoadModule include_module modules/mod_include.so -LoadModule info_module modules/mod_info.so -LoadModule isapi_module modules/mod_isapi.so -LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so -LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so -LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so -LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so -LoadModule ldap_module modules/mod_ldap.so -LoadModule log_config_module modules/mod_log_config.so -LoadModule log_debug_module modules/mod_log_debug.so -LoadModule log_forensic_module modules/mod_log_forensic.so -LoadModule logio_module modules/mod_logio.so -LoadModule lua_module modules/mod_lua.so -LoadModule macro_module modules/mod_macro.so -LoadModule md_module modules/mod_md.so -LoadModule mime_module modules/mod_mime.so -LoadModule mime_magic_module modules/mod_mime_magic.so -# LoadModule mpm_event_module modules/mod_mpm_event.so -LoadModule mpm_prefork_module modules/mod_mpm_prefork.so -#LoadModule mpm_worker_module modules/mod_mpm_worker.so -LoadModule negotiation_module modules/mod_negotiation.so -LoadModule unixd_module modules/mod_unixd.so -LoadModule optional_fn_export_module modules/mod_optional_fn_export.so -LoadModule optional_fn_import_module modules/mod_optional_fn_import.so -LoadModule optional_hook_export_module modules/mod_optional_hook_export.so -LoadModule optional_hook_import_module modules/mod_optional_hook_import.so -LoadModule proxy_module modules/mod_proxy.so -LoadModule proxy_ajp_module modules/mod_proxy_ajp.so -LoadModule proxy_balancer_module modules/mod_proxy_balancer.so -LoadModule proxy_connect_module modules/mod_proxy_connect.so -LoadModule proxy_express_module modules/mod_proxy_express.so -LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so -LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so -LoadModule proxy_ftp_module modules/mod_proxy_ftp.so -LoadModule proxy_hcheck_module modules/mod_proxy_hcheck.so -LoadModule proxy_http_module modules/mod_proxy_http.so -LoadModule proxy_http2_module modules/mod_proxy_http2.so -LoadModule proxy_scgi_module modules/mod_proxy_scgi.so -LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so -LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so -LoadModule ratelimit_module modules/mod_ratelimit.so -LoadModule reflector_module modules/mod_reflector.so -LoadModule remoteip_module modules/mod_remoteip.so -LoadModule reqtimeout_module modules/mod_reqtimeout.so -LoadModule request_module modules/mod_request.so -LoadModule rewrite_module modules/mod_rewrite.so -LoadModule sed_module modules/mod_sed.so -LoadModule session_module modules/mod_session.so -LoadModule session_cookie_module modules/mod_session_cookie.so -LoadModule session_crypto_module modules/mod_session_crypto.so -LoadModule session_dbd_module modules/mod_session_dbd.so -LoadModule setenvif_module modules/mod_setenvif.so -LoadModule slotmem_plain_module modules/mod_slotmem_plain.so -LoadModule slotmem_shm_module modules/mod_slotmem_shm.so -LoadModule socache_dbm_module modules/mod_socache_dbm.so -LoadModule socache_memcache_module modules/mod_socache_memcache.so -LoadModule socache_redis_module modules/mod_socache_redis.so -LoadModule socache_shmcb_module modules/mod_socache_shmcb.so -LoadModule speling_module modules/mod_speling.so -LoadModule ssl_module modules/mod_ssl.so -LoadModule substitute_module modules/mod_substitute.so -LoadModule suexec_module modules/mod_suexec.so -LoadModule unique_id_module modules/mod_unique_id.so -LoadModule userdir_module modules/mod_userdir.so -LoadModule usertrack_module modules/mod_usertrack.so -LoadModule version_module modules/mod_version.so -LoadModule vhost_alias_module modules/mod_vhost_alias.so -LoadModule xml2enc_module modules/mod_xml2enc.so - - -User www-data -Group www-data - - -ServerAdmin you@example.com - - - AllowOverride none - Require all denied - - -DocumentRoot "/usr/local/apache2/htdocs" - - Options Indexes FollowSymLinks - AllowOverride None - Require all granted - - - - DirectoryIndex index.html - - - - Require all denied - - -ErrorLog /proc/self/fd/2 - -LogLevel warn - - - LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined - LogFormat "%h %l %u %t \"%r\" %>s %b" common - - - LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio - - CustomLog /proc/self/fd/1 common - - - - ScriptAlias /cgi-bin/ "/usr/local/apache2/cgi-bin/" - - - - # - # ScriptSock: On threaded servers, designate the path to the UNIX - # socket used to communicate with the CGI daemon of mod_cgid. - # - #Scriptsock cgisock - - - - AllowOverride None - Options None - Require all granted - - - - RequestHeader unset Proxy early - - - - TypesConfig conf/mime.types - AddType application/x-compress .Z - AddType application/x-gzip .gz .tgz - - - -Include conf/extra/proxy-html.conf - - -SSLRandomSeed startup builtin -SSLRandomSeed connect builtin - \ No newline at end of file diff --git a/community_images/apache/official/configs/server-configs/httpd3.conf b/community_images/apache/official/configs/server-configs/httpd3.conf deleted file mode 100644 index 4cb0af5e39..0000000000 --- a/community_images/apache/official/configs/server-configs/httpd3.conf +++ /dev/null @@ -1,210 +0,0 @@ -ServerRoot "/usr/local/apache2" -Listen 80 - -# Modules -LoadModule access_compat_module modules/mod_access_compat.so -LoadModule actions_module modules/mod_actions.so -LoadModule alias_module modules/mod_alias.so -LoadModule allowmethods_module modules/mod_allowmethods.so -LoadModule asis_module modules/mod_asis.so -LoadModule auth_basic_module modules/mod_auth_basic.so -LoadModule auth_digest_module modules/mod_auth_digest.so -LoadModule auth_form_module modules/mod_auth_form.so -LoadModule authn_anon_module modules/mod_authn_anon.so -LoadModule authn_core_module modules/mod_authn_core.so -LoadModule authn_dbd_module modules/mod_authn_dbd.so -LoadModule authn_dbm_module modules/mod_authn_dbm.so -LoadModule authn_file_module modules/mod_authn_file.so -LoadModule authn_socache_module modules/mod_authn_socache.so -LoadModule authnz_fcgi_module modules/mod_authnz_fcgi.so -LoadModule authnz_ldap_module modules/mod_authnz_ldap.so -LoadModule authz_core_module modules/mod_authz_core.so -LoadModule authz_dbd_module modules/mod_authz_dbd.so -LoadModule authz_dbm_module modules/mod_authz_dbm.so -LoadModule authz_groupfile_module modules/mod_authz_groupfile.so -LoadModule authz_host_module modules/mod_authz_host.so -LoadModule authz_owner_module modules/mod_authz_owner.so -LoadModule authz_user_module modules/mod_authz_user.so -LoadModule autoindex_module modules/mod_autoindex.so -LoadModule brotli_module modules/mod_brotli.so -LoadModule bucketeer_module modules/mod_bucketeer.so -LoadModule buffer_module modules/mod_buffer.so -LoadModule cache_module modules/mod_cache.so -LoadModule cache_disk_module modules/mod_cache_disk.so -LoadModule cache_socache_module modules/mod_cache_socache.so -LoadModule case_filter_module modules/mod_case_filter.so -LoadModule case_filter_in_module modules/mod_case_filter_in.so -LoadModule cern_meta_module modules/mod_cern_meta.so -LoadModule cgi_module modules/mod_cgi.so -LoadModule cgid_module modules/mod_cgid.so -LoadModule charset_lite_module modules/mod_charset_lite.so -LoadModule data_module modules/mod_data.so -LoadModule dav_module modules/mod_dav.so -LoadModule dav_fs_module modules/mod_dav_fs.so -LoadModule dav_lock_module modules/mod_dav_lock.so -LoadModule dbd_module modules/mod_dbd.so -LoadModule deflate_module modules/mod_deflate.so -LoadModule dialup_module modules/mod_dialup.so -LoadModule dir_module modules/mod_dir.so -LoadModule dumpio_module modules/mod_dumpio.so -LoadModule echo_module modules/mod_echo.so -LoadModule env_module modules/mod_env.so -LoadModule example_hooks_module modules/mod_example_hooks.so -LoadModule example_ipc_module modules/mod_example_ipc.so -LoadModule expires_module modules/mod_expires.so -LoadModule ext_filter_module modules/mod_ext_filter.so -LoadModule file_cache_module modules/mod_file_cache.so -LoadModule filter_module modules/mod_filter.so -LoadModule headers_module modules/mod_headers.so -LoadModule status_module modules/mod_status.so -LoadModule watchdog_module modules/mod_watchdog.so -LoadModule heartbeat_module modules/mod_heartbeat.so -LoadModule heartmonitor_module modules/mod_heartmonitor.so -LoadModule http2_module modules/mod_http2.so -LoadModule ident_module modules/mod_ident.so -LoadModule imagemap_module modules/mod_imagemap.so -LoadModule include_module modules/mod_include.so -LoadModule info_module modules/mod_info.so -LoadModule isapi_module modules/mod_isapi.so -LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so -LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so -LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so -LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so -LoadModule ldap_module modules/mod_ldap.so -LoadModule log_config_module modules/mod_log_config.so -LoadModule log_debug_module modules/mod_log_debug.so -LoadModule log_forensic_module modules/mod_log_forensic.so -LoadModule logio_module modules/mod_logio.so -LoadModule lua_module modules/mod_lua.so -LoadModule macro_module modules/mod_macro.so -LoadModule md_module modules/mod_md.so -LoadModule mime_module modules/mod_mime.so -LoadModule mime_magic_module modules/mod_mime_magic.so -# LoadModule mpm_event_module modules/mod_mpm_event.so -#LoadModule mpm_prefork_module modules/mod_mpm_prefork.so -LoadModule mpm_worker_module modules/mod_mpm_worker.so -LoadModule negotiation_module modules/mod_negotiation.so -LoadModule unixd_module modules/mod_unixd.so -LoadModule optional_fn_export_module modules/mod_optional_fn_export.so -LoadModule optional_fn_import_module modules/mod_optional_fn_import.so -LoadModule optional_hook_export_module modules/mod_optional_hook_export.so -LoadModule optional_hook_import_module modules/mod_optional_hook_import.so -LoadModule proxy_module modules/mod_proxy.so -LoadModule proxy_ajp_module modules/mod_proxy_ajp.so -LoadModule proxy_balancer_module modules/mod_proxy_balancer.so -LoadModule proxy_connect_module modules/mod_proxy_connect.so -LoadModule proxy_express_module modules/mod_proxy_express.so -LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so -LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so -LoadModule proxy_ftp_module modules/mod_proxy_ftp.so -LoadModule proxy_hcheck_module modules/mod_proxy_hcheck.so -LoadModule proxy_http_module modules/mod_proxy_http.so -LoadModule proxy_http2_module modules/mod_proxy_http2.so -LoadModule proxy_scgi_module modules/mod_proxy_scgi.so -LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so -LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so -LoadModule ratelimit_module modules/mod_ratelimit.so -LoadModule reflector_module modules/mod_reflector.so -LoadModule remoteip_module modules/mod_remoteip.so -LoadModule reqtimeout_module modules/mod_reqtimeout.so -LoadModule request_module modules/mod_request.so -LoadModule rewrite_module modules/mod_rewrite.so -LoadModule sed_module modules/mod_sed.so -LoadModule session_module modules/mod_session.so -LoadModule session_cookie_module modules/mod_session_cookie.so -LoadModule session_crypto_module modules/mod_session_crypto.so -LoadModule session_dbd_module modules/mod_session_dbd.so -LoadModule setenvif_module modules/mod_setenvif.so -LoadModule slotmem_plain_module modules/mod_slotmem_plain.so -LoadModule slotmem_shm_module modules/mod_slotmem_shm.so -LoadModule socache_dbm_module modules/mod_socache_dbm.so -LoadModule socache_memcache_module modules/mod_socache_memcache.so -LoadModule socache_redis_module modules/mod_socache_redis.so -LoadModule socache_shmcb_module modules/mod_socache_shmcb.so -LoadModule speling_module modules/mod_speling.so -LoadModule ssl_module modules/mod_ssl.so -LoadModule substitute_module modules/mod_substitute.so -LoadModule suexec_module modules/mod_suexec.so -LoadModule unique_id_module modules/mod_unique_id.so -LoadModule userdir_module modules/mod_userdir.so -LoadModule usertrack_module modules/mod_usertrack.so -LoadModule version_module modules/mod_version.so -LoadModule vhost_alias_module modules/mod_vhost_alias.so -LoadModule xml2enc_module modules/mod_xml2enc.so - - -User www-data -Group www-data - - -ServerAdmin you@example.com - - - AllowOverride none - Require all denied - - -DocumentRoot "/usr/local/apache2/htdocs" - - Options Indexes FollowSymLinks - AllowOverride None - Require all granted - - - - DirectoryIndex index.html - - - - Require all denied - - -ErrorLog /proc/self/fd/2 - -LogLevel warn - - - LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined - LogFormat "%h %l %u %t \"%r\" %>s %b" common - - - LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio - - CustomLog /proc/self/fd/1 common - - - - ScriptAlias /cgi-bin/ "/usr/local/apache2/cgi-bin/" - - - - # - # ScriptSock: On threaded servers, designate the path to the UNIX - # socket used to communicate with the CGI daemon of mod_cgid. - # - #Scriptsock cgisock - - - - AllowOverride None - Options None - Require all granted - - - - RequestHeader unset Proxy early - - - - TypesConfig conf/mime.types - AddType application/x-compress .Z - AddType application/x-gzip .gz .tgz - - - -Include conf/extra/proxy-html.conf - - -SSLRandomSeed startup builtin -SSLRandomSeed connect builtin - \ No newline at end of file diff --git a/community_images/apache/official/dc_coverage.sh b/community_images/apache/official/dc_coverage.sh deleted file mode 100755 index 17438d0a22..0000000000 --- a/community_images/apache/official/dc_coverage.sh +++ /dev/null @@ -1,56 +0,0 @@ -#!/bin/bash - -set -x -set -e - -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -# shellcheck disable=SC1091 -. "${SCRIPTPATH}"/../../common/scripts/bash_helper.sh - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" - -PROJECT_NAME=$(jq -r '.project_name' < "$JSON_PARAMS") - -CONTAINER_NAME="${PROJECT_NAME}"-apache-1 - -# checking all modules and config test -docker exec -i "${CONTAINER_NAME}" ls -docker exec -i "${CONTAINER_NAME}" httpd -M -docker exec -i "${CONTAINER_NAME}" apachectl configtest - -# log for debugging -docker inspect "${CONTAINER_NAME}" - -# find non-tls and tls port -docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"80/tcp\"[0].HostPort" -docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"443/tcp\"[0].HostPort" -NON_TLS_PORT=$(docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"80/tcp\"[0].HostPort") -TLS_PORT=$(docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"443/tcp\"[0].HostPort") - -# run curl in loop for different endpoints -# Apache Server 1 (MPM Event module enabled, ssl enabled) -for i in {1..5}; -do - echo "Attempt on Apache-server-1 $i" - curl http://localhost:"${NON_TLS_PORT}" - with_backoff curl https://localhost:"${TLS_PORT}" -k -v -done -# Apache Server 2 (MPM Prefork module enabled) -NON_TLS_PORT=$(docker inspect "${PROJECT_NAME}"-apache-prefork-mpm-1 | jq -r ".[].NetworkSettings.Ports.\"80/tcp\"[0].HostPort") -for i in {1..5}; -do - echo "Attempt on Apache-server-2 $i" - curl http://localhost:"${NON_TLS_PORT}" -done -# Apache Server 3 (MPM Worker module enable) -NON_TLS_PORT=$(docker inspect "${PROJECT_NAME}"-apache-worker-mpm-1 | jq -r ".[].NetworkSettings.Ports.\"80/tcp\"[0].HostPort") -for i in {1..5}; -do - echo "Attempt on Apache-server-3 $i" - curl http://localhost:"${NON_TLS_PORT}" -done diff --git a/community_images/apache/official/docker-compose.yml b/community_images/apache/official/docker-compose.yml deleted file mode 100755 index 0b3bd990b7..0000000000 --- a/community_images/apache/official/docker-compose.yml +++ /dev/null @@ -1,38 +0,0 @@ -version: '2' - -services: - apache: - image: ${APACHE_OFFICIAL_IMAGE_REPOSITORY}:${APACHE_OFFICIAL_IMAGE_TAG} - user: root - volumes: - - ./configs/index.html:/usr/local/apache2/htdocs/index.html - - ./configs/server-configs/httpd1.conf:/usr/local/apache2/conf/httpd.conf - - ./certs/server.crt:/usr/local/apache2/conf/server.crt - - ./certs/server.key:/usr/local/apache2/conf/server.key - cap_add: - - SYS_PTRACE - ports: - - "0.0.0.0::80" - - "0.0.0.0::443" - apache-prefork-mpm: - image: ${APACHE_OFFICIAL_IMAGE_REPOSITORY}:${APACHE_OFFICIAL_IMAGE_TAG} - user: root - volumes: - - ./configs/index.html:/usr/local/apache2/htdocs/index.html - - ./configs/server-configs/httpd2.conf:/usr/local/apache2/conf/httpd.conf - cap_add: - - SYS_PTRACE - ports: - - "0.0.0.0::80" - - "0.0.0.0::443" - apache-worker-mpm: - image: ${APACHE_OFFICIAL_IMAGE_REPOSITORY}:${APACHE_OFFICIAL_IMAGE_TAG} - user: root - volumes: - - ./configs/index.html:/usr/local/apache2/htdocs/index.html - - ./configs/server-configs/httpd3.conf:/usr/local/apache2/conf/httpd.conf - cap_add: - - SYS_PTRACE - ports: - - "0.0.0.0::80" - - "0.0.0.0::443" diff --git a/community_images/apache/official/docker_coverage.sh b/community_images/apache/official/docker_coverage.sh deleted file mode 100755 index b8a3e0a460..0000000000 --- a/community_images/apache/official/docker_coverage.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash - -set -x -set -e - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker coverage = $JSON" - -APACHE_HOST=$(jq -r '.container_details."apache-official".ip_address' < "$JSON_PARAMS") - -# Install Apache benchmark testing tool -sudo apt-get install apache2-utils -y -sudo apt-get install apache2 -y - -# testing using apache benchmark tool -ab -t 100 -n 10000 -c 10 http://"${APACHE_HOST}":80/ diff --git a/community_images/apache/official/image.yml b/community_images/apache/official/image.yml deleted file mode 100755 index 954e717897..0000000000 --- a/community_images/apache/official/image.yml +++ /dev/null @@ -1,48 +0,0 @@ -name: apache-official -official_name: Apache Official -official_website: https://httpd.apache.org/ -source_image_provider: The Docker Community -source_image_repo: docker.io/library/httpd -source_image_repo_link: https://hub.docker.com/_/httpd -source_image_readme: https://github.com/docker-library/docs/blob/master/httpd/README.md -rf_docker_link: rapidfort/apache-official -image_workflow_name: apache_official -github_location: apache/official -report_url: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fhttpd -usage_instructions: | - # Using docker run: - $ docker run -dit --name my-apache-app -p 8080:80 -v "$PWD":/usr/local/apache2/htdocs/ rapidfort/apache-official - # PWD can be replaced with the directory containing all your HTML. -what_is_text: | - The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows. httpd is the Apache HyperText Transfer Protocol (HTTP) server program. It is designed to be run as a standalone daemon process. When used like this it will create a pool of child processes or threads to handle requests. -disclaimer: | - Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. -docker_links: - - "[`2.4.54`, `2.4`, `2`, `latest`, `2.4.54-bullseye`, `2.4-bullseye`, `2-bullseye`, `bullseye`](https://github.com/docker-library/httpd/blob/f3b7fd9c8ef59d1ad46c8b2a27df3e02d822834f/2.4/Dockerfile)" - - "[`2.4.54-alpine`, `2.4-alpine`, `2-alpine`, `alpine`, `2.4.54-alpine3.16`, `2.4-alpine3.16`, `2-alpine3.16`, `alpine3.16`](https://github.com/docker-library/httpd/blob/f3b7fd9c8ef59d1ad46c8b2a27df3e02d822834f/2.4/alpine/Dockerfile)" -input_registry: - registry: docker.io - account: library -repo_sets: - - httpd: - input_base_tag: "2.4.*-bullseye" - output_repo: apache-official - - httpd: - input_base_tag: "2.4.*-alpine" - output_repo: apache-official -runtimes: - - type: docker_compose - script: dc_coverage.sh - compose_file: docker-compose.yml - tls_certs: - generate: true - out_dir: certs - image_keys: - apache-official: - repository: "APACHE_OFFICIAL_IMAGE_REPOSITORY" - tag: "APACHE_OFFICIAL_IMAGE_TAG" - - type: docker - script: docker_coverage.sh - tls_certs: - generate: true - out_dir: certs diff --git a/community_images/apache/official/overrides.yml b/community_images/apache/official/overrides.yml deleted file mode 100755 index f201e68505..0000000000 --- a/community_images/apache/official/overrides.yml +++ /dev/null @@ -1,18 +0,0 @@ -image: - pullSecrets: ["rf-regcred"] - pullPolicy: Always -containerSecurityContext: - enabled: true - runAsUser: 1001 - allowPrivilegeEscalation: true - capabilities: - add: ["SYS_PTRACE"] -extraEnvVars: - - name: "RF_VERBOSE" - value: "0" -livenessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 -readinessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 diff --git a/community_images/cassandra/official/README.md b/community_images/cassandra/official/README.md deleted file mode 100644 index 6a12bf854a..0000000000 --- a/community_images/cassandra/official/README.md +++ /dev/null @@ -1,142 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for Cassandra Official - -RapidFort’s container optimization process hardened this Cassandra Official container. This container is free to use and has no license limitations. - -It is the same as the [Apache Cassandra Cassandra Official][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is Cassandra Official? - -> Apache Cassandra is an open source distributed database management system designed to handle large amounts of data across many commodity servers, providing high availability with no single point of failure. Cassandra offers robust support for clusters spanning multiple datacenters, with asynchronous masterless replication allowing low latency operations for all clients. - - -[Overview of Cassandra Official](https://cassandra.apache.org/) - -Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - - -## How do I use this hardened Cassandra Official image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -# Using docker run: -$ docker run --name some-cassandra -d cassandra:latest - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [Apache Cassandra Cassandra Official][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [Apache Cassandra Cassandra Official][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/cassandra-official][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links -* [`4.0.7`, `4.0`, `4`, `latest`](https://github.com/docker-library/cassandra/blob/08fa5553ad2dde684ca5337c7fedd173cbc41f39/4.0/Dockerfile) -* [`3.11.14`, `3.11`, `3`](https://github.com/docker-library/cassandra/blob/13e3d6ca1ff1b6c9d780e5f018887c1d28318d50/3.11/Dockerfile) -* [`3.0.28`, `3.0`](https://github.com/docker-library/cassandra/blob/e92196fdba778656678a9bc9bcb724b8a3584149/3.0/Dockerfile) - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=cassandra-official&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fcassandra?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=cassandra-official&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fcassandra?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=cassandra-official&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fcassandra?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=cassandra-official&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fcassandra?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=cassandra-official&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fcassandra?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=cassandra-official&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/cassandra-official?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/cassandra-official?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/cassandra/official/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/cassandra/official/assets/cve_reduction.webp - -[source-image-repo-link]: https://hub.docker.com/_/cassandra -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/cassandra-official diff --git a/community_images/cassandra/official/assets/cve_reduction.webp b/community_images/cassandra/official/assets/cve_reduction.webp deleted file mode 100644 index 9dca80e60b..0000000000 Binary files a/community_images/cassandra/official/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/cassandra/official/assets/metrics.webp b/community_images/cassandra/official/assets/metrics.webp deleted file mode 100644 index 75be73068d..0000000000 Binary files a/community_images/cassandra/official/assets/metrics.webp and /dev/null differ diff --git a/community_images/cassandra/official/dc_coverage.sh b/community_images/cassandra/official/dc_coverage.sh deleted file mode 100755 index f1ac20c2fa..0000000000 --- a/community_images/cassandra/official/dc_coverage.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/bash - -set -x -set -e - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" - -# Sleep -sleep 60 - -# Fetching container Name -PROJECT_NAME=$(jq -r '.project_name' < "$JSON_PARAMS") -CONTAINER_NAME="${PROJECT_NAME}"-cassandra-1 - -# executing tests in the container -docker exec -i "${CONTAINER_NAME}" bash -c 'cqlsh -u cassandra -p cassandra < /opt/test.cql' - -sleep 10 \ No newline at end of file diff --git a/community_images/cassandra/official/docker-compose.yml b/community_images/cassandra/official/docker-compose.yml deleted file mode 100644 index ab7b5a67cc..0000000000 --- a/community_images/cassandra/official/docker-compose.yml +++ /dev/null @@ -1,20 +0,0 @@ -version: '2' -services: - cassandra: - image: ${CASSANDRA_OFFICIAL_IMAGE_REPOSITORY}:${CASSANDRA_OFFICIAL_IMAGE_TAG} - ports: - - '0.0.0.0::7000' - - '0.0.0.0::9042' - volumes: - - './tests/test.cql:/opt/test.cql' - environment: - - CASSANDRA_SEEDS=cassandra - - CASSANDRA_CLUSTER_NAME=cassandra-cluster - - CASSANDRA_PASSWORD_SEEDER=yes - - CASSANDRA_PASSWORD=cassandra - # By default, Cassandra autodetects the available host memory and takes as much as it can. - # Therefore, memory options are mandatory if multiple Cassandras are launched in the same node. - - MAX_HEAP_SIZE=256M - - HEAP_NEWSIZE=200M - cap_add: - - SYS_PTRACE diff --git a/community_images/cassandra/official/docker_coverage.sh b/community_images/cassandra/official/docker_coverage.sh deleted file mode 100755 index 9f6ab067ac..0000000000 --- a/community_images/cassandra/official/docker_coverage.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash - -set -x -set -e - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker coverage = $JSON" - -RAPIDFORT_ACCOUNT="${RAPIDFORT_ACCOUNT:-rapidfort}" -NAMESPACE=$(jq -r '.namespace_name' < "$JSON_PARAMS") - -# get docker host ip -#CASSANDRA_HOST=$(jq -r '.container_details."cassandra-official".ip_address' < "$JSON_PARAMS") -REPO_PATH=$(jq -r '.image_tag_details."cassandra-official".repo_path' < "$JSON_PARAMS") -TAG=$(jq -r '.image_tag_details."cassandra-official".tag' < "$JSON_PARAMS") - -# run docker -docker run --rm -i --cap-add=SYS_PTRACE --name="${NAMESPACE}"-"$(date +%s)" -d "${REPO_PATH}:${TAG}" diff --git a/community_images/cassandra/official/image.yml b/community_images/cassandra/official/image.yml deleted file mode 100644 index 67b39e7b8a..0000000000 --- a/community_images/cassandra/official/image.yml +++ /dev/null @@ -1,47 +0,0 @@ -name: cassandra-official -official_name: Cassandra Official -official_website: https://cassandra.apache.org/ -source_image_provider: Apache Cassandra -source_image_repo: docker.io/library/cassandra -source_image_repo_link: https://hub.docker.com/_/cassandra -source_image_readme: https://github.com/docker-library/cassandra/blob/master/README.md -rf_docker_link: rapidfort/cassandra-official -image_workflow_name: cassandra_official -github_location: cassandra/official -report_url: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fcassandra -usage_instructions: | - # Using docker run: - $ docker run --name some-cassandra -d cassandra:latest -what_is_text: | - Apache Cassandra is an open source distributed database management system designed to handle large amounts of data across many commodity servers, providing high availability with no single point of failure. Cassandra offers robust support for clusters spanning multiple datacenters, with asynchronous masterless replication allowing low latency operations for all clients. -disclaimer: | - Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. -docker_links: - - "[`4.0.7`, `4.0`, `4`, `latest`](https://github.com/docker-library/cassandra/blob/08fa5553ad2dde684ca5337c7fedd173cbc41f39/4.0/Dockerfile)" - - "[`3.11.14`, `3.11`, `3`](https://github.com/docker-library/cassandra/blob/13e3d6ca1ff1b6c9d780e5f018887c1d28318d50/3.11/Dockerfile)" - - "[`3.0.28`, `3.0`](https://github.com/docker-library/cassandra/blob/e92196fdba778656678a9bc9bcb724b8a3584149/3.0/Dockerfile)" -input_registry: - registry: docker.io - account: library -repo_sets: - - cassandra: - input_base_tag: "4.0.*" - output_repo: cassandra-official - - cassandra: - input_base_tag: "3.11.*" - output_repo: cassandra-official - - cassandra: - input_base_tag: "3.0.*" - output_repo: cassandra-official -runtimes: - - type: docker_compose - script: dc_coverage.sh - compose_file: docker-compose.yml - wait_time_sec: 60 - image_keys: - cassandra-official: - repository: "CASSANDRA_OFFICIAL_IMAGE_REPOSITORY" - tag: "CASSANDRA_OFFICIAL_IMAGE_TAG" - - type: docker - script: docker_coverage.sh - cassandra-official: {} diff --git a/community_images/cassandra/official/tests/test.cql b/community_images/cassandra/official/tests/test.cql deleted file mode 100644 index 9f3caf916c..0000000000 --- a/community_images/cassandra/official/tests/test.cql +++ /dev/null @@ -1,64 +0,0 @@ - -CREATE KEYSPACE schema1 WITH replication = { 'class' : 'SimpleStrategy', 'replication_factor' : 1 }; - -USE schema1; - -CREATE TABLE users ( - user_id varchar PRIMARY KEY, - first varchar, - last varchar, - age int - ); - -INSERT INTO users (user_id, first, last, age) - VALUES ('jsmith', 'John', 'Smith', 42); - -SELECT * FROM users; - - -CREATE TABLE schema1.cyclist_points ( - id UUID, - firstname text, - lastname text, - race_title text, - race_points int, - PRIMARY KEY (id, race_points )); - - -CREATE TABLE parts (part_type text,part_name text,part_num int,part_year text,serial_num text,PRIMARY KEY ((part_type, part_name), part_num, part_year)); - - -SELECT sum(race_points) FROM schema1.cyclist_points WHERE id=e3b19ec4-774a-4d1c-9e5a-decec1e30aac AND race_points > 7; - - -CREATE TABLE ruling_stewards ( - steward_name text, - king text, - reign_start int, - event text, - PRIMARY KEY (steward_name, king, reign_start) -); - -SELECT * FROM ruling_stewards -WHERE king = 'Brego' - AND reign_start >= 2450 - AND reign_start < 2500 -ALLOW FILTERING; - - -Select * -FROM ruling_stewards -WHERE king = 'none' - AND reign_start >= 1500 - AND reign_start < 3000 -LIMIT 10 -ALLOW FILTERING; - - - -exit - - - - - diff --git a/community_images/consul/bitnami/.rfignore b/community_images/consul/bitnami/.rfignore deleted file mode 100644 index df9296ac6d..0000000000 --- a/community_images/consul/bitnami/.rfignore +++ /dev/null @@ -1,4 +0,0 @@ -opt/bitnami/common/licenses -opt/bitnami/consul/licenses -opt/bitnami/licenses -usr/share/common-licenses diff --git a/community_images/consul/bitnami/README.md b/community_images/consul/bitnami/README.md deleted file mode 100644 index 1809a9d9d2..0000000000 --- a/community_images/consul/bitnami/README.md +++ /dev/null @@ -1,142 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for Consul - -RapidFort’s container optimization process hardened this Consul container. This container is free to use and has no license limitations. - -It is the same as the [Bitnami Consul][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is Consul? - -> Consul is a service networking solution to automate network configurations, discover services, and enable secure connectivity across any cloud or runtime. - - -[Overview of Consul](https://www.consul.io/) - -Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - - -## How do I use this hardened Consul image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -$ helm repo add bitnami https://charts.bitnami.com/consul - -# install consul, just replace repository with RapidFort registry -$ helm install my-consul bitnami/consul --set image.repository=rapidfort/consul - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [Bitnami Consul][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [Bitnami Consul][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/consul][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links -* [`1`, `1-debian-11`, `1.17.0`, `1.17.0-debian-11-r` (1/debian-11/Dockerfile)](https://github.com/bitnami/containers/tree/main/bitnami/consul/1/debian-11/Dockerfile) - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=consul&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fconsul?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=consul&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fconsul?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=consul&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fconsul?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=consul&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fconsul?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=consul&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fconsul?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=consul&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/consul?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/consul?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/consul/bitnami/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/consul/bitnami/assets/cve_reduction.webp - -[source-image-repo-link]: https://hub.docker.com/r/bitnami/consul -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/consul diff --git a/community_images/consul/bitnami/assets/cve_reduction.webp b/community_images/consul/bitnami/assets/cve_reduction.webp deleted file mode 100644 index 1de5cbabb3..0000000000 Binary files a/community_images/consul/bitnami/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/consul/bitnami/assets/metrics.webp b/community_images/consul/bitnami/assets/metrics.webp deleted file mode 100644 index 8b5fbded74..0000000000 Binary files a/community_images/consul/bitnami/assets/metrics.webp and /dev/null differ diff --git a/community_images/consul/bitnami/configs/acls/consul-anonymous-token-policy.hcl b/community_images/consul/bitnami/configs/acls/consul-anonymous-token-policy.hcl deleted file mode 100644 index 440255a572..0000000000 --- a/community_images/consul/bitnami/configs/acls/consul-anonymous-token-policy.hcl +++ /dev/null @@ -1,6 +0,0 @@ -node_prefix "" { - policy = "write" -} -service_prefix "" { - policy = "read" -} \ No newline at end of file diff --git a/community_images/consul/bitnami/configs/sample_service.json b/community_images/consul/bitnami/configs/sample_service.json deleted file mode 100644 index d83aabaa04..0000000000 --- a/community_images/consul/bitnami/configs/sample_service.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "service": { - "name": "web", - "tags": [ - "rails" - ], - "port": 80 - } - } \ No newline at end of file diff --git a/community_images/consul/bitnami/configs/server.json b/community_images/consul/bitnami/configs/server.json deleted file mode 100644 index 22830d3117..0000000000 --- a/community_images/consul/bitnami/configs/server.json +++ /dev/null @@ -1,23 +0,0 @@ -{ - "datacenter":"dc1", - "domain":"consul", - "data_dir":"/opt/bitnami/consul/data", - "server":true, - "ui":true, - "bootstrap_expect":1, - "addresses": { - "http":"0.0.0.0" - }, - "ports": { - "http":8500, - "dns":8600, - "serf_lan":8301, - "server":8300 - }, - "acl": { - "enabled":true, - "default_policy":"allow", - "enable_token_persistence":true - }, - "node_name": "consul-server1" -} \ No newline at end of file diff --git a/community_images/consul/bitnami/dc_acl_coverage.sh b/community_images/consul/bitnami/dc_acl_coverage.sh deleted file mode 100755 index ae38a2cb50..0000000000 --- a/community_images/consul/bitnami/dc_acl_coverage.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash - -set -x -set -e - -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -# shellcheck disable=SC1091 -. "${SCRIPTPATH}"/../../common/scripts/bash_helper.sh - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" - -# Consul ACLs -docker exec -i consul-server1 consul acl bootstrap \ No newline at end of file diff --git a/community_images/consul/bitnami/dc_coverage.sh b/community_images/consul/bitnami/dc_coverage.sh deleted file mode 100755 index 32ad476178..0000000000 --- a/community_images/consul/bitnami/dc_coverage.sh +++ /dev/null @@ -1,62 +0,0 @@ -#!/bin/bash - -set -x -set -e - -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -# shellcheck disable=SC1091 -. "${SCRIPTPATH}"/../../common/scripts/bash_helper.sh - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" - -PROJECT_NAME=$(jq -r '.project_name' < "$JSON_PARAMS") - -# Container name for consul-node1 -CONTAINER_NAME="${PROJECT_NAME}"-consul-node1-1 - -# Wait for all the member nodes to get in sync -sleep 20 - -# Exec into consul server(node1) and run coverage scrip(Additional: This script also has instructions to register a sample service) -docker exec -i "${CONTAINER_NAME}" bash -c /opt/bitnami/scripts/coverage_script.sh - -# log for debugging -docker inspect "${CONTAINER_NAME}" - -# find non-tls and tls port -docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"8300/tcp\"[0].HostPort" -docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"8301/tcp\"[0].HostPort" -docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"8301/udp\"[0].HostPort" -docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"8500/tcp\"[0].HostPort" -docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"8600/tcp\"[0].HostPort" -docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"8600/udp\"[0].HostPort" - -# Checking Consul members list in all server and client nodes -docker exec -i "${PROJECT_NAME}"-consul-node2-1 consul members -docker exec -i "${PROJECT_NAME}"-consul-node3-1 consul members -docker exec -i "${PROJECT_NAME}"-consul-node4-1 consul members - -# Reloading consul config on all containers -docker exec -i "${PROJECT_NAME}"-consul-node2-1 consul reload -docker exec -i "${PROJECT_NAME}"-consul-node3-1 consul reload -docker exec -i "${PROJECT_NAME}"-consul-node4-1 consul reload - -# Wait for all the member nodes to get in sync -sleep 30 - -# exec into consul client(node4) and run coverage script -docker exec -i "${PROJECT_NAME}"-consul-node4-1 bash -c /opt/bitnami/scripts/coverage_script.sh - -# Query our service using DNS API and HTTP API on consul-node1 via consul-node3 -docker exec -i "${PROJECT_NAME}"-consul-node3-1 bash -c /opt/bitnami/scripts/coverage_script.sh - -# Deregistering/removing sample service in consul-node1 -docker exec -i "${CONTAINER_NAME}" consul services deregister /consul.d/sample_service.json - -# Shutting down consul -docker exec -i "${PROJECT_NAME}"-consul-node2-1 consul leave \ No newline at end of file diff --git a/community_images/consul/bitnami/docker-compose-acl.yml b/community_images/consul/bitnami/docker-compose-acl.yml deleted file mode 100755 index dbcf0e50e8..0000000000 --- a/community_images/consul/bitnami/docker-compose-acl.yml +++ /dev/null @@ -1,30 +0,0 @@ -version: '2' - -services: - - consul-server1: - image: ${CONSUL_IMAGE_REPOSITORY}:${CONSUL_IMAGE_TAG} - user: root - container_name: consul-server1 - restart: always - environment: - - CONSUL_RETRY_JOIN_ADDRESS=consul-server1 - volumes: - - ./configs/server.json:/server.json - - ./configs/acls/:/opt/bitnami/consul/conf/acls/ - networks: - - consul - cap_add: - - SYS_PTRACE - ports: - - '0.0.0.0::8300' - - '0.0.0.0::8301' - - '0.0.0.0::8301/udp' - - '0.0.0.0::8500' - - '0.0.0.0::8600' - - '0.0.0.0::8600/udp' - command: "consul agent -server -bootstrap-expect=1 -retry-join=consul-server1 -config-file=server.json" - -networks: - consul: - driver: bridge \ No newline at end of file diff --git a/community_images/consul/bitnami/docker-compose.yml b/community_images/consul/bitnami/docker-compose.yml deleted file mode 100755 index c6ff80b57a..0000000000 --- a/community_images/consul/bitnami/docker-compose.yml +++ /dev/null @@ -1,96 +0,0 @@ -version: '2' - -services: - consul-node1: - image: ${CONSUL_IMAGE_REPOSITORY}:${CONSUL_IMAGE_TAG} - user: root - restart: always - environment: - - CONSUL_BOOTSTRAP_EXPECT=3 - - CONSUL_CLIENT_LAN_ADDRESS=0.0.0.0 - - CONSUL_DISABLE_KEYRING_FILE=true - - CONSUL_RETRY_JOIN_ADDRESS=consul-node1 - networks: - - consul - ports: - - '0.0.0.0::8300' - - '0.0.0.0::8301' - - '0.0.0.0::8301/udp' - - '0.0.0.0::8500' - - '0.0.0.0::8600' - - '0.0.0.0::8600/udp' - cap_add: - - SYS_PTRACE - volumes: - - 'consul-node1_data:/bitnami' - - ./scripts/server_coverage_script.sh:/opt/bitnami/scripts/coverage_script.sh - - ./configs/sample_service.json:/consul.d/sample_service.json - - consul-node2: - image: ${CONSUL_IMAGE_REPOSITORY}:${CONSUL_IMAGE_TAG} - user: root - restart: always - environment: - - CONSUL_BOOTSTRAP_EXPECT=3 - - CONSUL_CLIENT_LAN_ADDRESS=0.0.0.0 - - CONSUL_DISABLE_KEYRING_FILE=true - - CONSUL_RETRY_JOIN_ADDRESS=consul-node1 - - CONSUL_ENABLE_UI=true - networks: - - consul - cap_add: - - SYS_PTRACE - depends_on: - - consul-node1 - volumes: - - 'consul-node2_data:/bitnami' - - consul-node3: - image: bitnami/consul - user: root - restart: always - environment: - - CONSUL_BOOTSTRAP_EXPECT=3 - - CONSUL_CLIENT_LAN_ADDRESS=0.0.0.0 - - CONSUL_DISABLE_KEYRING_FILE=true - - CONSUL_RETRY_JOIN_ADDRESS=consul-node1 - - CONSUL_ENABLE_UI=false - networks: - - consul - cap_add: - - SYS_PTRACE - depends_on: - - consul-node1 - volumes: - - 'consul-node3_data:/bitnami' - - ./scripts/client_container_test.sh:/opt/bitnami/scripts/coverage_script.sh - - consul-node4: - image: ${CONSUL_IMAGE_REPOSITORY}:${CONSUL_IMAGE_TAG} - user: root - restart: always - networks: - - consul - cap_add: - - SYS_PTRACE - volumes: - - 'consul-node4_data:/bitnami' - - ./scripts/client_coverage_script.sh:/opt/bitnami/scripts/coverage_script.sh - depends_on: - - consul-node1 - - consul-node2 - - consul-node3 - command: "consul agent -data-dir=/opt/bitnami/consul -join=consul-node1" - -networks: - consul: - driver: bridge -volumes: - consul-node1_data: - driver: local - consul-node2_data: - driver: local - consul-node3_data: - driver: local - consul-node4_data: - driver: local diff --git a/community_images/consul/bitnami/image.yml b/community_images/consul/bitnami/image.yml deleted file mode 100644 index a2bd88ae12..0000000000 --- a/community_images/consul/bitnami/image.yml +++ /dev/null @@ -1,62 +0,0 @@ -name: consul -official_name: Consul -official_website: https://www.consul.io/ -source_image_provider: Bitnami -source_image_repo: docker.io/bitnami/consul -source_image_repo_link: https://hub.docker.com/r/bitnami/consul -source_image_readme: https://github.com/bitnami/containers/blob/main/bitnami/consul/README.md -rf_docker_link: rapidfort/consul -image_workflow_name: consul_bitnami -github_location: consul/bitnami -report_url: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fconsul -usage_instructions: | - $ helm repo add bitnami https://charts.bitnami.com/consul - - # install consul, just replace repository with RapidFort registry - $ helm install my-consul bitnami/consul --set image.repository=rapidfort/consul -what_is_text: | - Consul is a service networking solution to automate network configurations, discover services, and enable secure connectivity across any cloud or runtime. -disclaimer: | - Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. -input_registry: - registry: docker.io - account: bitnami -repo_sets: - - consul: - input_base_tag: "1.16.2-debian-11-r" -runtimes: - - type: docker_compose - script: dc_coverage.sh - compose_file: docker-compose.yml - tls_certs: - generate: true - out_dir: certs - image_keys: - consul: - repository: "CONSUL_IMAGE_REPOSITORY" - tag: "CONSUL_IMAGE_TAG" - - type: k8s - script: k8s_coverage.sh - helm: - repo: bitnami - repo_url: https://charts.bitnami.com/bitnami - chart: consul - tls_certs: - generate: true - secret_name: localhost-server-tls - common_name: localhost - image_keys: - apache: - repository: "image.repository" - tag: "image.tag" - override_file: "overrides.yml" - - type: docker_compose - script: dc_acl_coverage.sh - compose_file: docker-compose-acl.yml - tls_certs: - generate: true - out_dir: certs - image_keys: - consul: - repository: "CONSUL_IMAGE_REPOSITORY" - tag: "CONSUL_IMAGE_TAG" diff --git a/community_images/consul/bitnami/k8s_coverage.sh b/community_images/consul/bitnami/k8s_coverage.sh deleted file mode 100755 index a5c227ecdd..0000000000 --- a/community_images/consul/bitnami/k8s_coverage.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/bash - -set -x -set -e - -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -# shellcheck disable=SC1091 -. "${SCRIPTPATH}"/../../common/scripts/bash_helper.sh - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for k8s coverage = $JSON" \ No newline at end of file diff --git a/community_images/consul/bitnami/overrides.yml b/community_images/consul/bitnami/overrides.yml deleted file mode 100644 index c27764377f..0000000000 --- a/community_images/consul/bitnami/overrides.yml +++ /dev/null @@ -1,33 +0,0 @@ -image: - pullSecrets: ["rf-regcred"] - pullPolicy: Always -master: - containerSecurityContext: - enabled: true - allowPrivilegeEscalation: true - capabilities: - add: ["SYS_PTRACE"] - extraEnvVars: - - name: "RF_VERBOSE" - value: "0" - livenessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 - readinessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 -replica: - containerSecurityContext: - enabled: true - allowPrivilegeEscalation: true - capabilities: - add: ["SYS_PTRACE"] - extraEnvVars: - - name: "RF_VERBOSE" - value: "0" - livenessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 - readinessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 \ No newline at end of file diff --git a/community_images/consul/bitnami/scripts/client_container_test.sh b/community_images/consul/bitnami/scripts/client_container_test.sh deleted file mode 100755 index 0c512bb2d8..0000000000 --- a/community_images/consul/bitnami/scripts/client_container_test.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/bash - -set -x -set -e - -# The purpose of this script is to Query our service using DNS API through a client container(This doesn't run on the stubbed image) - -# Available Scripts -ls /opt/bitnami/scripts - -# Installing dnsutils -apt-get update -apt-get install dnsutils -y - -# Installing curl -apt-get install curl -y - -# Query our service using HTTP Api -curl http://localhost:8500/v1/catalog/service/web - -# Checking for the healthy instances -curl 'http://localhost:8500/v1/health/service/web?passing' - -# Query our service using DNS API on consul-node-1 -dig consul-node1/8600 rails.web.service.consul SRV \ No newline at end of file diff --git a/community_images/consul/bitnami/scripts/client_coverage_script.sh b/community_images/consul/bitnami/scripts/client_coverage_script.sh deleted file mode 100755 index 79d8445397..0000000000 --- a/community_images/consul/bitnami/scripts/client_coverage_script.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash - -set -x -set -e - -# Available Scripts -ls /opt/bitnami/scripts - -# Checking version -consul version -format=json - -# Create client certs -consul tls ca create -consul tls cert create -client - -# Using consul debug -consul debug -interval=15s -duration=1m \ No newline at end of file diff --git a/community_images/consul/bitnami/scripts/server_coverage_script.sh b/community_images/consul/bitnami/scripts/server_coverage_script.sh deleted file mode 100755 index 16dfb1a088..0000000000 --- a/community_images/consul/bitnami/scripts/server_coverage_script.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - -set -x -set -e - -# Available Scripts -ls /opt/bitnami/scripts - -# General commands -consul members | tee -a members -SERVERS=$(grep -w "server" -c members) -CLIENTS=$(grep -w "client" -c members) -# Checking the members in the cluster -echo "Number of Servers Active = $SERVERS" -echo "Number of Clients Active = $CLIENTS" -rm members -consul info - -# Consul snapshot -consul snapshot save backup.snap -consul snapshot inspect backup.snap - -# Registering a test service(This will be deregistered in the main dc_coverage itselfS) -consul services register /consul.d/sample_service.json -consul reload -sleep 10 - -# Consul kv -consul kv put redis/config/connections 5 -consul kv get -detailed redis/config/connections | tee -a file -# To check the number of connections (Should be 5) -CONNECTIONS=$(grep "Value" file) -rm file -echo "$CONNECTIONS" -consul kv delete redis/config/connections - -# Consul Operator Raft -consul operator raft list-peers - -# Consul keygen -consul keygen - -# Consul Maint -consul maint - -# Consul Catalg -# List all datacenters: -consul catalog datacenters -# List all nodes and services -consul catalog nodes -consul catalog services \ No newline at end of file diff --git a/community_images/consul/bitnami/tls_certs.yml b/community_images/consul/bitnami/tls_certs.yml deleted file mode 100644 index 3c07fca644..0000000000 --- a/community_images/consul/bitnami/tls_certs.yml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: localhost-cert -spec: - commonName: localhost - duration: 2160h - isCA: false - issuerRef: - group: cert-manager.io - kind: Issuer - name: ci-ca-issuer - privateKey: - algorithm: RSA - encoding: PKCS1 - size: 2048 - renewBefore: 360h - secretName: localhost-server-tls - subject: - organizations: - - rapidfort - usages: - - server auth - - client auth diff --git a/community_images/consul/ironbank/README.md b/community_images/consul/ironbank/README.md deleted file mode 100755 index a6ae381303..0000000000 --- a/community_images/consul/ironbank/README.md +++ /dev/null @@ -1,142 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for Consul IronBank - -RapidFort’s container optimization process hardened this Consul IronBank container. This container is free to use and has no license limitations. - -It is the same as the [Platform One Consul IronBank][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is Consul IronBank? - -> Consul is a service networking solution to automate network configurations, discover services, and enable secure connectivity across any cloud or runtime. - - -[Overview of Consul IronBank](https://www.consul.io/) - -Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - - -## How do I use this hardened Consul IronBank image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -# Running Consul in Server Mode -$ docker run -d --net=host -e 'CONSUL_LOCAL_CONFIG={"skip_leave_on_interrupt": true}' rapidfort/consul-ib agent -server -bind= -retry-join= -bootstrap-expect= - -# Running Consul in Client Mode -$ docker run -d --net=host -e 'CONSUL_LOCAL_CONFIG={"leave_on_terminate": true}' rapidfort/consul-ib agent agent -bind= -retry-join= - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [Platform One Consul IronBank][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [Platform One Consul IronBank][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/consul-ib][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=consul-ib&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fhashicorp%2Fconsul?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=consul-ib&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fhashicorp%2Fconsul?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=consul-ib&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fhashicorp%2Fconsul?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=consul-ib&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fhashicorp%2Fconsul?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=consul-ib&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fhashicorp%2Fconsul?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=consul-ib&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/consul-ib?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/consul-ib?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/consul/ironbank/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/consul/ironbank/assets/cve_reduction.webp - -[source-image-repo-link]: https://registry1.dso.mil/harbor/projects/3/repositories/hashicorp%2Fconsul -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/consul-ib diff --git a/community_images/consul/ironbank/assets/cve_reduction.webp b/community_images/consul/ironbank/assets/cve_reduction.webp deleted file mode 100644 index 4325cbca13..0000000000 Binary files a/community_images/consul/ironbank/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/consul/ironbank/assets/metrics.webp b/community_images/consul/ironbank/assets/metrics.webp deleted file mode 100644 index b26b958341..0000000000 Binary files a/community_images/consul/ironbank/assets/metrics.webp and /dev/null differ diff --git a/community_images/consul/ironbank/configs/acls/consul-anonymous-token-policy.hcl b/community_images/consul/ironbank/configs/acls/consul-anonymous-token-policy.hcl deleted file mode 100755 index 440255a572..0000000000 --- a/community_images/consul/ironbank/configs/acls/consul-anonymous-token-policy.hcl +++ /dev/null @@ -1,6 +0,0 @@ -node_prefix "" { - policy = "write" -} -service_prefix "" { - policy = "read" -} \ No newline at end of file diff --git a/community_images/consul/ironbank/configs/sample_service.json b/community_images/consul/ironbank/configs/sample_service.json deleted file mode 100644 index d83aabaa04..0000000000 --- a/community_images/consul/ironbank/configs/sample_service.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "service": { - "name": "web", - "tags": [ - "rails" - ], - "port": 80 - } - } \ No newline at end of file diff --git a/community_images/consul/ironbank/configs/server.json b/community_images/consul/ironbank/configs/server.json deleted file mode 100644 index a5e4f4c342..0000000000 --- a/community_images/consul/ironbank/configs/server.json +++ /dev/null @@ -1,23 +0,0 @@ -{ - "datacenter":"dc1", - "domain":"consul", - "data_dir":"/consul/data", - "server":true, - "ui":true, - "bootstrap_expect":1, - "addresses": { - "http":"0.0.0.0" - }, - "ports": { - "http":8500, - "dns":8600, - "serf_lan":8301, - "server":8300 - }, - "acl": { - "enabled":true, - "default_policy":"allow", - "enable_token_persistence":true - }, - "node_name": "consul-server1" -} \ No newline at end of file diff --git a/community_images/consul/ironbank/dc_acl_coverage.sh b/community_images/consul/ironbank/dc_acl_coverage.sh deleted file mode 100755 index ae38a2cb50..0000000000 --- a/community_images/consul/ironbank/dc_acl_coverage.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash - -set -x -set -e - -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -# shellcheck disable=SC1091 -. "${SCRIPTPATH}"/../../common/scripts/bash_helper.sh - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" - -# Consul ACLs -docker exec -i consul-server1 consul acl bootstrap \ No newline at end of file diff --git a/community_images/consul/ironbank/dc_coverage.sh b/community_images/consul/ironbank/dc_coverage.sh deleted file mode 100755 index 34eaafd53f..0000000000 --- a/community_images/consul/ironbank/dc_coverage.sh +++ /dev/null @@ -1,66 +0,0 @@ -#!/bin/bash - -set -x -set -e - -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -# shellcheck disable=SC1091 -. "${SCRIPTPATH}"/../../common/scripts/bash_helper.sh - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" - -PROJECT_NAME=$(jq -r '.project_name' < "$JSON_PARAMS") - -# Container name for consul-node1 -CONTAINER_NAME="${PROJECT_NAME}"-consul1-1 - -# Reloading consul config on all containers -docker exec -i "${PROJECT_NAME}"-consul1-1 consul reload -sleep 2 -docker exec -i "${PROJECT_NAME}"-consul2-1 consul reload -docker exec -i "${PROJECT_NAME}"-consul3-1 consul reload - -# Wait for all the member nodes to get in sync -sleep 30 - -# Exec into consul server(node1) and run coverage scrip(Additional: This script also has instructions to register a sample service) -docker exec -i "${CONTAINER_NAME}" sh /opt/scripts/coverage_script.sh - -# log for debugging -docker inspect "${CONTAINER_NAME}" - -# find non-tls and tls port -docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"8300/tcp\"[0].HostPort" -docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"8301/tcp\"[0].HostPort" -docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"8301/udp\"[0].HostPort" -docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"8500/tcp\"[0].HostPort" -docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"8600/tcp\"[0].HostPort" -docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"8600/udp\"[0].HostPort" - -# Checking Consul members list in all server and client nodes -docker exec -i "${PROJECT_NAME}"-consul2-1 consul members -docker exec -i "${PROJECT_NAME}"-consul3-1 consul members - -# Reloading consul config on all containers -docker exec -i "${PROJECT_NAME}"-consul2-1 consul reload -docker exec -i "${PROJECT_NAME}"-consul3-1 consul reload - -# Wait for all the member nodes to get in sync -sleep 30 - -# exec into consul client(node3) and run coverage script -docker exec -i "${PROJECT_NAME}"-consul2-1 sh /opt/scripts/coverage_script.sh - -# Query our service using HTTP API on consul-node1 via consul-node2 -docker exec -i "${PROJECT_NAME}"-consul2-1 sh /opt/scripts/coverage_script.sh - -# Deregistering/removing sample service in consul-node1 -docker exec -i "${CONTAINER_NAME}" consul services deregister /consul.d/sample_service.json - -# Shutting down consul -docker exec -i "${PROJECT_NAME}"-consul2-1 consul leave diff --git a/community_images/consul/ironbank/docker-compose-acl.yml b/community_images/consul/ironbank/docker-compose-acl.yml deleted file mode 100755 index 78fe0993fb..0000000000 --- a/community_images/consul/ironbank/docker-compose-acl.yml +++ /dev/null @@ -1,30 +0,0 @@ -version: '2' - -services: - - consul-server1: - image: ${CONSUL_OFFICIAL_IMAGE_REPOSITORY}:${CONSUL_OFFICIAL_IMAGE_TAG} - user: root - container_name: consul-server1 - restart: always - environment: - - CONSUL_RETRY_JOIN_ADDRESS=consul-server1 - volumes: - - ./configs/server.json:/server.json - - ./configs/acls/:/consul/dataconf/acls/ - networks: - - consul - cap_add: - - SYS_PTRACE - ports: - - '0.0.0.0::8300' - - '0.0.0.0::8301' - - '0.0.0.0::8301/udp' - - '0.0.0.0::8500' - - '0.0.0.0::8600' - - '0.0.0.0::8600/udp' - command: "consul agent -server -bootstrap-expect=1 -retry-join=consul-server1 -config-file=server.json" - -networks: - consul: - driver: bridge \ No newline at end of file diff --git a/community_images/consul/ironbank/docker-compose.yml b/community_images/consul/ironbank/docker-compose.yml deleted file mode 100755 index 24d103b17c..0000000000 --- a/community_images/consul/ironbank/docker-compose.yml +++ /dev/null @@ -1,57 +0,0 @@ -version: '2.0' - -services: - - consul1: - image: ${CONSUL_OFFICIAL_IMAGE_REPOSITORY}:${CONSUL_OFFICIAL_IMAGE_TAG} - hostname: "consul1" - user: root - cap_add: - - SYS_PTRACE - ports: - - '0.0.0.0::8300' - - '0.0.0.0::8301' - - '0.0.0.0::8301/udp' - - '0.0.0.0::8500' - - '0.0.0.0::8600' - - '0.0.0.0::8600/udp' - volumes: - - 'consul-node1_data:/consul/data' - - ./scripts/server_coverage_script.sh:/opt/scripts/coverage_script.sh - - ./configs/sample_service.json:/consul.d/sample_service.json - command: "agent -server -bootstrap-expect 2 -ui -client 0.0.0.0" - - consul2: - image: ${CONSUL_OFFICIAL_IMAGE_REPOSITORY}:${CONSUL_OFFICIAL_IMAGE_TAG} - hostname: "consul2" - user: root - cap_add: - - SYS_PTRACE - volumes: - - 'consul-node2_data:/consul/data' - - ./scripts/server2_coverage_script.sh:/opt/scripts/coverage_script.sh - command: "agent -server -join consul1" - depends_on: - - consul1 - - consul3: - image: ${CONSUL_OFFICIAL_IMAGE_REPOSITORY}:${CONSUL_OFFICIAL_IMAGE_TAG} - hostname: "consul3" - user: root - cap_add: - - SYS_PTRACE - volumes: - - 'consul-node3_data:/consul/data' - - ./scripts/client_coverage_script.sh:/opt/scripts/coverage_script.sh - command: "agent -join consul1" - depends_on: - - consul1 - - consul2 - -volumes: - consul-node1_data: - driver: local - consul-node2_data: - driver: local - consul-node3_data: - driver: local diff --git a/community_images/consul/ironbank/image.yml b/community_images/consul/ironbank/image.yml deleted file mode 100755 index 4a3e98cbb2..0000000000 --- a/community_images/consul/ironbank/image.yml +++ /dev/null @@ -1,56 +0,0 @@ -name: consul-ib -official_name: Consul IronBank -official_website: https://www.consul.io/ -source_image_provider: Platform One -source_image_repo: registry1.dso.mil/ironbank/hashicorp/consul -source_image_repo_link: https://registry1.dso.mil/harbor/projects/3/repositories/hashicorp%2Fconsul -source_image_readme: https://repo1.dso.mil/dsop/hashicorp/consul/1.14/-/blob/development/README.md -rf_docker_link: rapidfort/consul-ib -image_workflow_name: consul_ironbank -github_location: consul/ironbank -report_url: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fhashicorp%2Fconsul -usage_instructions: | - # Running Consul in Server Mode - $ docker run -d --net=host -e 'CONSUL_LOCAL_CONFIG={"skip_leave_on_interrupt": true}' rapidfort/consul-ib agent -server -bind= -retry-join= -bootstrap-expect= - - # Running Consul in Client Mode - $ docker run -d --net=host -e 'CONSUL_LOCAL_CONFIG={"leave_on_terminate": true}' rapidfort/consul-ib agent agent -bind= -retry-join= -what_is_text: | - Consul is a service networking solution to automate network configurations, discover services, and enable secure connectivity across any cloud or runtime. -disclaimer: | - Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. -input_registry: - registry: registry1.dso.mil - account: ironbank -repo_sets: - - hashicorp/consul: - input_base_tag: "1.14." - output_repo: consul-ib - - hashicorp/consul: - input_base_tag: "1.13." - output_repo: consul-ib - - hashicorp/consul: - input_base_tag: "1.12." - output_repo: consul-ib -runtimes: - - type: docker_compose - script: dc_coverage.sh - compose_file: docker-compose.yml - wait_time_sec: 100 - tls_certs: - generate: true - out_dir: certs - image_keys: - consul-ib: - repository: "CONSUL_OFFICIAL_IMAGE_REPOSITORY" - tag: "CONSUL_OFFICIAL_IMAGE_TAG" - - type: docker_compose - script: dc_acl_coverage.sh - compose_file: docker-compose-acl.yml - tls_certs: - generate: true - out_dir: certs - image_keys: - consul-ib: - repository: "CONSUL_OFFICIAL_IMAGE_REPOSITORY" - tag: "CONSUL_OFFICIAL_IMAGE_TAG" diff --git a/community_images/consul/ironbank/scripts/client_coverage_script.sh b/community_images/consul/ironbank/scripts/client_coverage_script.sh deleted file mode 100755 index 40aa91f00f..0000000000 --- a/community_images/consul/ironbank/scripts/client_coverage_script.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash - -set -x -set -e - -# Available Scripts -ls /opt/scripts - -# Checking version -consul version -format=json - -# Create client certs -consul tls ca create -consul tls cert create -client - -# Using consul debug -consul debug -interval=15s -duration=1m \ No newline at end of file diff --git a/community_images/consul/ironbank/scripts/server2_coverage_script.sh b/community_images/consul/ironbank/scripts/server2_coverage_script.sh deleted file mode 100644 index ca82fa7b82..0000000000 --- a/community_images/consul/ironbank/scripts/server2_coverage_script.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/bash - -set -x -set -e - -# The purpose of this script is to Query our service using DNS API through a client container(This doesn't run on the stubbed image) - -# Available Scripts -ls /opt/scripts - -# Query our service using HTTP Api -curl http://localhost:8500/v1/catalog/service/web - -# Checking for the healthy instances -curl 'http://localhost:8500/v1/health/service/web?passing' \ No newline at end of file diff --git a/community_images/consul/ironbank/scripts/server_coverage_script.sh b/community_images/consul/ironbank/scripts/server_coverage_script.sh deleted file mode 100755 index adc622b688..0000000000 --- a/community_images/consul/ironbank/scripts/server_coverage_script.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - -set -x -set -e - -# Available Scripts -ls /opt/scripts - -# General commands -consul members | tee -a members -SERVERS=$(grep -w "server" -c members) -CLIENTS=$(grep -w "client" -c members) -# Checking the members in the cluster -echo "Number of Servers Active = $SERVERS" -echo "Number of Clients Active = $CLIENTS" -rm members -consul info - -# Consul snapshot -consul snapshot save backup.snap -consul snapshot inspect backup.snap - -# Registering a test service(This will be deregistered in the main dc_coverage itselfS) -consul services register /consul.d/sample_service.json -consul reload -sleep 10 - -# Consul kv -consul kv put redis/config/connections 5 -consul kv get -detailed redis/config/connections | tee -a file -# To check the number of connections (Should be 5) -CONNECTIONS=$(grep "Value" file) -rm file -echo "$CONNECTIONS" -consul kv delete redis/config/connections - -# Consul Operator Raft -consul operator raft list-peers - -# Consul keygen -consul keygen - -# Consul Maint -consul maint - -# Consul Catalg -# List all datacenters: -consul catalog datacenters -# List all nodes and services -consul catalog nodes -consul catalog services \ No newline at end of file diff --git a/community_images/consul/official/.rfignore b/community_images/consul/official/.rfignore deleted file mode 100644 index 1c799e0088..0000000000 --- a/community_images/consul/official/.rfignore +++ /dev/null @@ -1 +0,0 @@ -usr/share/common-licenses \ No newline at end of file diff --git a/community_images/consul/official/README.md b/community_images/consul/official/README.md deleted file mode 100755 index 4fd51fbaed..0000000000 --- a/community_images/consul/official/README.md +++ /dev/null @@ -1,146 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for Consul Official - -RapidFort’s container optimization process hardened this Consul Official container. This container is free to use and has no license limitations. - -It is the same as the [HashiCorp Consul Official][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is Consul Official? - -> Consul is a service networking solution to automate network configurations, discover services, and enable secure connectivity across any cloud or runtime. - - -[Overview of Consul Official](https://www.consul.io/) - -Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - - -## How do I use this hardened Consul Official image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -# Running Consul in Server Mode -$ docker run -d --net=host -e 'CONSUL_LOCAL_CONFIG={"skip_leave_on_interrupt": true}' rapidfort/consul-official agent -server -bind= -retry-join= -bootstrap-expect= - -# Running Consul in Client Mode -$ docker run -d --net=host -e 'CONSUL_LOCAL_CONFIG={"leave_on_terminate": true}' rapidfort/consul-official agent -bind= -retry-join= - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [HashiCorp Consul Official][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [HashiCorp Consul Official][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/consul-official][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links -* [`1.15.4`, `1.15`, `latest`](https://github.com/hashicorp/docker-consul/blob/master/0.X/Dockerfile) -* [`1.14.0`, `1.14`](https://github.com/hashicorp/docker-consul/blob/da19183e0617a285e3dbc42ad5ebfdb4e61caa31/0.X/Dockerfile) -* [`1.13.3`, `1.13`](https://github.com/hashicorp/docker-consul/blob/f4f43d2534abcfc12f8aebf3c20e5339fdec384f/0.X/Dockerfile) -* [`1.12.6`, `1.12`](https://github.com/hashicorp/docker-consul/blob/dfb2da6631adfc68ce9a930bfd90b543c7ef69c9/0.X/Dockerfile) - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=consul-official&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fhashicorp%2Fconsul?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=consul-official&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fhashicorp%2Fconsul?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=consul-official&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fhashicorp%2Fconsul?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=consul-official&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fhashicorp%2Fconsul?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=consul-official&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fhashicorp%2Fconsul?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=consul-official&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/consul-official?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/consul-official?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/consul/official/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/consul/official/assets/cve_reduction.webp - -[source-image-repo-link]: https://hub.docker.com/r/hashicorp/consul -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/consul-official diff --git a/community_images/consul/official/assets/cve_reduction.webp b/community_images/consul/official/assets/cve_reduction.webp deleted file mode 100644 index dd80039210..0000000000 Binary files a/community_images/consul/official/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/consul/official/assets/metrics.webp b/community_images/consul/official/assets/metrics.webp deleted file mode 100644 index 39b052cca4..0000000000 Binary files a/community_images/consul/official/assets/metrics.webp and /dev/null differ diff --git a/community_images/consul/official/configs/acls/consul-anonymous-token-policy.hcl b/community_images/consul/official/configs/acls/consul-anonymous-token-policy.hcl deleted file mode 100644 index 440255a572..0000000000 --- a/community_images/consul/official/configs/acls/consul-anonymous-token-policy.hcl +++ /dev/null @@ -1,6 +0,0 @@ -node_prefix "" { - policy = "write" -} -service_prefix "" { - policy = "read" -} \ No newline at end of file diff --git a/community_images/consul/official/configs/sample_service.json b/community_images/consul/official/configs/sample_service.json deleted file mode 100644 index d83aabaa04..0000000000 --- a/community_images/consul/official/configs/sample_service.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "service": { - "name": "web", - "tags": [ - "rails" - ], - "port": 80 - } - } \ No newline at end of file diff --git a/community_images/consul/official/configs/server.json b/community_images/consul/official/configs/server.json deleted file mode 100644 index a5e4f4c342..0000000000 --- a/community_images/consul/official/configs/server.json +++ /dev/null @@ -1,23 +0,0 @@ -{ - "datacenter":"dc1", - "domain":"consul", - "data_dir":"/consul/data", - "server":true, - "ui":true, - "bootstrap_expect":1, - "addresses": { - "http":"0.0.0.0" - }, - "ports": { - "http":8500, - "dns":8600, - "serf_lan":8301, - "server":8300 - }, - "acl": { - "enabled":true, - "default_policy":"allow", - "enable_token_persistence":true - }, - "node_name": "consul-server1" -} \ No newline at end of file diff --git a/community_images/consul/official/dc_acl_coverage.sh b/community_images/consul/official/dc_acl_coverage.sh deleted file mode 100755 index ae38a2cb50..0000000000 --- a/community_images/consul/official/dc_acl_coverage.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash - -set -x -set -e - -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -# shellcheck disable=SC1091 -. "${SCRIPTPATH}"/../../common/scripts/bash_helper.sh - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" - -# Consul ACLs -docker exec -i consul-server1 consul acl bootstrap \ No newline at end of file diff --git a/community_images/consul/official/dc_coverage.sh b/community_images/consul/official/dc_coverage.sh deleted file mode 100755 index 6ca6f11409..0000000000 --- a/community_images/consul/official/dc_coverage.sh +++ /dev/null @@ -1,69 +0,0 @@ -#!/bin/bash - -set -x -set -e - -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -# shellcheck disable=SC1091 -. "${SCRIPTPATH}"/../../common/scripts/bash_helper.sh - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" - -PROJECT_NAME=$(jq -r '.project_name' < "$JSON_PARAMS") - -# Container name for consul-node1 -CONTAINER_NAME="${PROJECT_NAME}"-consul1-1 - -# Reloading consul config on all containers -docker exec -i "${PROJECT_NAME}"-consul1-1 consul reload -sleep 2 -docker exec -i "${PROJECT_NAME}"-consul2-1 consul reload -docker exec -i "${PROJECT_NAME}"-consul3-1 consul reload -docker exec -i "${PROJECT_NAME}"-consul4-1 consul reload - -# Wait for all the member nodes to get in sync -sleep 30 - -# Exec into consul server(node1) and run coverage scrip(Additional: This script also has instructions to register a sample service) -docker exec -i "${CONTAINER_NAME}" sh /opt/scripts/coverage_script.sh - -# log for debugging -docker inspect "${CONTAINER_NAME}" - -# find non-tls and tls port -docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"8300/tcp\"[0].HostPort" -docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"8301/tcp\"[0].HostPort" -docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"8301/udp\"[0].HostPort" -docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"8500/tcp\"[0].HostPort" -docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"8600/tcp\"[0].HostPort" -docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"8600/udp\"[0].HostPort" - -# Checking Consul members list in all server and client nodes -docker exec -i "${PROJECT_NAME}"-consul2-1 consul members -docker exec -i "${PROJECT_NAME}"-consul3-1 consul members -docker exec -i "${PROJECT_NAME}"-consul4-1 consul members - -# Reloading consul config on all containers -docker exec -i "${PROJECT_NAME}"-consul2-1 consul reload -docker exec -i "${PROJECT_NAME}"-consul3-1 consul reload -docker exec -i "${PROJECT_NAME}"-consul4-1 consul reload - -# Wait for all the member nodes to get in sync -sleep 30 - -# exec into consul client(node4) and run coverage script -docker exec -i "${PROJECT_NAME}"-consul4-1 sh /opt/scripts/coverage_script.sh - -# Query our service using DNS API and HTTP API on consul-node1 via consul-node3 -docker exec -i "${PROJECT_NAME}"-consul3-1 sh /opt/scripts/coverage_script.sh - -# Deregistering/removing sample service in consul-node1 -docker exec -i "${CONTAINER_NAME}" consul services deregister /consul.d/sample_service.json - -# Shutting down consul -docker exec -i "${PROJECT_NAME}"-consul2-1 consul leave diff --git a/community_images/consul/official/docker-compose-acl.yml b/community_images/consul/official/docker-compose-acl.yml deleted file mode 100755 index 78fe0993fb..0000000000 --- a/community_images/consul/official/docker-compose-acl.yml +++ /dev/null @@ -1,30 +0,0 @@ -version: '2' - -services: - - consul-server1: - image: ${CONSUL_OFFICIAL_IMAGE_REPOSITORY}:${CONSUL_OFFICIAL_IMAGE_TAG} - user: root - container_name: consul-server1 - restart: always - environment: - - CONSUL_RETRY_JOIN_ADDRESS=consul-server1 - volumes: - - ./configs/server.json:/server.json - - ./configs/acls/:/consul/dataconf/acls/ - networks: - - consul - cap_add: - - SYS_PTRACE - ports: - - '0.0.0.0::8300' - - '0.0.0.0::8301' - - '0.0.0.0::8301/udp' - - '0.0.0.0::8500' - - '0.0.0.0::8600' - - '0.0.0.0::8600/udp' - command: "consul agent -server -bootstrap-expect=1 -retry-join=consul-server1 -config-file=server.json" - -networks: - consul: - driver: bridge \ No newline at end of file diff --git a/community_images/consul/official/docker-compose.yml b/community_images/consul/official/docker-compose.yml deleted file mode 100755 index a1bf13f2a3..0000000000 --- a/community_images/consul/official/docker-compose.yml +++ /dev/null @@ -1,72 +0,0 @@ -version: '2.0' - -services: - - consul1: - image: ${CONSUL_OFFICIAL_IMAGE_REPOSITORY}:${CONSUL_OFFICIAL_IMAGE_TAG} - hostname: "consul1" - user: root - cap_add: - - SYS_PTRACE - ports: - - '0.0.0.0::8300' - - '0.0.0.0::8301' - - '0.0.0.0::8301/udp' - - '0.0.0.0::8500' - - '0.0.0.0::8600' - - '0.0.0.0::8600/udp' - volumes: - - 'consul-node1_data:/consul/data' - - ./scripts/server_coverage_script.sh:/opt/scripts/coverage_script.sh - - ./configs/sample_service.json:/consul.d/sample_service.json - command: "agent -server -bootstrap-expect 3 -ui -client 0.0.0.0" - - consul2: - image: ${CONSUL_OFFICIAL_IMAGE_REPOSITORY}:${CONSUL_OFFICIAL_IMAGE_TAG} - hostname: "consul2" - user: root - cap_add: - - SYS_PTRACE - volumes: - - 'consul-node2_data:/consul/data' - command: "agent -server -join consul1" - depends_on: - - consul1 - - consul3: - image: hashicorp/consul - hostname: "consul3" - user: root - cap_add: - - SYS_PTRACE - volumes: - - 'consul-node3_data:/consul/data' - - ./scripts/client_container_test.sh:/opt/scripts/coverage_script.sh - command: "agent -server -join consul1" - depends_on: - - consul1 - - consul4: - image: ${CONSUL_OFFICIAL_IMAGE_REPOSITORY}:${CONSUL_OFFICIAL_IMAGE_TAG} - hostname: "consul4" - user: root - cap_add: - - SYS_PTRACE - volumes: - - 'consul-node4_data:/consul/data' - - ./scripts/client_coverage_script.sh:/opt/scripts/coverage_script.sh - command: "agent -join consul1" - depends_on: - - consul1 - - consul2 - - consul3 - -volumes: - consul-node1_data: - driver: local - consul-node2_data: - driver: local - consul-node3_data: - driver: local - consul-node4_data: - driver: local diff --git a/community_images/consul/official/image.yml b/community_images/consul/official/image.yml deleted file mode 100755 index fccb0fdbbb..0000000000 --- a/community_images/consul/official/image.yml +++ /dev/null @@ -1,63 +0,0 @@ -name: consul-official -official_name: Consul Official -official_website: https://www.consul.io/ -source_image_provider: HashiCorp -source_image_repo: docker.io/hashicorp/consul -source_image_repo_link: https://hub.docker.com/r/hashicorp/consul -source_image_readme: https://github.com/hashicorp/docker-base/blob/master/README.md -rf_docker_link: rapidfort/consul-official -image_workflow_name: consul_official -github_location: consul/official -report_url: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fhashicorp%2Fconsul -usage_instructions: | - # Running Consul in Server Mode - $ docker run -d --net=host -e 'CONSUL_LOCAL_CONFIG={"skip_leave_on_interrupt": true}' rapidfort/consul-official agent -server -bind= -retry-join= -bootstrap-expect= - - # Running Consul in Client Mode - $ docker run -d --net=host -e 'CONSUL_LOCAL_CONFIG={"leave_on_terminate": true}' rapidfort/consul-official agent -bind= -retry-join= -what_is_text: | - Consul is a service networking solution to automate network configurations, discover services, and enable secure connectivity across any cloud or runtime. -disclaimer: | - Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. -docker_links: - - "[`1.15.4`, `1.15`, `latest`](https://github.com/hashicorp/docker-consul/blob/master/0.X/Dockerfile)" - - "[`1.14.0`, `1.14`](https://github.com/hashicorp/docker-consul/blob/da19183e0617a285e3dbc42ad5ebfdb4e61caa31/0.X/Dockerfile)" - - "[`1.13.3`, `1.13`](https://github.com/hashicorp/docker-consul/blob/f4f43d2534abcfc12f8aebf3c20e5339fdec384f/0.X/Dockerfile)" - - "[`1.12.6`, `1.12`](https://github.com/hashicorp/docker-consul/blob/dfb2da6631adfc68ce9a930bfd90b543c7ef69c9/0.X/Dockerfile)" -input_registry: - registry: docker.io - account: hashicorp -repo_sets: - - consul: - input_base_tag: "1.16.*" - output_repo: consul-official - - consul: - input_base_tag: "1.15.*" - output_repo: consul-official - - consul: - input_base_tag: "1.14.*" - output_repo: consul-official - - consul: - input_base_tag: "1.13.*" - output_repo: consul-official -runtimes: - - type: docker_compose - script: dc_coverage.sh - compose_file: docker-compose.yml - tls_certs: - generate: true - out_dir: certs - image_keys: - consul-official: - repository: "CONSUL_OFFICIAL_IMAGE_REPOSITORY" - tag: "CONSUL_OFFICIAL_IMAGE_TAG" - - type: docker_compose - script: dc_acl_coverage.sh - compose_file: docker-compose-acl.yml - tls_certs: - generate: true - out_dir: certs - image_keys: - consul-official: - repository: "CONSUL_OFFICIAL_IMAGE_REPOSITORY" - tag: "CONSUL_OFFICIAL_IMAGE_TAG" diff --git a/community_images/consul/official/scripts/client_container_test.sh b/community_images/consul/official/scripts/client_container_test.sh deleted file mode 100755 index 8b6db56981..0000000000 --- a/community_images/consul/official/scripts/client_container_test.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash - -set -x -set -e - -# The purpose of this script is to Query our service using DNS API through a client container(This doesn't run on the stubbed image) - -# Available Scripts -ls /opt/scripts - -# Installing dnsutils -apk add --update bind-tools - -# Query our service using HTTP Api -curl http://localhost:8500/v1/catalog/service/web - -# Checking for the healthy instances -curl 'http://localhost:8500/v1/health/service/web?passing' - -# Query our service using DNS API on consul-node-1 -dig consul-node1/8600 rails.web.service.consul SRV \ No newline at end of file diff --git a/community_images/consul/official/scripts/client_coverage_script.sh b/community_images/consul/official/scripts/client_coverage_script.sh deleted file mode 100755 index 40aa91f00f..0000000000 --- a/community_images/consul/official/scripts/client_coverage_script.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash - -set -x -set -e - -# Available Scripts -ls /opt/scripts - -# Checking version -consul version -format=json - -# Create client certs -consul tls ca create -consul tls cert create -client - -# Using consul debug -consul debug -interval=15s -duration=1m \ No newline at end of file diff --git a/community_images/consul/official/scripts/server_coverage_script.sh b/community_images/consul/official/scripts/server_coverage_script.sh deleted file mode 100755 index adc622b688..0000000000 --- a/community_images/consul/official/scripts/server_coverage_script.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - -set -x -set -e - -# Available Scripts -ls /opt/scripts - -# General commands -consul members | tee -a members -SERVERS=$(grep -w "server" -c members) -CLIENTS=$(grep -w "client" -c members) -# Checking the members in the cluster -echo "Number of Servers Active = $SERVERS" -echo "Number of Clients Active = $CLIENTS" -rm members -consul info - -# Consul snapshot -consul snapshot save backup.snap -consul snapshot inspect backup.snap - -# Registering a test service(This will be deregistered in the main dc_coverage itselfS) -consul services register /consul.d/sample_service.json -consul reload -sleep 10 - -# Consul kv -consul kv put redis/config/connections 5 -consul kv get -detailed redis/config/connections | tee -a file -# To check the number of connections (Should be 5) -CONNECTIONS=$(grep "Value" file) -rm file -echo "$CONNECTIONS" -consul kv delete redis/config/connections - -# Consul Operator Raft -consul operator raft list-peers - -# Consul keygen -consul keygen - -# Consul Maint -consul maint - -# Consul Catalg -# List all datacenters: -consul catalog datacenters -# List all nodes and services -consul catalog nodes -consul catalog services \ No newline at end of file diff --git a/community_images/couchdb/bitnami/.rfignore b/community_images/couchdb/bitnami/.rfignore deleted file mode 100644 index 56f26b95a7..0000000000 --- a/community_images/couchdb/bitnami/.rfignore +++ /dev/null @@ -1,5 +0,0 @@ -opt/bitnami/common/licenses -opt/bitnami/couchdb/licenses -opt/bitnami/licenses -usr/share/common-licenses -opt/bitnami/scripts \ No newline at end of file diff --git a/community_images/couchdb/bitnami/README.md b/community_images/couchdb/bitnami/README.md deleted file mode 100644 index c9eb0f80a8..0000000000 --- a/community_images/couchdb/bitnami/README.md +++ /dev/null @@ -1,142 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for Couchdb Database Server - -RapidFort’s container optimization process hardened this Couchdb Database Server container. This container is free to use and has no license limitations. - -It is the same as the [Bitnami Couchdb Database Server][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is Couchdb Database Server? - -> Apache CouchDB is an open-source document-oriented NoSQL database, implemented in Erlang. CouchDB uses multiple formats and protocols to store, transfer, and process its data. It uses JSON to store data, JavaScript as its query language using MapReduce, and HTTP for an API. - - -[Overview of Couchdb Database Server](https://couchdb.apache.org/) - -Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - - -## How do I use this hardened Couchdb Database Server image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -$ helm repo add bitnami https://charts.bitnami.com/bitnami - -# install couchdb, just replace repository with RapidFort registry -$ helm install my-couchdb bitnami/couchdb --set image.repository=rapidfort/couchdb - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [Bitnami Couchdb Database Server][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [Bitnami Couchdb Database Server][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/couchdb][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links -* [`3`, `3-debian-11`, `3.3.3`, `3.3.3-debian-11-r` (3/debian-11/Dockerfile)](https://github.com/bitnami/containers/tree/main/bitnami/couchdb/3/debian-11/Dockerfile) - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=couchdb&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fcouchdb?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=couchdb&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fcouchdb?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=couchdb&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fcouchdb?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=couchdb&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fcouchdb?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=couchdb&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fcouchdb?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=couchdb&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/couchdb?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/couchdb?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/couchdb/bitnami/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/couchdb/bitnami/assets/cve_reduction.webp - -[source-image-repo-link]: https://hub.docker.com/r/bitnami/couchdb -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/couchdb diff --git a/community_images/couchdb/bitnami/assets/cve_reduction.webp b/community_images/couchdb/bitnami/assets/cve_reduction.webp deleted file mode 100644 index 9c7ed98a10..0000000000 Binary files a/community_images/couchdb/bitnami/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/couchdb/bitnami/assets/metrics.webp b/community_images/couchdb/bitnami/assets/metrics.webp deleted file mode 100644 index a2f5959060..0000000000 Binary files a/community_images/couchdb/bitnami/assets/metrics.webp and /dev/null differ diff --git a/community_images/couchdb/bitnami/coverage.sh b/community_images/couchdb/bitnami/coverage.sh deleted file mode 100755 index d9bdca4502..0000000000 --- a/community_images/couchdb/bitnami/coverage.sh +++ /dev/null @@ -1,49 +0,0 @@ -#!/bin/bash - -set -e -set -x - -# shellcheck disable=SC1091 -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -# shellcheck disable=SC1091 -. "${SCRIPTPATH}"/../../common/scripts/bash_helper.sh - -function test_couchdb () { - CONTAINER_NAME=$1 - docker exec -i "${CONTAINER_NAME}" bash -c /opt/bitnami/scripts/host_coverage_script.sh - - # verify that CouchDB is available and installed correctly - echo "verify that CouchDB is available and installed correctly" - curl -X GET http://127.0.0.1:5984/ --user admin:couchdb --fail 2>&1 || echo "CouchDB didn't start properly" - - # list all the CouchDB databases - echo "list all the CouchDB databases" - curl -X GET http://127.0.0.1:5984/_all_dbs --user admin:couchdb --fail 2>&1 || echo "CouchDB didn't start properly" - - # create a CouchDB database - echo "create a CouchDB database" - curl -X PUT http://127.0.0.1:5984/reviews --user admin:couchdb --fail 2>&1 || echo "Failed to create CouchDB database" - - # try inserting into the CouchDB database - echo "try inserting into the CouchDB database" - out=$(curl -s -X PUT http://127.0.0.1:5984/reviews/01 -d '{"reviewer_name":"Ben", "stars":"4", "details":"Love the calzone!"}' --user admin:couchdb --fail 2>&1) || echo "Failed to insert data in CouchDB database" - rev=$(echo "${out}" | jq -r '.rev') - - # fetch record - echo "fetch a sample record from database" - curl -X GET http://127.0.0.1:5984/reviews/01 --user admin:couchdb --fail 2>&1 || echo "Failed to get CouchDB database record" - - # update the record - echo "update a sample record in database" - out=$(curl -s -X PUT http://127.0.0.1:5984/reviews/01 -d '{"_id":"01", "stars":"5", "_rev":"'"$rev"'"}' --user admin:couchdb --fail 2>&1) || echo "Failed to update the record" - rev=$(echo "${out}" | jq -r '.rev') - - # delete the db record - echo "delete a sample record from database" - curl -X DELETE http://127.0.0.1:5984/reviews/01?rev="${rev}" --user admin:couchdb --fail 2>&1 || echo "Failed to delete the record" - - # read the record again, it should be deleted - echo "read the record again, it should throw error" - curl -X GET http://127.0.0.1:5984/reviews/01 --user admin:couchdb --fail 2>&1 || echo "record got deleted" -} diff --git a/community_images/couchdb/bitnami/dc_coverage.sh b/community_images/couchdb/bitnami/dc_coverage.sh deleted file mode 100755 index c1ff1e27b5..0000000000 --- a/community_images/couchdb/bitnami/dc_coverage.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/bash - -set -x -set -e - -# shellcheck disable=SC1091 -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -# shellcheck disable=SC1091 -. "${SCRIPTPATH}"/coverage.sh - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" - -PROJECT_NAME=$(jq -r '.project_name' < "$JSON_PARAMS") -# Container name for consul-node1 -CONTAINER_NAME="${PROJECT_NAME}"-couchdb-1 - -test_couchdb "${CONTAINER_NAME}" \ No newline at end of file diff --git a/community_images/couchdb/bitnami/docker-compose.yml b/community_images/couchdb/bitnami/docker-compose.yml deleted file mode 100644 index ffb350267b..0000000000 --- a/community_images/couchdb/bitnami/docker-compose.yml +++ /dev/null @@ -1,21 +0,0 @@ -version: '2' - -services: - couchdb: - image: ${COUCHDB_IMAGE_REPOSITORY}:${COUCHDB_IMAGE_TAG} - user: root - cap_add: - - SYS_PTRACE - environment: - - COUCHDB_USER=admin - - COUCHDB_PASSWORD=couchdb - ports: - - '5984:5984' - - '4369:4369' - - '9100:9100' - volumes: - - couchdb_data:/bitnami/couchdb - - ./host_coverage.sh:/opt/bitnami/scripts/host_coverage_script.sh -volumes: - couchdb_data: - driver: local diff --git a/community_images/couchdb/bitnami/host_coverage.sh b/community_images/couchdb/bitnami/host_coverage.sh deleted file mode 100755 index d4c542aeb9..0000000000 --- a/community_images/couchdb/bitnami/host_coverage.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash - -set -e -set -x - -couchjs -V || echo "couchjs didn't run properly" - -remsh -h || echo "couldn't run remsh" - -couchdb --version || echo "couldn't get couchdb version" - diff --git a/community_images/couchdb/bitnami/image.yml b/community_images/couchdb/bitnami/image.yml deleted file mode 100644 index d59a955d34..0000000000 --- a/community_images/couchdb/bitnami/image.yml +++ /dev/null @@ -1,34 +0,0 @@ -name: couchdb -official_name: Couchdb Database Server -official_website: https://couchdb.apache.org/ -source_image_provider: Bitnami -source_image_repo: docker.io/bitnami/couchdb -source_image_repo_link: https://hub.docker.com/r/bitnami/couchdb -source_image_readme: https://github.com/bitnami/containers/blob/main/bitnami/couchdb/README.md -rf_docker_link: rapidfort/couchdb -image_workflow_name: couchdb_bitnami -github_location: couchdb/bitnami -report_url: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fcouchdb -usage_instructions: | - $ helm repo add bitnami https://charts.bitnami.com/bitnami - - # install couchdb, just replace repository with RapidFort registry - $ helm install my-couchdb bitnami/couchdb --set image.repository=rapidfort/couchdb -what_is_text: | - Apache CouchDB is an open-source document-oriented NoSQL database, implemented in Erlang. CouchDB uses multiple formats and protocols to store, transfer, and process its data. It uses JSON to store data, JavaScript as its query language using MapReduce, and HTTP for an API. -disclaimer: | - Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. -input_registry: - registry: docker.io - account: bitnami -repo_sets: - - couchdb: - input_base_tag: "3.3.2-debian-11-r" -runtimes: - - type: docker_compose - script: dc_coverage.sh - compose_file: docker-compose.yml - image_keys: - couchdb: - repository: "COUCHDB_IMAGE_REPOSITORY" - tag: "COUCHDB_IMAGE_TAG" diff --git a/community_images/couchdb/ironbank/README.md b/community_images/couchdb/ironbank/README.md deleted file mode 100755 index 6224df2f11..0000000000 --- a/community_images/couchdb/ironbank/README.md +++ /dev/null @@ -1,138 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for Couchdb Database Server IronBank - -RapidFort’s container optimization process hardened this Couchdb Database Server IronBank container. This container is free to use and has no license limitations. - -It is the same as the [Platform One Couchdb Database Server IronBank][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is Couchdb Database Server IronBank? - -> CouchDB is a database that uses JSON for documents, an HTTP API, & JavaScript/declarative indexing. - - -[Overview of Couchdb Database Server IronBank](https://couchdb.apache.org/) - -Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - - -## How do I use this hardened Couchdb Database Server IronBank image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -$ docker run -d --name my-couchdb rapidfort/couchdb_3-ib:tag - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [Platform One Couchdb Database Server IronBank][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [Platform One Couchdb Database Server IronBank][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/couchdb_3-ib][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=couchdb-ib&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fapache%2Fcouchdb_3?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=couchdb-ib&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fapache%2Fcouchdb_3?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=couchdb-ib&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fapache%2Fcouchdb_3?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=couchdb-ib&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fapache%2Fcouchdb_3?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=couchdb-ib&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fapache%2Fcouchdb_3?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=couchdb-ib&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/couchdb_3-ib?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/couchdb_3-ib?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/couchdb/ironbank/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/couchdb/ironbank/assets/cve_reduction.webp - -[source-image-repo-link]: https://registry1.dso.mil/harbor/projects/3/repositories/opensource%2Fapache%2Fcouchdb_3 -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/couchdb_3-ib diff --git a/community_images/couchdb/ironbank/assets/cve_reduction.webp b/community_images/couchdb/ironbank/assets/cve_reduction.webp deleted file mode 100644 index fee62791da..0000000000 Binary files a/community_images/couchdb/ironbank/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/couchdb/ironbank/assets/metrics.webp b/community_images/couchdb/ironbank/assets/metrics.webp deleted file mode 100644 index 2b2a01d021..0000000000 Binary files a/community_images/couchdb/ironbank/assets/metrics.webp and /dev/null differ diff --git a/community_images/couchdb/ironbank/coverage.sh b/community_images/couchdb/ironbank/coverage.sh deleted file mode 100755 index d9bdca4502..0000000000 --- a/community_images/couchdb/ironbank/coverage.sh +++ /dev/null @@ -1,49 +0,0 @@ -#!/bin/bash - -set -e -set -x - -# shellcheck disable=SC1091 -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -# shellcheck disable=SC1091 -. "${SCRIPTPATH}"/../../common/scripts/bash_helper.sh - -function test_couchdb () { - CONTAINER_NAME=$1 - docker exec -i "${CONTAINER_NAME}" bash -c /opt/bitnami/scripts/host_coverage_script.sh - - # verify that CouchDB is available and installed correctly - echo "verify that CouchDB is available and installed correctly" - curl -X GET http://127.0.0.1:5984/ --user admin:couchdb --fail 2>&1 || echo "CouchDB didn't start properly" - - # list all the CouchDB databases - echo "list all the CouchDB databases" - curl -X GET http://127.0.0.1:5984/_all_dbs --user admin:couchdb --fail 2>&1 || echo "CouchDB didn't start properly" - - # create a CouchDB database - echo "create a CouchDB database" - curl -X PUT http://127.0.0.1:5984/reviews --user admin:couchdb --fail 2>&1 || echo "Failed to create CouchDB database" - - # try inserting into the CouchDB database - echo "try inserting into the CouchDB database" - out=$(curl -s -X PUT http://127.0.0.1:5984/reviews/01 -d '{"reviewer_name":"Ben", "stars":"4", "details":"Love the calzone!"}' --user admin:couchdb --fail 2>&1) || echo "Failed to insert data in CouchDB database" - rev=$(echo "${out}" | jq -r '.rev') - - # fetch record - echo "fetch a sample record from database" - curl -X GET http://127.0.0.1:5984/reviews/01 --user admin:couchdb --fail 2>&1 || echo "Failed to get CouchDB database record" - - # update the record - echo "update a sample record in database" - out=$(curl -s -X PUT http://127.0.0.1:5984/reviews/01 -d '{"_id":"01", "stars":"5", "_rev":"'"$rev"'"}' --user admin:couchdb --fail 2>&1) || echo "Failed to update the record" - rev=$(echo "${out}" | jq -r '.rev') - - # delete the db record - echo "delete a sample record from database" - curl -X DELETE http://127.0.0.1:5984/reviews/01?rev="${rev}" --user admin:couchdb --fail 2>&1 || echo "Failed to delete the record" - - # read the record again, it should be deleted - echo "read the record again, it should throw error" - curl -X GET http://127.0.0.1:5984/reviews/01 --user admin:couchdb --fail 2>&1 || echo "record got deleted" -} diff --git a/community_images/couchdb/ironbank/dc_coverage.sh b/community_images/couchdb/ironbank/dc_coverage.sh deleted file mode 100755 index c1ff1e27b5..0000000000 --- a/community_images/couchdb/ironbank/dc_coverage.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/bash - -set -x -set -e - -# shellcheck disable=SC1091 -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -# shellcheck disable=SC1091 -. "${SCRIPTPATH}"/coverage.sh - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" - -PROJECT_NAME=$(jq -r '.project_name' < "$JSON_PARAMS") -# Container name for consul-node1 -CONTAINER_NAME="${PROJECT_NAME}"-couchdb-1 - -test_couchdb "${CONTAINER_NAME}" \ No newline at end of file diff --git a/community_images/couchdb/ironbank/docker-compose.yml b/community_images/couchdb/ironbank/docker-compose.yml deleted file mode 100755 index 61e729cc94..0000000000 --- a/community_images/couchdb/ironbank/docker-compose.yml +++ /dev/null @@ -1,20 +0,0 @@ -version: '2' - -services: - couchdb: - image: ${COUCHDB_IMAGE_REPOSITORY}:${COUCHDB_IMAGE_TAG} - cap_add: - - SYS_PTRACE - environment: - - COUCHDB_USER=admin - - COUCHDB_PASSWORD=couchdb - ports: - - '5984:5984' - - '4369:4369' - - '9100:9100' - volumes: - - couchdb_data:/opt/couchdb/data - - ./host_coverage.sh:/opt/bitnami/scripts/host_coverage_script.sh -volumes: - couchdb_data: - driver: local diff --git a/community_images/couchdb/ironbank/host_coverage.sh b/community_images/couchdb/ironbank/host_coverage.sh deleted file mode 100755 index 978cde805e..0000000000 --- a/community_images/couchdb/ironbank/host_coverage.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -set -e -set -x - -/opt/couchdb/bin/couchjs -V || echo "couchjs didn't run properly" - -/opt/couchdb/bin/remsh -h || echo "couldn't run remsh" - -/opt/couchdb/bin/couchdb --version || echo "couldn't get couchdb version" diff --git a/community_images/couchdb/ironbank/image.yml b/community_images/couchdb/ironbank/image.yml deleted file mode 100755 index b1083bd4ad..0000000000 --- a/community_images/couchdb/ironbank/image.yml +++ /dev/null @@ -1,32 +0,0 @@ -name: couchdb-ib -official_name: Couchdb Database Server IronBank -official_website: https://couchdb.apache.org/ -source_image_provider: Platform One -source_image_repo: registry1.dso.mil/ironbank/opensource/apache/couchdb_3 -source_image_repo_link: https://registry1.dso.mil/harbor/projects/3/repositories/opensource%2Fapache%2Fcouchdb_3 -source_image_readme: https://repo1.dso.mil/dsop/opensource/apache/couchdb_3/-/blob/development/README.md -rf_docker_link: rapidfort/couchdb_3-ib -image_workflow_name: couchdb_ironbank -github_location: couchdb/ironbank -report_url: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fapache%2Fcouchdb_3 -usage_instructions: | - $ docker run -d --name my-couchdb rapidfort/couchdb_3-ib:tag -what_is_text: | - CouchDB is a database that uses JSON for documents, an HTTP API, & JavaScript/declarative indexing. -disclaimer: | - Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. -input_registry: - registry: registry1.dso.mil - account: ironbank -repo_sets: - - opensource/apache/couchdb_3: - input_base_tag: "3." - output_repo: couchdb_3-ib -runtimes: - - type: docker_compose - script: dc_coverage.sh - compose_file: docker-compose.yml - image_keys: - couchdb_3-ib: - repository: "COUCHDB_IMAGE_REPOSITORY" - tag: "COUCHDB_IMAGE_TAG" diff --git a/community_images/couchdb/official/.rfignore b/community_images/couchdb/official/.rfignore deleted file mode 100644 index 1c799e0088..0000000000 --- a/community_images/couchdb/official/.rfignore +++ /dev/null @@ -1 +0,0 @@ -usr/share/common-licenses \ No newline at end of file diff --git a/community_images/couchdb/official/README.md b/community_images/couchdb/official/README.md deleted file mode 100644 index 7305a61e40..0000000000 --- a/community_images/couchdb/official/README.md +++ /dev/null @@ -1,138 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for Couchdb Database Server Official - -RapidFort’s container optimization process hardened this Couchdb Database Server Official container. This container is free to use and has no license limitations. - -It is the same as the [The Docker Community Couchdb Database Server Official][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is Couchdb Database Server Official? - -> CouchDB is a database that uses JSON for documents, an HTTP API, & JavaScript/declarative indexing. - - -[Overview of Couchdb Database Server Official](https://couchdb.apache.org/) - -Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - - -## How do I use this hardened Couchdb Database Server Official image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -$ docker run -d --name my-couchdb rapidfort/couchdb-official:tag - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [The Docker Community Couchdb Database Server Official][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [The Docker Community Couchdb Database Server Official][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/couchdb-official][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=couchdb-official&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fcouchdb?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=couchdb-official&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fcouchdb?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=couchdb-official&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fcouchdb?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=couchdb-official&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fcouchdb?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=couchdb-official&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fcouchdb?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=couchdb-official&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/couchdb-official?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/couchdb-official?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/couchdb/official/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/couchdb/official/assets/cve_reduction.webp - -[source-image-repo-link]: https://hub.docker.com/_/couchdb -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/couchdb-official diff --git a/community_images/couchdb/official/assets/cve_reduction.webp b/community_images/couchdb/official/assets/cve_reduction.webp deleted file mode 100644 index 3bba9edb2f..0000000000 Binary files a/community_images/couchdb/official/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/couchdb/official/assets/metrics.webp b/community_images/couchdb/official/assets/metrics.webp deleted file mode 100644 index e25f9095da..0000000000 Binary files a/community_images/couchdb/official/assets/metrics.webp and /dev/null differ diff --git a/community_images/couchdb/official/coverage.sh b/community_images/couchdb/official/coverage.sh deleted file mode 100755 index d9bdca4502..0000000000 --- a/community_images/couchdb/official/coverage.sh +++ /dev/null @@ -1,49 +0,0 @@ -#!/bin/bash - -set -e -set -x - -# shellcheck disable=SC1091 -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -# shellcheck disable=SC1091 -. "${SCRIPTPATH}"/../../common/scripts/bash_helper.sh - -function test_couchdb () { - CONTAINER_NAME=$1 - docker exec -i "${CONTAINER_NAME}" bash -c /opt/bitnami/scripts/host_coverage_script.sh - - # verify that CouchDB is available and installed correctly - echo "verify that CouchDB is available and installed correctly" - curl -X GET http://127.0.0.1:5984/ --user admin:couchdb --fail 2>&1 || echo "CouchDB didn't start properly" - - # list all the CouchDB databases - echo "list all the CouchDB databases" - curl -X GET http://127.0.0.1:5984/_all_dbs --user admin:couchdb --fail 2>&1 || echo "CouchDB didn't start properly" - - # create a CouchDB database - echo "create a CouchDB database" - curl -X PUT http://127.0.0.1:5984/reviews --user admin:couchdb --fail 2>&1 || echo "Failed to create CouchDB database" - - # try inserting into the CouchDB database - echo "try inserting into the CouchDB database" - out=$(curl -s -X PUT http://127.0.0.1:5984/reviews/01 -d '{"reviewer_name":"Ben", "stars":"4", "details":"Love the calzone!"}' --user admin:couchdb --fail 2>&1) || echo "Failed to insert data in CouchDB database" - rev=$(echo "${out}" | jq -r '.rev') - - # fetch record - echo "fetch a sample record from database" - curl -X GET http://127.0.0.1:5984/reviews/01 --user admin:couchdb --fail 2>&1 || echo "Failed to get CouchDB database record" - - # update the record - echo "update a sample record in database" - out=$(curl -s -X PUT http://127.0.0.1:5984/reviews/01 -d '{"_id":"01", "stars":"5", "_rev":"'"$rev"'"}' --user admin:couchdb --fail 2>&1) || echo "Failed to update the record" - rev=$(echo "${out}" | jq -r '.rev') - - # delete the db record - echo "delete a sample record from database" - curl -X DELETE http://127.0.0.1:5984/reviews/01?rev="${rev}" --user admin:couchdb --fail 2>&1 || echo "Failed to delete the record" - - # read the record again, it should be deleted - echo "read the record again, it should throw error" - curl -X GET http://127.0.0.1:5984/reviews/01 --user admin:couchdb --fail 2>&1 || echo "record got deleted" -} diff --git a/community_images/couchdb/official/dc_coverage.sh b/community_images/couchdb/official/dc_coverage.sh deleted file mode 100755 index c1ff1e27b5..0000000000 --- a/community_images/couchdb/official/dc_coverage.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/bash - -set -x -set -e - -# shellcheck disable=SC1091 -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -# shellcheck disable=SC1091 -. "${SCRIPTPATH}"/coverage.sh - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" - -PROJECT_NAME=$(jq -r '.project_name' < "$JSON_PARAMS") -# Container name for consul-node1 -CONTAINER_NAME="${PROJECT_NAME}"-couchdb-1 - -test_couchdb "${CONTAINER_NAME}" \ No newline at end of file diff --git a/community_images/couchdb/official/docker-compose.yml b/community_images/couchdb/official/docker-compose.yml deleted file mode 100644 index 6feb210881..0000000000 --- a/community_images/couchdb/official/docker-compose.yml +++ /dev/null @@ -1,21 +0,0 @@ -version: '2' - -services: - couchdb: - image: ${COUCHDB_IMAGE_REPOSITORY}:${COUCHDB_IMAGE_TAG} - user: root - cap_add: - - SYS_PTRACE - environment: - - COUCHDB_USER=admin - - COUCHDB_PASSWORD=couchdb - ports: - - '5984:5984' - - '4369:4369' - - '9100:9100' - volumes: - - couchdb_data:/opt/couchdb/data - - ./host_coverage.sh:/opt/bitnami/scripts/host_coverage_script.sh -volumes: - couchdb_data: - driver: local diff --git a/community_images/couchdb/official/host_coverage.sh b/community_images/couchdb/official/host_coverage.sh deleted file mode 100755 index 978cde805e..0000000000 --- a/community_images/couchdb/official/host_coverage.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -set -e -set -x - -/opt/couchdb/bin/couchjs -V || echo "couchjs didn't run properly" - -/opt/couchdb/bin/remsh -h || echo "couldn't run remsh" - -/opt/couchdb/bin/couchdb --version || echo "couldn't get couchdb version" diff --git a/community_images/couchdb/official/image.yml b/community_images/couchdb/official/image.yml deleted file mode 100644 index 9d7f584e26..0000000000 --- a/community_images/couchdb/official/image.yml +++ /dev/null @@ -1,38 +0,0 @@ -name: couchdb-official -official_name: Couchdb Database Server Official -official_website: https://couchdb.apache.org/ -source_image_provider: The Docker Community -source_image_repo: docker.io/library/couchdb -source_image_repo_link: https://hub.docker.com/_/couchdb -source_image_readme: https://github.com/apache/couchdb-docker/blob/main/README.md -rf_docker_link: rapidfort/couchdb-official -image_workflow_name: couchdb_official -github_location: couchdb/official -report_url: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fcouchdb -usage_instructions: | - $ docker run -d --name my-couchdb rapidfort/couchdb-official:tag -what_is_text: | - CouchDB is a database that uses JSON for documents, an HTTP API, & JavaScript/declarative indexing. -disclaimer: | - Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. -input_registry: - registry: docker.io - account: library -repo_sets: - - couchdb: - input_base_tag: "3.2." - output_repo: couchdb-official - - couchdb: - input_base_tag: "3.1." - output_repo: couchdb-official - - couchdb: - input_base_tag: "2.3." - output_repo: couchdb-official -runtimes: - - type: docker_compose - script: dc_coverage.sh - compose_file: docker-compose.yml - image_keys: - couchdb-official: - repository: "COUCHDB_IMAGE_REPOSITORY" - tag: "COUCHDB_IMAGE_TAG" diff --git a/community_images/curl/curlimages/README.md b/community_images/curl/curlimages/README.md deleted file mode 100644 index f82d5759e6..0000000000 --- a/community_images/curl/curlimages/README.md +++ /dev/null @@ -1,153 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for Curl - -RapidFort’s container optimization process hardened this Curl container. This container is free to use and has no license limitations. - -It is the same as the [curlimages Curl][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is Curl? - -> curl is a command line tool and library for transferring data with URLs. - -curl is used in command lines or scripts to transfer data. It is also used in cars, television sets, routers, printers, audio equipment, mobile phones, tablets, settop boxes, media players and is the internet transfer backbone for thousands of software applications affecting billions of humans daily. -Supports the following protocols (so far!):. -DICT, FILE, FTP, FTPS, Gopher, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, POP3, POP3S, RTMP, RTSP, SCP, SFTP, SMB, SMBS, SMTP, SMTPS, Telnet and TFTP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, HTTP/2, cookies, user+password authentication (Basic, Plain, Digest, CRAM-MD5, NTLM, Negotiate and Kerberos), file transfer resume, proxy tunnelling and more. - - -[Overview of Curl](https://github.com/curl/curl-docker) - -Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - - -## How do I use this hardened Curl image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -# Check everything works properly by running: - -$ docker run --rm rapidfort/curl:latest --version - -# Here is a more specific example of running curl docker container: - -$ docker run --rm rapidfort/curl:latest -L -v https://curl.haxx.se - -# To work with files it is best to mount directory: - -$ docker run --rm -it -v "$PWD:/work" rapidfort/curl -d@/work/test.txt https://httpbin.org/post - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [curlimages Curl][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [curlimages Curl][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/curl][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links -* [`7.xx.x`, `latest` (latest/Dockerfile)](https://github.com/curl/curl-docker/blob/master/alpine/latest/Dockerfile) - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=curl&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fcurlimages%2Fcurl?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=curl&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fcurlimages%2Fcurl?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=curl&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fcurlimages%2Fcurl?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=curl&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fcurlimages%2Fcurl?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=curl&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fcurlimages%2Fcurl?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=curl&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/curl?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/curl?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/curl/curlimages/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/curl/curlimages/assets/cve_reduction.webp - -[source-image-repo-link]: https://hub.docker.com/r/curlimages/curl -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/curl diff --git a/community_images/curl/curlimages/assets/cve_reduction.webp b/community_images/curl/curlimages/assets/cve_reduction.webp deleted file mode 100644 index 369cbb0b8b..0000000000 Binary files a/community_images/curl/curlimages/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/curl/curlimages/assets/metrics.webp b/community_images/curl/curlimages/assets/metrics.webp deleted file mode 100644 index 405142807b..0000000000 Binary files a/community_images/curl/curlimages/assets/metrics.webp and /dev/null differ diff --git a/community_images/curl/curlimages/docker_coverage.sh b/community_images/curl/curlimages/docker_coverage.sh deleted file mode 100755 index 45b875253d..0000000000 --- a/community_images/curl/curlimages/docker_coverage.sh +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/bash - -set -x -set -e - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" - -CONTAINER_NAME=$(jq -r '.container_details.curl.name' < "$JSON_PARAMS") - -# run version -docker exec \ - -i "$CONTAINER_NAME" \ - curl --version - -# use entrypoint -docker exec \ - -i "$CONTAINER_NAME" \ - /entrypoint.sh --version - -# run curl -docker exec \ - -i "$CONTAINER_NAME" \ - curl -L -v https://curl.haxx.se - -# run post call -docker exec \ - -i "$CONTAINER_NAME" \ - curl -d@/work/test.txt https://httpbin.org/post - -# run http2 -docker exec \ - -i "$CONTAINER_NAME" \ - curl -sI https://curl.se -o/dev/null -w '%{http_version}\n' - -# test brotli compression -docker exec \ - -i "$CONTAINER_NAME" \ - curl --compressed https://httpbin.org/brotli diff --git a/community_images/curl/curlimages/image.yml b/community_images/curl/curlimages/image.yml deleted file mode 100644 index e472325b1e..0000000000 --- a/community_images/curl/curlimages/image.yml +++ /dev/null @@ -1,51 +0,0 @@ -name: curl -official_name: Curl -official_website: https://github.com/curl/curl-docker -source_image_provider: curlimages -source_image_repo: docker.io/curlimages/curl -source_image_repo_link: https://hub.docker.com/r/curlimages/curl -source_image_readme: https://github.com/curl/curl-docker/blob/master/README.md -rf_docker_link: rapidfort/curl -image_workflow_name: curl_curlimages -github_location: curl/curlimages -report_url: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fcurlimages%2Fcurl -usage_instructions: | - # Check everything works properly by running: - - $ docker run --rm rapidfort/curl:latest --version - - # Here is a more specific example of running curl docker container: - - $ docker run --rm rapidfort/curl:latest -L -v https://curl.haxx.se - - # To work with files it is best to mount directory: - - $ docker run --rm -it -v "$PWD:/work" rapidfort/curl -d@/work/test.txt https://httpbin.org/post - -what_is_text: | - curl is a command line tool and library for transferring data with URLs. - - curl is used in command lines or scripts to transfer data. It is also used in cars, television sets, routers, printers, audio equipment, mobile phones, tablets, settop boxes, media players and is the internet transfer backbone for thousands of software applications affecting billions of humans daily. - Supports the following protocols (so far!):. - DICT, FILE, FTP, FTPS, Gopher, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, POP3, POP3S, RTMP, RTSP, SCP, SFTP, SMB, SMBS, SMTP, SMTPS, Telnet and TFTP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, HTTP/2, cookies, user+password authentication (Basic, Plain, Digest, CRAM-MD5, NTLM, Negotiate and Kerberos), file transfer resume, proxy tunnelling and more. - -disclaimer: | - Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. -docker_links: - - "[`7.xx.x`, `latest` (latest/Dockerfile)](https://github.com/curl/curl-docker/blob/master/alpine/latest/Dockerfile)" -input_registry: - registry: docker.io - account: curlimages -repo_sets: - - curl: - input_base_tag: "7." -needs_common_commands: false -runtimes: - - type: docker - script: docker_coverage.sh - wait_time_sec: 5 - curl: - entrypoint: /tmp/sleep_script.sh - volumes: - test.txt: /work/test.txt - sleep_script.sh: /tmp/sleep_script.sh diff --git a/community_images/curl/curlimages/sleep_script.sh b/community_images/curl/curlimages/sleep_script.sh deleted file mode 100755 index 379476d6e2..0000000000 --- a/community_images/curl/curlimages/sleep_script.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/ash -# shellcheck shell=dash - -sleep infinity diff --git a/community_images/curl/curlimages/test.txt b/community_images/curl/curlimages/test.txt deleted file mode 100644 index 362791b037..0000000000 --- a/community_images/curl/curlimages/test.txt +++ /dev/null @@ -1 +0,0 @@ -hello world!! \ No newline at end of file diff --git a/community_images/elasticsearch/bitnami/.rfignore b/community_images/elasticsearch/bitnami/.rfignore deleted file mode 100644 index 369165fb41..0000000000 --- a/community_images/elasticsearch/bitnami/.rfignore +++ /dev/null @@ -1,5 +0,0 @@ -opt/bitnami/common/licenses -opt/bitnami/elasticsearch/licenses -opt/bitnami/licenses -usr/share/common-licenses -opt/bitnami/scripts \ No newline at end of file diff --git a/community_images/elasticsearch/bitnami/README.md b/community_images/elasticsearch/bitnami/README.md deleted file mode 100644 index df239f5edb..0000000000 --- a/community_images/elasticsearch/bitnami/README.md +++ /dev/null @@ -1,143 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for ElasticSearch - -RapidFort’s container optimization process hardened this ElasticSearch container. This container is free to use and has no license limitations. - -It is the same as the [Bitnami ElasticSearch][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is ElasticSearch? - -> Elasticsearch is a distributed search and analytics engine. It is used for web search, log monitoring, and real-time analytics. Ideal for Big Data applications. - - -[Overview of ElasticSearch](https://www.elastic.co/) - -Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - - -## How do I use this hardened ElasticSearch image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -$ helm repo add bitnami https://charts.bitnami.com/bitnami - -# install elasticsearch, just replace repository with RapidFort registry -$ helm install my-elasticsearch bitnami/elasticsearch --set image.repository=rapidfort/elasticsearch - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [Bitnami ElasticSearch][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [Bitnami ElasticSearch][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/elasticsearch][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links -* [`8`, `8-debian-11`, `8.11.2`, `8.11.2-debian-11-r` (8/debian-11/Dockerfile)](https://github.com/bitnami/containers/tree/main/bitnami/elasticsearch/8/debian-11/Dockerfile) -* [`7`, `7-debian-11`, `7.17.15`, `7.17.15-debian-11-r` (7/debian-11/Dockerfile)](https://github.com/bitnami/containers/tree/main/bitnami/elasticsearch/7/debian-11/Dockerfile) - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=elasticsearch&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Felasticsearch?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=elasticsearch&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Felasticsearch?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=elasticsearch&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Felasticsearch?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=elasticsearch&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Felasticsearch?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=elasticsearch&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Felasticsearch?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=elasticsearch&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/elasticsearch?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/elasticsearch?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/elasticsearch/bitnami/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/elasticsearch/bitnami/assets/cve_reduction.webp - -[source-image-repo-link]: https://hub.docker.com/r/bitnami/elasticsearch -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/elasticsearch diff --git a/community_images/elasticsearch/bitnami/assets/cve_reduction.webp b/community_images/elasticsearch/bitnami/assets/cve_reduction.webp deleted file mode 100644 index c94a7fe6fe..0000000000 Binary files a/community_images/elasticsearch/bitnami/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/elasticsearch/bitnami/assets/metrics.webp b/community_images/elasticsearch/bitnami/assets/metrics.webp deleted file mode 100644 index c3092c854e..0000000000 Binary files a/community_images/elasticsearch/bitnami/assets/metrics.webp and /dev/null differ diff --git a/community_images/elasticsearch/bitnami/coverage.sh b/community_images/elasticsearch/bitnami/coverage.sh deleted file mode 100755 index a4c82cf7d4..0000000000 --- a/community_images/elasticsearch/bitnami/coverage.sh +++ /dev/null @@ -1,60 +0,0 @@ -#!/bin/bash - -set -e -set -x - -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -# shellcheck disable=SC1091 -. "${SCRIPTPATH}"/../../common/scripts/bash_helper.sh - -function test_elasticsearch_using_kubectl() { - local NAMESPACE=$1 - local ES_SERVER=$2 - - ESCLIENT_POD_NAME="elasticsearch-client" - kubectl run "${ESCLIENT_POD_NAME}" --restart='Never' --image bitnami/python --namespace "${NAMESPACE}" --command -- sleep infinity - # wait for publisher pod to come up - kubectl wait pods "${ESCLIENT_POD_NAME}" -n "${NAMESPACE}" --for=condition=ready --timeout=10m - echo "#!/bin/bash - python -m pip install elasticsearch - python3 /tmp/es_test.py --es-server=$ES_SERVER" > "$SCRIPTPATH"/es_commands.sh - - kubectl -n "${NAMESPACE}" cp "${SCRIPTPATH}"/es_test.py "${ESCLIENT_POD_NAME}":/tmp/es_test.py - chmod +x "$SCRIPTPATH"/es_commands.sh - kubectl -n "${NAMESPACE}" cp "${SCRIPTPATH}"/es_commands.sh "${ESCLIENT_POD_NAME}":/tmp/es_commands.sh - - kubectl -n "${NAMESPACE}" exec -i "${ESCLIENT_POD_NAME}" -- bash -c "/tmp/es_commands.sh" - - # delete the client containers - kubectl -n "${NAMESPACE}" delete pod "${ESCLIENT_POD_NAME}" - - # delete the generated command files - rm "$SCRIPTPATH"/es_commands.sh -} - -function test_elasticsearch() { - local ES_SERVER=$1 - local ES_NETWORK=$2 - - ESCLIENT_POD_NAME="elasticsearch-client" - docker run --rm --net "$ES_NETWORK" --name "${ESCLIENT_POD_NAME}" -d bitnami/python bash -c 'sleep infinity' - # wait for publisher pod to come up - # shellcheck disable=SC1083 - until [ "$(docker inspect -f {{.State.Running}} elasticsearch-client)" == "true" ]; do sleep 1; done - echo "#!/bin/bash - python -m pip install elasticsearch - python3 /tmp/es_test.py --es-server=$ES_SERVER" > "$SCRIPTPATH"/es_commands.sh - - docker cp "${SCRIPTPATH}"/es_test.py "${ESCLIENT_POD_NAME}":/tmp/es_test.py - chmod +x "$SCRIPTPATH"/es_commands.sh - docker cp "${SCRIPTPATH}"/es_commands.sh "${ESCLIENT_POD_NAME}":/tmp/es_commands.sh - - with_backoff docker exec -t "${ESCLIENT_POD_NAME}" bash /tmp/es_commands.sh - - # delete the client containers - docker rm -f "${ESCLIENT_POD_NAME}" || echo "couldn't delete the client container ${ESCLIENT_POD_NAME}" - - # delete the generated command files - rm "$SCRIPTPATH"/es_commands.sh -} diff --git a/community_images/elasticsearch/bitnami/dc_coverage.sh b/community_images/elasticsearch/bitnami/dc_coverage.sh deleted file mode 100755 index aaf5bd50f9..0000000000 --- a/community_images/elasticsearch/bitnami/dc_coverage.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/bash - -set -x -set -e - -# shellcheck disable=SC1091 -SCRIPTPATH="$( - cd -- "$(dirname "$0")" >/dev/null 2>&1 - pwd -P -)" - -# shellcheck disable=SC1091 -. "${SCRIPTPATH}"/coverage.sh - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" - -ES_SERVER="127.0.0.1" -NAMESPACE_NET=$(jq -r '.namespace_name' < "$JSON_PARAMS") -NAMESPACE_NET="${NAMESPACE_NET}_es-bnet" -# run coverage script -test_elasticsearch "${ES_SERVER}" "${NAMESPACE_NET}" \ No newline at end of file diff --git a/community_images/elasticsearch/bitnami/docker-compose.yml b/community_images/elasticsearch/bitnami/docker-compose.yml deleted file mode 100644 index e107afab64..0000000000 --- a/community_images/elasticsearch/bitnami/docker-compose.yml +++ /dev/null @@ -1,27 +0,0 @@ -version: '2' - -services: - elasticsearch: - image: ${ELASTICSEARCH_IMAGE_REPOSITORY}:${ELASTICSEARCH_IMAGE_TAG} - container_name: es-bcontainer - cap_add: - - SYS_PTRACE - ports: - - '9200:9200' - - '9300:9300' - environment: - - xpack.ml.enabled=false - - xpack.security.enabled=false - - "discovery.type=single-node" - networks: - - es-bnet - volumes: - - 'elasticsearch_data:/bitnami/elasticsearch/data' - -networks: - es-bnet: - driver: bridge - -volumes: - elasticsearch_data: - driver: local diff --git a/community_images/elasticsearch/bitnami/es_test.py b/community_images/elasticsearch/bitnami/es_test.py deleted file mode 100755 index 06ccfd4a14..0000000000 --- a/community_images/elasticsearch/bitnami/es_test.py +++ /dev/null @@ -1,53 +0,0 @@ -"""The test for elasticsearch.""" -#!/usr/bin/env python3 -import getopt -import sys - -from datetime import datetime -from elasticsearch import Elasticsearch # pylint: disable=import-error - -# pylint: disable=invalid-name -try: - opts, args = getopt.getopt(sys.argv[1:], "s:", ["es-server="]) -except getopt.GetoptError: - print('python3 publish.py --es-server ') - sys.exit(2) -for opt, arg in opts: - if opt in ("--es-server", "--s"): - server = arg - -es = Elasticsearch('http://es-bcontainer:9200') - -doc = { - 'author': 'test_author', - 'text': 'Interensting content...', - 'timestamp': datetime.now(), -} -resp = es.index(index="test-index", id=1, document=doc) -print(resp['result']) - -# get the document -resp = es.get(index="test-index", id=1) -print(resp['_source']) - -# refresh the indices -es.indices.refresh(index="test-index") - -# search within the doc -resp = es.search(index="test-index", query={"match_all": {}}) -print(f"Got {resp['hits']['total']['value']} Hits:") -for hit in resp['hits']['hits']: - print(f"{hit['_source']['timestamp']} {hit['_source']['author']}: {hit['_source']['text']}") - - -# updating the document -doc = { - 'author': 'test_author', - 'text': 'Interensting modified content...', - 'timestamp': datetime.now(), -} -resp = es.update(index="test-index", id=1, doc=doc) -print(resp['result']) - -# delete the document -es.delete(index="test-index", id=1) diff --git a/community_images/elasticsearch/bitnami/image.yml b/community_images/elasticsearch/bitnami/image.yml deleted file mode 100644 index e3b43decf7..0000000000 --- a/community_images/elasticsearch/bitnami/image.yml +++ /dev/null @@ -1,37 +0,0 @@ -name: elasticsearch -official_name: ElasticSearch -official_website: https://www.elastic.co/ -source_image_provider: Bitnami -source_image_repo: docker.io/bitnami/elasticsearch -source_image_repo_link: https://hub.docker.com/r/bitnami/elasticsearch -source_image_readme: https://github.com/bitnami/containers/blob/main/bitnami/elasticsearch/README.md -rf_docker_link: rapidfort/elasticsearch -image_workflow_name: elasticsearch_bitnami -github_location: elasticsearch/bitnami -report_url: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Felasticsearch -usage_instructions: | - $ helm repo add bitnami https://charts.bitnami.com/bitnami - - # install elasticsearch, just replace repository with RapidFort registry - $ helm install my-elasticsearch bitnami/elasticsearch --set image.repository=rapidfort/elasticsearch -what_is_text: | - Elasticsearch is a distributed search and analytics engine. It is used for web search, log monitoring, and real-time analytics. Ideal for Big Data applications. -disclaimer: | - Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. -input_registry: - registry: docker.io - account: bitnami -repo_sets: - - elasticsearch: - input_base_tag: "8.10.3-debian-11-r" - - elasticsearch: - input_base_tag: "7.17.14-debian-11-r" -runtimes: - - type: docker_compose - script: dc_coverage.sh - compose_file: docker-compose.yml - wait_time_sec: 120 - image_keys: - elasticsearch: - repository: "ELASTICSEARCH_IMAGE_REPOSITORY" - tag: "ELASTICSEARCH_IMAGE_TAG" diff --git a/community_images/elasticsearch/bitnami/overrides.yml b/community_images/elasticsearch/bitnami/overrides.yml deleted file mode 100644 index f201e68505..0000000000 --- a/community_images/elasticsearch/bitnami/overrides.yml +++ /dev/null @@ -1,18 +0,0 @@ -image: - pullSecrets: ["rf-regcred"] - pullPolicy: Always -containerSecurityContext: - enabled: true - runAsUser: 1001 - allowPrivilegeEscalation: true - capabilities: - add: ["SYS_PTRACE"] -extraEnvVars: - - name: "RF_VERBOSE" - value: "0" -livenessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 -readinessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 diff --git a/community_images/elasticsearch/official/.rfignore b/community_images/elasticsearch/official/.rfignore deleted file mode 100755 index 1c799e0088..0000000000 --- a/community_images/elasticsearch/official/.rfignore +++ /dev/null @@ -1 +0,0 @@ -usr/share/common-licenses \ No newline at end of file diff --git a/community_images/elasticsearch/official/README.md b/community_images/elasticsearch/official/README.md deleted file mode 100755 index 18e4220f59..0000000000 --- a/community_images/elasticsearch/official/README.md +++ /dev/null @@ -1,141 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for ElasticSearch Official - -RapidFort’s container optimization process hardened this ElasticSearch Official container. This container is free to use and has no license limitations. - -It is the same as the [The Elastic Team ElasticSearch Official][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is ElasticSearch Official? - -> Elasticsearch is a distributed search and analytics engine. It is used for web search, log monitoring, and real-time analytics. Ideal for Big Data applications. - - -[Overview of ElasticSearch Official](https://www.elastic.co/) - -Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - - -## How do I use this hardened ElasticSearch Official image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -# Using docker run: -$ docker run -d --name elasticsearch --net somenetwork -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" rapidfort/elasticsearch-official - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [The Elastic Team ElasticSearch Official][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [The Elastic Team ElasticSearch Official][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/elasticsearch-official][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links -* [`8.6.2`](https://github.com/docker-library/elasticsearch/blob/90e34ca306d9800d3c0ab1c59387b93e89c69796/8/Dockerfile) -* [`7.17.9`](https://github.com/docker-library/elasticsearch/blob/584687331345cc631249925517b78b2f1058914c/7/Dockerfile) - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=elasticsearch-official&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Felasticsearch?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=elasticsearch-official&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Felasticsearch?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=elasticsearch-official&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Felasticsearch?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=elasticsearch-official&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Felasticsearch?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=elasticsearch-official&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Felasticsearch?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=elasticsearch-official&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/elasticsearch-official?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/elasticsearch-official?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/elasticsearch/official/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/elasticsearch/official/assets/cve_reduction.webp - -[source-image-repo-link]: https://hub.docker.com/_/elasticsearch -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/elasticsearch-official diff --git a/community_images/elasticsearch/official/assets/cve_reduction.webp b/community_images/elasticsearch/official/assets/cve_reduction.webp deleted file mode 100644 index a9448fde7f..0000000000 Binary files a/community_images/elasticsearch/official/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/elasticsearch/official/assets/metrics.webp b/community_images/elasticsearch/official/assets/metrics.webp deleted file mode 100644 index 17abb0ab68..0000000000 Binary files a/community_images/elasticsearch/official/assets/metrics.webp and /dev/null differ diff --git a/community_images/elasticsearch/official/coverage.sh b/community_images/elasticsearch/official/coverage.sh deleted file mode 100755 index 28d4e4e51f..0000000000 --- a/community_images/elasticsearch/official/coverage.sh +++ /dev/null @@ -1,60 +0,0 @@ -#!/bin/bash - -set -e -set -x - -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -# shellcheck disable=SC1091 -. "${SCRIPTPATH}"/../../common/scripts/bash_helper.sh - -function test_elasticsearch_using_kubectl() { - local NAMESPACE=$1 - local ES_SERVER=$2 - - ESCLIENT_POD_NAME="elasticsearch-client" - kubectl run "${ESCLIENT_POD_NAME}" --restart='Never' --image bitnami/python --namespace "${NAMESPACE}" --command -- sleep infinity - # wait for publisher pod to come up - kubectl wait pods "${ESCLIENT_POD_NAME}" -n "${NAMESPACE}" --for=condition=ready --timeout=10m - echo "#!/bin/bash - python -m pip install elasticsearch - python3 /tmp/es_test.py --es-server=$ES_SERVER" > "$SCRIPTPATH"/es_commands.sh - - kubectl -n "${NAMESPACE}" cp "${SCRIPTPATH}"/es_test.py "${ESCLIENT_POD_NAME}":/tmp/es_test.py - chmod +x "$SCRIPTPATH"/es_commands.sh - kubectl -n "${NAMESPACE}" cp "${SCRIPTPATH}"/es_commands.sh "${ESCLIENT_POD_NAME}":/tmp/es_commands.sh - - kubectl -n "${NAMESPACE}" exec -i "${ESCLIENT_POD_NAME}" -- bash -c "/tmp/es_commands.sh" - - # delete the client containers - kubectl -n "${NAMESPACE}" delete pod "${ESCLIENT_POD_NAME}" - - # delete the generated command files - rm "$SCRIPTPATH"/es_commands.sh -} - -function test_elasticsearch() { - local ES_SERVER=$1 - local ES_NETWORK=$2 - - ESCLIENT_POD_NAME="elasticsearch-client" - docker run --rm --net "$ES_NETWORK" --name "${ESCLIENT_POD_NAME}" -d bitnami/python bash -c 'sleep infinity' - # wait for publisher pod to come up - - # shellcheck disable=SC1083 - until [ "$(docker inspect -f {{.State.Running}} elasticsearch-client)" == "true" ]; do sleep 1; done - echo "#!/bin/bash - python -m pip install elasticsearch - python3 /tmp/es_test.py --es-server=$ES_SERVER" > "$SCRIPTPATH"/es_commands.sh - - docker cp "${SCRIPTPATH}"/es_test.py "${ESCLIENT_POD_NAME}":/tmp/es_test.py - chmod +x "$SCRIPTPATH"/es_commands.sh - docker cp "${SCRIPTPATH}"/es_commands.sh "${ESCLIENT_POD_NAME}":/tmp/es_commands.sh - with_backoff docker exec -t "${ESCLIENT_POD_NAME}" bash /tmp/es_commands.sh - - # delete the client containers - docker rm -f "${ESCLIENT_POD_NAME}" || echo "couldn't delete the client container ${ESCLIENT_POD_NAME}" - - # delete the generated command files - rm "$SCRIPTPATH"/es_commands.sh -} diff --git a/community_images/elasticsearch/official/dc_coverage.sh b/community_images/elasticsearch/official/dc_coverage.sh deleted file mode 100755 index 2f143b9dcf..0000000000 --- a/community_images/elasticsearch/official/dc_coverage.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/bash - -set -x -set -e - -# shellcheck disable=SC1091 -SCRIPTPATH="$( - cd -- "$(dirname "$0")" >/dev/null 2>&1 - pwd -P -)" - -# shellcheck disable=SC1091 -. "${SCRIPTPATH}"/coverage.sh - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" - -ES_SERVER="127.0.0.1" -NAMESPACE_NET=$(jq -r '.namespace_name' < "$JSON_PARAMS") -NAMESPACE_NET="${NAMESPACE_NET}_es-net" - -# run coverage script -test_elasticsearch "${ES_SERVER}" "${NAMESPACE_NET}" diff --git a/community_images/elasticsearch/official/docker-compose.yml b/community_images/elasticsearch/official/docker-compose.yml deleted file mode 100755 index 37784fa47c..0000000000 --- a/community_images/elasticsearch/official/docker-compose.yml +++ /dev/null @@ -1,28 +0,0 @@ -version: '2' - -services: - elasticsearch: - image: ${ELASTICSEARCH_IMAGE_REPOSITORY}:${ELASTICSEARCH_IMAGE_TAG} - container_name: es-container - user: elasticsearch - cap_add: - - SYS_PTRACE - ports: - - '9200:9200' - - '9300:9300' - environment: - - xpack.ml.enabled=false - - xpack.security.enabled=false - - "discovery.type=single-node" - networks: - - es-net - volumes: - - 'elasticsearch_data:/var/lib/elasticsearch/data' - -networks: - es-net: - driver: bridge - -volumes: - elasticsearch_data: - driver: local diff --git a/community_images/elasticsearch/official/es_test.py b/community_images/elasticsearch/official/es_test.py deleted file mode 100755 index 363582521a..0000000000 --- a/community_images/elasticsearch/official/es_test.py +++ /dev/null @@ -1,53 +0,0 @@ -"""The test for elasticsearch.""" -#!/usr/bin/env python3 -import getopt -import sys - -from datetime import datetime -from elasticsearch import Elasticsearch # pylint: disable=import-error - -# server = 'localhost' # pylint: disable=invalid-name -try: - opts, args = getopt.getopt(sys.argv[1:], "s:", ["es-server="]) -except getopt.GetoptError: - print('python3 publish.py --es-server ') - sys.exit(2) -for opt, arg in opts: - if opt in ("--es-server", "--s"): - server = arg - -es = Elasticsearch('http://es-container:9200') - -doc = { - 'author': 'test_author', - 'text': 'Interensting content...', - 'timestamp': datetime.now(), -} -resp = es.index(index="test-index", id=1, document=doc) -print(resp['result']) - -# get the document -resp = es.get(index="test-index", id=1) -print(resp['_source']) - -# refresh the indices -es.indices.refresh(index="test-index") - -# search within the doc -resp = es.search(index="test-index", query={"match_all": {}}) -print(f"Got {resp['hits']['total']['value']} Hits:") -for hit in resp['hits']['hits']: - print(f"{hit['_source']['timestamp']} {hit['_source']['author']}: {hit['_source']['text']}") - - -# updating the document -doc = { - 'author': 'test_author', - 'text': 'Interensting modified content...', - 'timestamp': datetime.now(), -} -resp = es.update(index="test-index", id=1, doc=doc) -print(resp['result']) - -# delete the document -es.delete(index="test-index", id=1) diff --git a/community_images/elasticsearch/official/image.yml b/community_images/elasticsearch/official/image.yml deleted file mode 100755 index 1fce69fde8..0000000000 --- a/community_images/elasticsearch/official/image.yml +++ /dev/null @@ -1,40 +0,0 @@ -name: elasticsearch-official -official_name: ElasticSearch Official -official_website: https://www.elastic.co/ -source_image_provider: The Elastic Team -source_image_repo: docker.io/library/elasticsearch -source_image_repo_link: https://hub.docker.com/_/elasticsearch -source_image_readme: https://github.com/docker-library/docs/blob/master/elasticsearch/README.md -rf_docker_link: rapidfort/elasticsearch-official -image_workflow_name: elasticsearch_official -github_location: elasticsearch/official -report_url: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Felasticsearch -usage_instructions: | - # Using docker run: - $ docker run -d --name elasticsearch --net somenetwork -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" rapidfort/elasticsearch-official -what_is_text: | - Elasticsearch is a distributed search and analytics engine. It is used for web search, log monitoring, and real-time analytics. Ideal for Big Data applications. -disclaimer: | - Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. -docker_links: - - "[`8.6.2`](https://github.com/docker-library/elasticsearch/blob/90e34ca306d9800d3c0ab1c59387b93e89c69796/8/Dockerfile)" - - "[`7.17.9`](https://github.com/docker-library/elasticsearch/blob/584687331345cc631249925517b78b2f1058914c/7/Dockerfile)" -input_registry: - registry: docker.io - account: library -repo_sets: - - elasticsearch: - input_base_tag: "8.6.*" - output_repo: elasticsearch-official - - elasticsearch: - input_base_tag: "7.17.*" - output_repo: elasticsearch-official -runtimes: - - type: docker_compose - script: dc_coverage.sh - compose_file: docker-compose.yml - wait_time_sec: 120 - image_keys: - elasticsearch-official: - repository: "ELASTICSEARCH_IMAGE_REPOSITORY" - tag: "ELASTICSEARCH_IMAGE_TAG" diff --git a/community_images/elasticsearch/official/overrides.yml b/community_images/elasticsearch/official/overrides.yml deleted file mode 100644 index f201e68505..0000000000 --- a/community_images/elasticsearch/official/overrides.yml +++ /dev/null @@ -1,18 +0,0 @@ -image: - pullSecrets: ["rf-regcred"] - pullPolicy: Always -containerSecurityContext: - enabled: true - runAsUser: 1001 - allowPrivilegeEscalation: true - capabilities: - add: ["SYS_PTRACE"] -extraEnvVars: - - name: "RF_VERBOSE" - value: "0" -livenessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 -readinessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 diff --git a/community_images/envoy/bitnami/.rfignore b/community_images/envoy/bitnami/.rfignore deleted file mode 100644 index 222cc900af..0000000000 --- a/community_images/envoy/bitnami/.rfignore +++ /dev/null @@ -1,4 +0,0 @@ -opt/bitnami/common/licenses -opt/bitnami/licenses -opt/bitnami/envoy/licenses -usr/share/common-licenses diff --git a/community_images/envoy/bitnami/README.md b/community_images/envoy/bitnami/README.md deleted file mode 100644 index cbc0cb6ec2..0000000000 --- a/community_images/envoy/bitnami/README.md +++ /dev/null @@ -1,142 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for Envoy - -RapidFort’s container optimization process hardened this Envoy container. This container is free to use and has no license limitations. - -It is the same as the [Bitnami Envoy][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is Envoy? - -> Envoy is a distributed, high-performance proxy for cloud-native applications. It features a small memory footprint, universal application language compatibility, and supports http/2 and gRPC. - - -[Overview of Envoy](https://www.envoyproxy.io/) - -Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - - -## How do I use this hardened Envoy image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -$ docker run --name envoy rapidfort/envoy:latest - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [Bitnami Envoy][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [Bitnami Envoy][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/envoy][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links -* [`1.28`, `1.28-debian-11`, `1.28.0`, `1.28.0-debian-11-r` (1.28/debian-11/Dockerfile)](https://github.com/bitnami/containers/tree/main/bitnami/envoy/1.28/debian-11/Dockerfile) -* [`1.27`, `1.27-debian-11`, `1.27.2`, `1.27.2-debian-11-r` (1.27/debian-11/Dockerfile)](https://github.com/bitnami/containers/tree/main/bitnami/envoy/1.27/debian-11/Dockerfile) -* [`1.26`, `1.26-debian-11`, `1.26.6`, `1.26.6-debian-11-r` (1.26/debian-11/Dockerfile)](https://github.com/bitnami/containers/tree/main/bitnami/envoy/1.26/debian-11/Dockerfile) -* [`1.25`, `1.25-debian-11`, `1.25.11`, `1.25.11-debian-11-r` (1.25/debian-11/Dockerfile)](https://github.com/bitnami/containers/tree/main/bitnami/envoy/1.25/debian-11/Dockerfile) - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=envoy&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fenvoy?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=envoy&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fenvoy?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=envoy&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fenvoy?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=envoy&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fenvoy?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=envoy&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fenvoy?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=envoy&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/envoy?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/envoy?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/envoy/bitnami/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/envoy/bitnami/assets/cve_reduction.webp - -[source-image-repo-link]: https://hub.docker.com/r/bitnami/envoy -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/envoy diff --git a/community_images/envoy/bitnami/assets/cve_reduction.webp b/community_images/envoy/bitnami/assets/cve_reduction.webp deleted file mode 100644 index af858d4d53..0000000000 Binary files a/community_images/envoy/bitnami/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/envoy/bitnami/assets/metrics.webp b/community_images/envoy/bitnami/assets/metrics.webp deleted file mode 100644 index 97c51da0a4..0000000000 Binary files a/community_images/envoy/bitnami/assets/metrics.webp and /dev/null differ diff --git a/community_images/envoy/bitnami/configs/dynamic/bootstrap.yaml b/community_images/envoy/bitnami/configs/dynamic/bootstrap.yaml deleted file mode 100644 index 5e889f4b66..0000000000 --- a/community_images/envoy/bitnami/configs/dynamic/bootstrap.yaml +++ /dev/null @@ -1,33 +0,0 @@ -# bootstrap.yaml -node: - cluster: test-cluster - id: test-id - -# receive a request of readiness probe via the listener -admin: - address: - socket_address: - address: 127.0.0.1 - port_value: 9901 - access_log: - - name: envoy.access_loggers.stdout - typed_config: - "@type": type.googleapis.com/envoy.extensions.access_loggers.stream.v3.StdoutAccessLog - -dynamic_resources: - cds_config: - resource_api_version: V3 - path_config_source: - path: /etc/envoy/cds.yaml - # only if using a ConfigMap - # https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/config_source.proto#envoy-v3-api-msg-config-core-v3-pathconfigsource - watched_directory: - path: /etc/envoy - lds_config: - resource_api_version: V3 - path_config_source: - path: /etc/envoy/lds.yaml - # only if using a ConfigMap - # https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/config_source.proto#envoy-v3-api-msg-config-core-v3-pathconfigsource - watched_directory: - path: /etc/envoy \ No newline at end of file diff --git a/community_images/envoy/bitnami/configs/dynamic/cds.yaml b/community_images/envoy/bitnami/configs/dynamic/cds.yaml deleted file mode 100644 index af458c6ee0..0000000000 --- a/community_images/envoy/bitnami/configs/dynamic/cds.yaml +++ /dev/null @@ -1,32 +0,0 @@ -# /etc/envoy/cds.yaml -resources: - - "@type": type.googleapis.com/envoy.config.cluster.v3.Cluster - name: cluster_0 - connect_timeout: 30s - type: LOGICAL_DNS - dns_lookup_family: V4_ONLY - load_assignment: - cluster_name: cluster_0 - endpoints: - - lb_endpoints: - - endpoint: - address: - socket_address: - address: httpbin.org - port_value: 80 - - # expose the admin endpoint for readiness probe - - "@type": type.googleapis.com/envoy.config.cluster.v3.Cluster - name: admin_cluster - connect_timeout: 30s - type: LOGICAL_DNS - dns_lookup_family: V4_ONLY - load_assignment: - cluster_name: admin_cluster - endpoints: - - lb_endpoints: - - endpoint: - address: - socket_address: - address: 127.0.0.1 - port_value: 9901 \ No newline at end of file diff --git a/community_images/envoy/bitnami/configs/dynamic/lds.yaml b/community_images/envoy/bitnami/configs/dynamic/lds.yaml deleted file mode 100644 index 8ead51d4d8..0000000000 --- a/community_images/envoy/bitnami/configs/dynamic/lds.yaml +++ /dev/null @@ -1,47 +0,0 @@ -# /etc/envoy/lds.yaml -resources: - - "@type": type.googleapis.com/envoy.config.listener.v3.Listener - name: listener_0 - address: - socket_address: - address: 0.0.0.0 - port_value: 8081 - filter_chains: - - filters: - - name: envoy.filters.network.tcp_proxy - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - stat_prefix: destination - cluster: cluster_0 - access_log: - - name: envoy.access_loggers.stdout - typed_config: - "@type": type.googleapis.com/envoy.extensions.access_loggers.stream.v3.StdoutAccessLog - - # expose the admin endpoint for readiness probe - - "@type": type.googleapis.com/envoy.config.listener.v3.Listener - name: ready_listener - address: - socket_address: - address: 0.0.0.0 - port_value: 9001 - filter_chains: - - filters: - - name: envoy.filters.network.http_connection_manager - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - stat_prefix: ready_listener - http_filters: - - name: envoy.filters.http.router - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router - route_config: - name: local_route - virtual_hosts: - - name: local_service - domains: ["*"] - routes: - - match: - path: "/ready" - route: - cluster: admin_cluster \ No newline at end of file diff --git a/community_images/envoy/bitnami/configs/envoy.yaml b/community_images/envoy/bitnami/configs/envoy.yaml deleted file mode 100644 index 8eee68f9e9..0000000000 --- a/community_images/envoy/bitnami/configs/envoy.yaml +++ /dev/null @@ -1,105 +0,0 @@ -admin: - access_log_path: /tmp/admin_access.log - address: - socket_address: { address: 127.0.0.1, port_value: 8081 } - -static_resources: - listeners: - - name: listener_0 - address: - socket_address: { address: 0.0.0.0, port_value: 8080 } - filter_chains: - - filters: - - name: envoy.filters.network.http_connection_manager - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - stat_prefix: ingress_http - codec_type: AUTO - route_config: - name: local_route - virtual_hosts: - - name: local_service - domains: ["*"] - routes: - - match: { prefix: "/a" } - route: { cluster: servicea, prefix_rewrite: "/" } - - match: { prefix: "/b" } - route: { cluster: serviceb, prefix_rewrite: "/" } - http_filters: - - name: envoy.filters.http.router - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router - - name: listener_1 - address: - socket_address: { address: 0.0.0.0, port_value: 8443 } - filter_chains: - - filters: - - name: envoy.filters.network.http_connection_manager - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - stat_prefix: ingress_http - codec_type: AUTO - route_config: - name: local_route - virtual_hosts: - - name: local_service - domains: ["*"] - routes: - - match: { prefix: "/a" } - route: { cluster: servicea, prefix_rewrite: "/" } - - match: { prefix: "/b" } - route: { cluster: serviceb, prefix_rewrite: "/" } - http_filters: - - name: envoy.filters.http.router - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router - transport_socket: - name: envoy.transport_sockets.tls - typed_config: - "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext - common_tls_context: - tls_params: - tls_minimum_protocol_version: TLSv1_3 - tls_certificates: - - certificate_chain: {filename: "/certs/server.crt"} - private_key: {filename: "/certs/server.key"} - validation_context: - trusted_ca: - filename: /etc/ssl/certs/ca-certificates.crt - clusters: - - name: servicea - connect_timeout: 0.25s - type: STRICT_DNS - lb_policy: ROUND_ROBIN - load_assignment: - cluster_name: servicea_cluster - endpoints: - - lb_endpoints: - - endpoint: - address: - socket_address: - address: backend1a - port_value: 80 - - endpoint: - address: - socket_address: - address: backend2a - port_value: 80 - - name: serviceb - connect_timeout: 0.25s - type: STRICT_DNS - lb_policy: ROUND_ROBIN - load_assignment: - cluster_name: serviceb_cluster - endpoints: - - lb_endpoints: - - endpoint: - address: - socket_address: - address: backend1b - port_value: 80 - - endpoint: - address: - socket_address: - address: backend2b - port_value: 80 \ No newline at end of file diff --git a/community_images/envoy/bitnami/configs/envoy_non_tls.yaml b/community_images/envoy/bitnami/configs/envoy_non_tls.yaml deleted file mode 100644 index d302ea83a7..0000000000 --- a/community_images/envoy/bitnami/configs/envoy_non_tls.yaml +++ /dev/null @@ -1,34 +0,0 @@ -# https://www.envoyproxy.io/docs/envoy/latest/start/quick-start/configuration-static -static_resources: - listeners: - - name: listener_0 - address: - socket_address: - address: 0.0.0.0 - port_value: 8080 - filter_chains: - - filters: - - name: envoy.filters.network.tcp_proxy - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - stat_prefix: destination - cluster: cluster_0 - access_log: - - name: envoy.access_loggers.stdout - typed_config: - "@type": type.googleapis.com/envoy.extensions.access_loggers.stream.v3.StdoutAccessLog - - clusters: - - name: cluster_0 - connect_timeout: 30s - type: LOGICAL_DNS - dns_lookup_family: V4_ONLY - load_assignment: - cluster_name: cluster_0 - endpoints: - - lb_endpoints: - - endpoint: - address: - socket_address: - address: httpbin.org - port_value: 80 \ No newline at end of file diff --git a/community_images/envoy/bitnami/coverage_script.sh b/community_images/envoy/bitnami/coverage_script.sh deleted file mode 100755 index e9930cb73b..0000000000 --- a/community_images/envoy/bitnami/coverage_script.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash - -set -x -set -e - -echo "Running coverage script" \ No newline at end of file diff --git a/community_images/envoy/bitnami/dc_coverage.sh b/community_images/envoy/bitnami/dc_coverage.sh deleted file mode 100755 index 20ee7f5de0..0000000000 --- a/community_images/envoy/bitnami/dc_coverage.sh +++ /dev/null @@ -1,40 +0,0 @@ -#!/bin/bash - -set -x -set -e - -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -# shellcheck disable=SC1091 -. "${SCRIPTPATH}"/../../common/scripts/bash_helper.sh - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" - -PROJECT_NAME=$(jq -r '.project_name' < "$JSON_PARAMS") - -CONTAINER_NAME="${PROJECT_NAME}"-envoy-1 - -# exec into container and run coverage script -docker exec -i "${CONTAINER_NAME}" bash -c /opt/bitnami/scripts/coverage_script.sh - -# log for debugging -docker inspect "${CONTAINER_NAME}" - -# find non-tls and tls port -NON_TLS_PORT=$(docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"8080/tcp\"[0].HostPort") -TLS_PORT=$(docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"8443/tcp\"[0].HostPort") - -# run curl in loop for different endpoints -for i in {1..20}; -do - echo "$i" - curl http://localhost:"${NON_TLS_PORT}"/a - curl http://localhost:"${NON_TLS_PORT}"/b - with_backoff curl https://localhost:"${TLS_PORT}"/a -k -v - with_backoff curl https://localhost:"${TLS_PORT}"/b -k -v -done - diff --git a/community_images/envoy/bitnami/docker-compose.yml b/community_images/envoy/bitnami/docker-compose.yml deleted file mode 100644 index 8ae3e125fb..0000000000 --- a/community_images/envoy/bitnami/docker-compose.yml +++ /dev/null @@ -1,31 +0,0 @@ -version: '2' - -services: - envoy: - image: ${ENVOY_IMAGE_REPOSITORY}:${ENVOY_IMAGE_TAG} - user: root - cap_add: - - SYS_PTRACE - ports: - - '0.0.0.0::8080' - - '0.0.0.0::8443' - volumes: - - ./certs:/certs - - ./configs/envoy.yaml:/opt/bitnami/envoy/conf/envoy.yaml:ro - - ./coverage_script.sh:/opt/bitnami/scripts/coverage_script.sh:ro - backend1a: - image: nginxdemos/hello:plain-text - ports: - - '80' - backend1b: - image: nginxdemos/hello:plain-text - ports: - - '80' - backend2a: - image: nginxdemos/hello:plain-text - ports: - - '80' - backend2b: - image: nginxdemos/hello:plain-text - ports: - - '80' diff --git a/community_images/envoy/bitnami/docker_coverage.sh b/community_images/envoy/bitnami/docker_coverage.sh deleted file mode 100755 index 0c1cafc91e..0000000000 --- a/community_images/envoy/bitnami/docker_coverage.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash - -set -x -set -e - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker coverage = $JSON" - -NETWORK_NAME=$(jq -r '.network_name' < "$JSON_PARAMS") -ENVOY_HOST=$(jq -r '.container_details.envoy.ip_address' < "$JSON_PARAMS") - -# run test on docker container -docker run --rm --network="${NETWORK_NAME}" \ - -i alpine \ - apk add curl;curl http://"${ENVOY_HOST}":8081/ip;curl http://"${ENVOY_HOST}":9001/ready diff --git a/community_images/envoy/bitnami/image.yml b/community_images/envoy/bitnami/image.yml deleted file mode 100644 index 8baa2a73b1..0000000000 --- a/community_images/envoy/bitnami/image.yml +++ /dev/null @@ -1,49 +0,0 @@ -name: envoy -official_name: Envoy -official_website: https://www.envoyproxy.io/ -source_image_provider: Bitnami -source_image_repo: docker.io/bitnami/envoy -source_image_repo_link: https://hub.docker.com/r/bitnami/envoy -source_image_readme: https://github.com/bitnami/containers/blob/main/bitnami/envoy/README.md -rf_docker_link: rapidfort/envoy -image_workflow_name: envoy_bitnami -github_location: envoy/bitnami -report_url: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fenvoy -usage_instructions: | - $ docker run --name envoy rapidfort/envoy:latest -what_is_text: | - Envoy is a distributed, high-performance proxy for cloud-native applications. It features a small memory footprint, universal application language compatibility, and supports http/2 and gRPC. -disclaimer: | - Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. -bitnami_excluded_branches: - - "1.21" - - "1.20" -input_registry: - registry: docker.io - account: bitnami -repo_sets: - - envoy: - input_base_tag: "1.27.1-debian-11-r" - - envoy: - input_base_tag: "1.26.5-debian-11-r" - - envoy: - input_base_tag: "1.25.10-debian-11-r" - - envoy: - input_base_tag: "1.24.11-debian-11-r" -runtimes: - - type: docker_compose - script: dc_coverage.sh - compose_file: docker-compose.yml - tls_certs: - generate: true - out_dir: certs - image_keys: - envoy: - repository: "ENVOY_IMAGE_REPOSITORY" - tag: "ENVOY_IMAGE_TAG" - - type: docker - script: docker_coverage.sh - envoy: - volumes: - configs/dynamic/bootstrap.yaml: /opt/bitnami/envoy/conf/envoy.yaml - configs/dynamic: /etc/envoy diff --git a/community_images/envoy/official/README.md b/community_images/envoy/official/README.md deleted file mode 100644 index 95bd69eaf0..0000000000 --- a/community_images/envoy/official/README.md +++ /dev/null @@ -1,138 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for Envoy Official - -RapidFort’s container optimization process hardened this Envoy Official container. This container is free to use and has no license limitations. - -It is the same as the [The Docker Community Envoy Official][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is Envoy Official? - -> Envoy is a distributed, high-performance proxy for cloud-native applications. It features a small memory footprint, universal application language compatibility, and supports http/2 and gRPC. - - -[Overview of Envoy Official](https://www.envoyproxy.io/) - -Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - - -## How do I use this hardened Envoy Official image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -$ docker run --name envoy rapidfort/envoy-official:latest - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [The Docker Community Envoy Official][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [The Docker Community Envoy Official][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/envoy-official][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=envoy-official&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fenvoyproxy%2Fenvoy?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=envoy-official&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fenvoyproxy%2Fenvoy?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=envoy-official&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fenvoyproxy%2Fenvoy?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=envoy-official&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fenvoyproxy%2Fenvoy?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=envoy-official&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fenvoyproxy%2Fenvoy?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=envoy-official&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/envoy-official?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/envoy-official?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/envoy/official/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/envoy/official/assets/cve_reduction.webp - -[source-image-repo-link]: https://hub.docker.com/r/envoyproxy/envoy -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/envoy-official diff --git a/community_images/envoy/official/assets/cve_reduction.webp b/community_images/envoy/official/assets/cve_reduction.webp deleted file mode 100644 index 22c3a9f0b3..0000000000 Binary files a/community_images/envoy/official/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/envoy/official/assets/metrics.webp b/community_images/envoy/official/assets/metrics.webp deleted file mode 100644 index 57f62bd3c6..0000000000 Binary files a/community_images/envoy/official/assets/metrics.webp and /dev/null differ diff --git a/community_images/envoy/official/configs/dynamic/bootstrap.yaml b/community_images/envoy/official/configs/dynamic/bootstrap.yaml deleted file mode 100644 index 5e889f4b66..0000000000 --- a/community_images/envoy/official/configs/dynamic/bootstrap.yaml +++ /dev/null @@ -1,33 +0,0 @@ -# bootstrap.yaml -node: - cluster: test-cluster - id: test-id - -# receive a request of readiness probe via the listener -admin: - address: - socket_address: - address: 127.0.0.1 - port_value: 9901 - access_log: - - name: envoy.access_loggers.stdout - typed_config: - "@type": type.googleapis.com/envoy.extensions.access_loggers.stream.v3.StdoutAccessLog - -dynamic_resources: - cds_config: - resource_api_version: V3 - path_config_source: - path: /etc/envoy/cds.yaml - # only if using a ConfigMap - # https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/config_source.proto#envoy-v3-api-msg-config-core-v3-pathconfigsource - watched_directory: - path: /etc/envoy - lds_config: - resource_api_version: V3 - path_config_source: - path: /etc/envoy/lds.yaml - # only if using a ConfigMap - # https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/config_source.proto#envoy-v3-api-msg-config-core-v3-pathconfigsource - watched_directory: - path: /etc/envoy \ No newline at end of file diff --git a/community_images/envoy/official/configs/dynamic/cds.yaml b/community_images/envoy/official/configs/dynamic/cds.yaml deleted file mode 100644 index af458c6ee0..0000000000 --- a/community_images/envoy/official/configs/dynamic/cds.yaml +++ /dev/null @@ -1,32 +0,0 @@ -# /etc/envoy/cds.yaml -resources: - - "@type": type.googleapis.com/envoy.config.cluster.v3.Cluster - name: cluster_0 - connect_timeout: 30s - type: LOGICAL_DNS - dns_lookup_family: V4_ONLY - load_assignment: - cluster_name: cluster_0 - endpoints: - - lb_endpoints: - - endpoint: - address: - socket_address: - address: httpbin.org - port_value: 80 - - # expose the admin endpoint for readiness probe - - "@type": type.googleapis.com/envoy.config.cluster.v3.Cluster - name: admin_cluster - connect_timeout: 30s - type: LOGICAL_DNS - dns_lookup_family: V4_ONLY - load_assignment: - cluster_name: admin_cluster - endpoints: - - lb_endpoints: - - endpoint: - address: - socket_address: - address: 127.0.0.1 - port_value: 9901 \ No newline at end of file diff --git a/community_images/envoy/official/configs/dynamic/lds.yaml b/community_images/envoy/official/configs/dynamic/lds.yaml deleted file mode 100644 index 8ead51d4d8..0000000000 --- a/community_images/envoy/official/configs/dynamic/lds.yaml +++ /dev/null @@ -1,47 +0,0 @@ -# /etc/envoy/lds.yaml -resources: - - "@type": type.googleapis.com/envoy.config.listener.v3.Listener - name: listener_0 - address: - socket_address: - address: 0.0.0.0 - port_value: 8081 - filter_chains: - - filters: - - name: envoy.filters.network.tcp_proxy - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - stat_prefix: destination - cluster: cluster_0 - access_log: - - name: envoy.access_loggers.stdout - typed_config: - "@type": type.googleapis.com/envoy.extensions.access_loggers.stream.v3.StdoutAccessLog - - # expose the admin endpoint for readiness probe - - "@type": type.googleapis.com/envoy.config.listener.v3.Listener - name: ready_listener - address: - socket_address: - address: 0.0.0.0 - port_value: 9001 - filter_chains: - - filters: - - name: envoy.filters.network.http_connection_manager - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - stat_prefix: ready_listener - http_filters: - - name: envoy.filters.http.router - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router - route_config: - name: local_route - virtual_hosts: - - name: local_service - domains: ["*"] - routes: - - match: - path: "/ready" - route: - cluster: admin_cluster \ No newline at end of file diff --git a/community_images/envoy/official/configs/envoy.yaml b/community_images/envoy/official/configs/envoy.yaml deleted file mode 100644 index 584dcc1c47..0000000000 --- a/community_images/envoy/official/configs/envoy.yaml +++ /dev/null @@ -1,105 +0,0 @@ -admin: - access_log_path: /tmp/admin_access.log - address: - socket_address: { address: 127.0.0.1, port_value: 8081 } - -static_resources: - listeners: - - name: listener_0 - address: - socket_address: { address: 0.0.0.0, port_value: 8080 } - filter_chains: - - filters: - - name: envoy.filters.network.http_connection_manager - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - stat_prefix: ingress_http - codec_type: AUTO - route_config: - name: local_route - virtual_hosts: - - name: local_service - domains: ["*"] - routes: - - match: { prefix: "/a" } - route: { cluster: servicea, prefix_rewrite: "/" } - - match: { prefix: "/b" } - route: { cluster: serviceb, prefix_rewrite: "/" } - http_filters: - - name: envoy.filters.http.router - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router - - name: listener_1 - address: - socket_address: { address: 0.0.0.0, port_value: 8443 } - filter_chains: - - filters: - - name: envoy.filters.network.http_connection_manager - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - stat_prefix: ingress_http - codec_type: AUTO - route_config: - name: local_route - virtual_hosts: - - name: local_service - domains: ["*"] - routes: - - match: { prefix: "/a" } - route: { cluster: servicea, prefix_rewrite: "/" } - - match: { prefix: "/b" } - route: { cluster: serviceb, prefix_rewrite: "/" } - http_filters: - - name: envoy.filters.http.router - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router - transport_socket: - name: envoy.transport_sockets.tls - typed_config: - "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext - common_tls_context: - tls_params: - tls_minimum_protocol_version: TLSv1_3 - tls_certificates: - - certificate_chain: {filename: "/etc/envoy/server.crt"} - private_key: {filename: "/etc/envoy/server.key"} - validation_context: - trusted_ca: - filename: /etc/ssl/certs/ca-certificates.crt - clusters: - - name: servicea - connect_timeout: 0.25s - type: STRICT_DNS - lb_policy: ROUND_ROBIN - load_assignment: - cluster_name: servicea_cluster - endpoints: - - lb_endpoints: - - endpoint: - address: - socket_address: - address: backend1a - port_value: 80 - - endpoint: - address: - socket_address: - address: backend2a - port_value: 80 - - name: serviceb - connect_timeout: 0.25s - type: STRICT_DNS - lb_policy: ROUND_ROBIN - load_assignment: - cluster_name: serviceb_cluster - endpoints: - - lb_endpoints: - - endpoint: - address: - socket_address: - address: backend1b - port_value: 80 - - endpoint: - address: - socket_address: - address: backend2b - port_value: 80 \ No newline at end of file diff --git a/community_images/envoy/official/configs/envoy_non_tls.yaml b/community_images/envoy/official/configs/envoy_non_tls.yaml deleted file mode 100644 index d302ea83a7..0000000000 --- a/community_images/envoy/official/configs/envoy_non_tls.yaml +++ /dev/null @@ -1,34 +0,0 @@ -# https://www.envoyproxy.io/docs/envoy/latest/start/quick-start/configuration-static -static_resources: - listeners: - - name: listener_0 - address: - socket_address: - address: 0.0.0.0 - port_value: 8080 - filter_chains: - - filters: - - name: envoy.filters.network.tcp_proxy - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - stat_prefix: destination - cluster: cluster_0 - access_log: - - name: envoy.access_loggers.stdout - typed_config: - "@type": type.googleapis.com/envoy.extensions.access_loggers.stream.v3.StdoutAccessLog - - clusters: - - name: cluster_0 - connect_timeout: 30s - type: LOGICAL_DNS - dns_lookup_family: V4_ONLY - load_assignment: - cluster_name: cluster_0 - endpoints: - - lb_endpoints: - - endpoint: - address: - socket_address: - address: httpbin.org - port_value: 80 \ No newline at end of file diff --git a/community_images/envoy/official/coverage_script.sh b/community_images/envoy/official/coverage_script.sh deleted file mode 100755 index e9930cb73b..0000000000 --- a/community_images/envoy/official/coverage_script.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash - -set -x -set -e - -echo "Running coverage script" \ No newline at end of file diff --git a/community_images/envoy/official/dc_coverage.sh b/community_images/envoy/official/dc_coverage.sh deleted file mode 100755 index 745a9a8f7a..0000000000 --- a/community_images/envoy/official/dc_coverage.sh +++ /dev/null @@ -1,40 +0,0 @@ -#!/bin/bash - -set -x -set -e - -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -# shellcheck disable=SC1091 -. "${SCRIPTPATH}"/../../common/scripts/bash_helper.sh - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" - -PROJECT_NAME=$(jq -r '.project_name' < "$JSON_PARAMS") - -CONTAINER_NAME="${PROJECT_NAME}"-envoy-1 - -# exec into container and run coverage script -docker exec -i "${CONTAINER_NAME}" bash -c /tmp/coverage_script.sh - -# log for debugging -docker inspect "${CONTAINER_NAME}" - -# find non-tls and tls port -NON_TLS_PORT=$(docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"8080/tcp\"[0].HostPort") -TLS_PORT=$(docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"8443/tcp\"[0].HostPort") - -# run curl in loop for different endpoints -for i in {1..20}; -do - echo "$i" - curl http://localhost:"${NON_TLS_PORT}"/a - curl http://localhost:"${NON_TLS_PORT}"/b - with_backoff curl https://localhost:"${TLS_PORT}"/a -k -v - with_backoff curl https://localhost:"${TLS_PORT}"/b -k -v -done - diff --git a/community_images/envoy/official/docker-compose.yml b/community_images/envoy/official/docker-compose.yml deleted file mode 100644 index abc02db54e..0000000000 --- a/community_images/envoy/official/docker-compose.yml +++ /dev/null @@ -1,32 +0,0 @@ -version: '2' - -services: - envoy: - image: ${ENVOY_IMAGE_REPOSITORY}:${ENVOY_IMAGE_TAG} - user: root - cap_add: - - SYS_PTRACE - ports: - - '0.0.0.0::8080' - - '0.0.0.0::8443' - volumes: - - ./certs/server.crt:/etc/envoy/server.crt - - ./certs/server.key:/etc/envoy/server.key - - ./configs/envoy.yaml:/etc/envoy/envoy.yaml:ro - - ./coverage_script.sh:/tmp/coverage_script.sh:ro - backend1a: - image: nginxdemos/hello:plain-text - ports: - - '80' - backend1b: - image: nginxdemos/hello:plain-text - ports: - - '80' - backend2a: - image: nginxdemos/hello:plain-text - ports: - - '80' - backend2b: - image: nginxdemos/hello:plain-text - ports: - - '80' diff --git a/community_images/envoy/official/docker_coverage.sh b/community_images/envoy/official/docker_coverage.sh deleted file mode 100755 index 1fbafa6222..0000000000 --- a/community_images/envoy/official/docker_coverage.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash - -set -x -set -e - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker coverage = $JSON" - -NETWORK_NAME=$(jq -r '.network_name' < "$JSON_PARAMS") -ENVOY_HOST=$(jq -r '.container_details."envoy-official".ip_address' < "$JSON_PARAMS") - -# run test on docker container -docker run --rm --network="${NETWORK_NAME}" \ - -i alpine \ - apk add curl;curl http://"${ENVOY_HOST}":9901/ready diff --git a/community_images/envoy/official/image.yml b/community_images/envoy/official/image.yml deleted file mode 100644 index d57c14b79e..0000000000 --- a/community_images/envoy/official/image.yml +++ /dev/null @@ -1,32 +0,0 @@ -name: envoy-official -official_name: Envoy Official -official_website: https://www.envoyproxy.io/ -source_image_provider: The Docker Community -source_image_repo: docker.io/envoyproxy/envoy -source_image_repo_link: https://hub.docker.com/r/envoyproxy/envoy -source_image_readme: https://github.com/envoyproxy/envoy/blob/main/ci/README.md -rf_docker_link: rapidfort/envoy-official -image_workflow_name: envoy_official -github_location: envoy/official -report_url: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fenvoyproxy%2Fenvoy -usage_instructions: | - $ docker run --name envoy rapidfort/envoy-official:latest -what_is_text: | - Envoy is a distributed, high-performance proxy for cloud-native applications. It features a small memory footprint, universal application language compatibility, and supports http/2 and gRPC. -disclaimer: | - Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. -input_registry: - registry: docker.io - account: envoyproxy -repo_sets: - - envoy: - input_base_tag: "v1.26*" - output_repo: envoy-official -runtimes: - - type: docker - script: docker_coverage.sh - envoy: - ports: ["9901:9901"] - volumes: - configs/dynamic/bootstrap.yaml: /etc/envoy/envoy.yaml - configs/dynamic: /etc/envoy diff --git a/community_images/etcd/bitnami/.rfignore b/community_images/etcd/bitnami/.rfignore deleted file mode 100644 index 5bbc0c7f7c..0000000000 --- a/community_images/etcd/bitnami/.rfignore +++ /dev/null @@ -1,4 +0,0 @@ -opt/bitnami/common/licenses -opt/bitnami/etcd/licenses -opt/bitnami/licenses -usr/share/common-licenses diff --git a/community_images/etcd/bitnami/README.md b/community_images/etcd/bitnami/README.md deleted file mode 100644 index 51b1c29c84..0000000000 --- a/community_images/etcd/bitnami/README.md +++ /dev/null @@ -1,143 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for Etcd - -RapidFort’s container optimization process hardened this Etcd container. This container is free to use and has no license limitations. - -It is the same as the [Bitnami Etcd][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is Etcd? - -> etcd is a distributed key-value store designed to securely store data across a cluster. etcd is widely used in production on account of its reliability, fault-tolerance and ease of use. - - -[Overview of Etcd](https://etcd.io/) - -Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - - -## How do I use this hardened Etcd image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -$ helm repo add bitnami https://charts.bitnami.com/bitnami - -# install etcd, just replace repository with RapidFort registry -$ helm install my-etcd bitnami/etcd --set image.repository=rapidfort/etcd - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [Bitnami Etcd][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [Bitnami Etcd][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/etcd][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links -* [`3.5`, `3.5-debian-11`, `3.5.11`, `3.5.11-debian-11-r` (3.5/debian-11/Dockerfile)](https://github.com/bitnami/containers/tree/main/bitnami/etcd/3.5/debian-11/Dockerfile) -* [`3.4`, `3.4-debian-11`, `3.4.28`, `3.4.28-debian-11-r` (3.4/debian-11/Dockerfile)](https://github.com/bitnami/containers/tree/main/bitnami/etcd/3.4/debian-11/Dockerfile) - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=etcd&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fetcd?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=etcd&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fetcd?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=etcd&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fetcd?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=etcd&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fetcd?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=etcd&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fetcd?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=etcd&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/etcd?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/etcd?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/etcd/bitnami/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/etcd/bitnami/assets/cve_reduction.webp - -[source-image-repo-link]: https://hub.docker.com/r/bitnami/etcd -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/etcd diff --git a/community_images/etcd/bitnami/assets/cve_reduction.webp b/community_images/etcd/bitnami/assets/cve_reduction.webp deleted file mode 100644 index 784810b75b..0000000000 Binary files a/community_images/etcd/bitnami/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/etcd/bitnami/assets/metrics.webp b/community_images/etcd/bitnami/assets/metrics.webp deleted file mode 100644 index 2721b1c271..0000000000 Binary files a/community_images/etcd/bitnami/assets/metrics.webp and /dev/null differ diff --git a/community_images/etcd/bitnami/dc_coverage.sh b/community_images/etcd/bitnami/dc_coverage.sh deleted file mode 100755 index f1e9de1475..0000000000 --- a/community_images/etcd/bitnami/dc_coverage.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -set -x -set -e - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" diff --git a/community_images/etcd/bitnami/docker-compose.yml b/community_images/etcd/bitnami/docker-compose.yml deleted file mode 100644 index 3ee916bfb0..0000000000 --- a/community_images/etcd/bitnami/docker-compose.yml +++ /dev/null @@ -1,45 +0,0 @@ -version: '2' - -services: - etcd1: - image: ${ETCD_IMAGE_REPOSITORY}:${ETCD_IMAGE_TAG} - cap_add: - - SYS_PTRACE - environment: - - ALLOW_NONE_AUTHENTICATION=yes - - ETCD_NAME=etcd1 - - ETCD_INITIAL_ADVERTISE_PEER_URLS=http://etcd1:2380 - - ETCD_LISTEN_PEER_URLS=http://0.0.0.0:2380 - - ETCD_LISTEN_CLIENT_URLS=http://0.0.0.0:2379 - - ETCD_ADVERTISE_CLIENT_URLS=http://etcd1:2379 - - ETCD_INITIAL_CLUSTER_TOKEN=etcd-cluster - - ETCD_INITIAL_CLUSTER=etcd1=http://etcd1:2380,etcd2=http://etcd2:2380,etcd3=http://etcd3:2380 - - ETCD_INITIAL_CLUSTER_STATE=new - etcd2: - image: ${ETCD_IMAGE_REPOSITORY}:${ETCD_IMAGE_TAG} - cap_add: - - SYS_PTRACE - environment: - - ALLOW_NONE_AUTHENTICATION=yes - - ETCD_NAME=etcd2 - - ETCD_INITIAL_ADVERTISE_PEER_URLS=http://etcd2:2380 - - ETCD_LISTEN_PEER_URLS=http://0.0.0.0:2380 - - ETCD_LISTEN_CLIENT_URLS=http://0.0.0.0:2379 - - ETCD_ADVERTISE_CLIENT_URLS=http://etcd2:2379 - - ETCD_INITIAL_CLUSTER_TOKEN=etcd-cluster - - ETCD_INITIAL_CLUSTER=etcd1=http://etcd1:2380,etcd2=http://etcd2:2380,etcd3=http://etcd3:2380 - - ETCD_INITIAL_CLUSTER_STATE=new - etcd3: - image: ${ETCD_IMAGE_REPOSITORY}:${ETCD_IMAGE_TAG} - cap_add: - - SYS_PTRACE - environment: - - ALLOW_NONE_AUTHENTICATION=yes - - ETCD_NAME=etcd3 - - ETCD_INITIAL_ADVERTISE_PEER_URLS=http://etcd3:2380 - - ETCD_LISTEN_PEER_URLS=http://0.0.0.0:2380 - - ETCD_LISTEN_CLIENT_URLS=http://0.0.0.0:2379 - - ETCD_ADVERTISE_CLIENT_URLS=http://etcd3:2379 - - ETCD_INITIAL_CLUSTER_TOKEN=etcd-cluster - - ETCD_INITIAL_CLUSTER=etcd1=http://etcd1:2380,etcd2=http://etcd2:2380,etcd3=http://etcd3:2380 - - ETCD_INITIAL_CLUSTER_STATE=new \ No newline at end of file diff --git a/community_images/etcd/bitnami/docker_coverage.sh b/community_images/etcd/bitnami/docker_coverage.sh deleted file mode 100755 index f1e9de1475..0000000000 --- a/community_images/etcd/bitnami/docker_coverage.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -set -x -set -e - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" diff --git a/community_images/etcd/bitnami/etcd_test.sh b/community_images/etcd/bitnami/etcd_test.sh deleted file mode 100755 index 91030e2646..0000000000 --- a/community_images/etcd/bitnami/etcd_test.sh +++ /dev/null @@ -1,46 +0,0 @@ -#!/bin/bash - -set -x -set -e - -if [[ $# -ne 1 ]]; then - echo "Usage:$0 " - exit 1 -fi - -ROOT_PASSWORD="$1" - -function etcd_cmd() -{ - etcdctl --user root:"$ROOT_PASSWORD" "$@" -} - -etcd_cmd version - -etcd_cmd put foo bar - -etcd_cmd lease grant 10 - -etcd_cmd get foo - -etcd_cmd get foo --hex - -etcd_cmd get foo --print-value-only - -etcd_cmd get --prefix foo - -etcd_cmd del foo - -etcd_cmd watch foo & - -etcd_cmd alarm list - -etcd_cmd check perf - -etcd_cmd check datascale - -etcd_cmd endpoint health - -etcd_cmd endpoint status - -etcd_cmd member list diff --git a/community_images/etcd/bitnami/image.yml b/community_images/etcd/bitnami/image.yml deleted file mode 100644 index 853cdaafde..0000000000 --- a/community_images/etcd/bitnami/image.yml +++ /dev/null @@ -1,54 +0,0 @@ -name: etcd -official_name: Etcd -official_website: https://etcd.io/ -source_image_provider: Bitnami -source_image_repo: docker.io/bitnami/etcd -source_image_repo_link: https://hub.docker.com/r/bitnami/etcd -source_image_readme: https://github.com/bitnami/containers/blob/main/bitnami/etcd/README.md -rf_docker_link: rapidfort/etcd -image_workflow_name: etcd_bitnami -github_location: etcd/bitnami -report_url: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fetcd -usage_instructions: | - $ helm repo add bitnami https://charts.bitnami.com/bitnami - - # install etcd, just replace repository with RapidFort registry - $ helm install my-etcd bitnami/etcd --set image.repository=rapidfort/etcd -what_is_text: | - etcd is a distributed key-value store designed to securely store data across a cluster. etcd is widely used in production on account of its reliability, fault-tolerance and ease of use. -disclaimer: | - Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. -bitnami_excluded_branches: - - "3.3" -input_registry: - registry: docker.io - account: bitnami -repo_sets: - - etcd: - input_base_tag: "3.5.9-debian-11-r" - - etcd: - input_base_tag: "3.4.27-debian-11-r" -runtimes: - - type: k8s - script: k8s_coverage.sh - helm: - repo: bitnami - repo_url: https://charts.bitnami.com/bitnami - chart: etcd - image_keys: - etcd: - repository: "image.repository" - tag: "image.tag" - override_file: "overrides.yml" - - type: docker_compose - script: dc_coverage.sh - compose_file: docker-compose.yml - image_keys: - etcd: - repository: "ETCD_IMAGE_REPOSITORY" - tag: "ETCD_IMAGE_TAG" - - type: docker - script: docker_coverage.sh - etcd: - environment: - ALLOW_NONE_AUTHENTICATION: yes diff --git a/community_images/etcd/bitnami/k8s_coverage.sh b/community_images/etcd/bitnami/k8s_coverage.sh deleted file mode 100755 index 761d2da82d..0000000000 --- a/community_images/etcd/bitnami/k8s_coverage.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/bash - -set -x -set -e - -# shellcheck disable=SC1091 -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -JSON_PARAMS="$1" - -NAMESPACE=$(jq -r '.namespace_name' < "$JSON_PARAMS") -RELEASE_NAME=$(jq -r '.release_name' < "$JSON_PARAMS") - -# get pod name -POD_NAME="${RELEASE_NAME}"-0 - -# etcd password -ROOT_PASSWORD=$(kubectl get secret --namespace "${NAMESPACE}" "${RELEASE_NAME}" -o jsonpath="{.data.etcd-root-password}" | base64 -d) - -# copy etcd_test.sh into container -kubectl -n "${NAMESPACE}" cp "${SCRIPTPATH}"/etcd_test.sh "${POD_NAME}":/tmp/etcd_test.sh - -# run etcd_test on cluster -kubectl -n "${NAMESPACE}" exec -i "${POD_NAME}" -- /bin/bash -c "/tmp/etcd_test.sh $ROOT_PASSWORD" diff --git a/community_images/etcd/bitnami/overrides.yml b/community_images/etcd/bitnami/overrides.yml deleted file mode 100644 index f201e68505..0000000000 --- a/community_images/etcd/bitnami/overrides.yml +++ /dev/null @@ -1,18 +0,0 @@ -image: - pullSecrets: ["rf-regcred"] - pullPolicy: Always -containerSecurityContext: - enabled: true - runAsUser: 1001 - allowPrivilegeEscalation: true - capabilities: - add: ["SYS_PTRACE"] -extraEnvVars: - - name: "RF_VERBOSE" - value: "0" -livenessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 -readinessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 diff --git a/community_images/etcd/ironbank/.rfignore b/community_images/etcd/ironbank/.rfignore deleted file mode 100644 index bd036ec246..0000000000 --- a/community_images/etcd/ironbank/.rfignore +++ /dev/null @@ -1 +0,0 @@ -usr/share/licenses diff --git a/community_images/etcd/ironbank/README.md b/community_images/etcd/ironbank/README.md deleted file mode 100644 index 9ad293b04f..0000000000 --- a/community_images/etcd/ironbank/README.md +++ /dev/null @@ -1,139 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for Etcd Ironbank - -RapidFort’s container optimization process hardened this Etcd Ironbank container. This container is free to use and has no license limitations. - -It is the same as the [Platform One Etcd Ironbank][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is Etcd Ironbank? - -> etcd is a distributed key-value store designed to securely store data across a cluster. etcd is widely used in production on account of its reliability, fault-tolerance and ease of use. - - -[Overview of Etcd Ironbank](https://etcd.io/) - -Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - - -## How do I use this hardened Etcd Ironbank image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -# install etcd, using docker run -$ docker run -it --name Etcd rapidfort/etcd-ib - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [Platform One Etcd Ironbank][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [Platform One Etcd Ironbank][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/etcd-ib][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=etcd-ib&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fetcd%2Fetcd?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=etcd-ib&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fetcd%2Fetcd?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=etcd-ib&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fetcd%2Fetcd?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=etcd-ib&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fetcd%2Fetcd?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=etcd-ib&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fetcd%2Fetcd?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=etcd-ib&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/etcd-ib?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/etcd-ib?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/etcd/ironbank/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/etcd/ironbank/assets/cve_reduction.webp - -[source-image-repo-link]: https://registry1.dso.mil/harbor/projects/3/repositories/opensource%2Fetcd%2Fetcd -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/etcd-ib diff --git a/community_images/etcd/ironbank/assets/cve_reduction.webp b/community_images/etcd/ironbank/assets/cve_reduction.webp deleted file mode 100644 index dfb3717510..0000000000 Binary files a/community_images/etcd/ironbank/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/etcd/ironbank/assets/metrics.webp b/community_images/etcd/ironbank/assets/metrics.webp deleted file mode 100644 index 1ec2ed2e6c..0000000000 Binary files a/community_images/etcd/ironbank/assets/metrics.webp and /dev/null differ diff --git a/community_images/etcd/ironbank/dc_coverage.sh b/community_images/etcd/ironbank/dc_coverage.sh deleted file mode 100755 index 518d8169c8..0000000000 --- a/community_images/etcd/ironbank/dc_coverage.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/bash - -set -x -set -e - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" - -PROJECT_NAME=$(jq -r '.project_name' < "$JSON_PARAMS") -CONTAINER_NAME="${PROJECT_NAME}"-etcd1-1 - -# shellcheck disable=SC1091 -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -# copy etcd_test.sh into container -docker cp "${SCRIPTPATH}"/etcd_test.sh "${CONTAINER_NAME}":/tmp/etcd_test.sh - -# run etcd_test on cluster -docker exec "${CONTAINER_NAME}" /bin/bash -c "/tmp/etcd_test.sh etcdrootpwd" diff --git a/community_images/etcd/ironbank/docker-compose.yml b/community_images/etcd/ironbank/docker-compose.yml deleted file mode 100644 index 7894329cc8..0000000000 --- a/community_images/etcd/ironbank/docker-compose.yml +++ /dev/null @@ -1,62 +0,0 @@ -version: '2' - -services: - etcd1: - image: ${ETCD_IMAGE_REPOSITORY}:${ETCD_IMAGE_TAG} - user: root - cap_add: - - SYS_PTRACE - environment: - - ALLOW_NONE_AUTHENTICATION=yes - - ETCD_NAME=etcd1 - - ETCD_INITIAL_ADVERTISE_PEER_URLS=http://etcd1:2380 - - ETCD_LISTEN_PEER_URLS=http://0.0.0.0:2380 - - ETCD_LISTEN_CLIENT_URLS=http://0.0.0.0:2379 - - ETCD_ADVERTISE_CLIENT_URLS=http://etcd1:2379 - - ETCD_INITIAL_CLUSTER_TOKEN=etcd-cluster - - ETCD_INITIAL_CLUSTER=etcd1=http://etcd1:2380,etcd2=http://etcd2:2380,etcd3=http://etcd3:2380 - - ETCD_INITIAL_CLUSTER_STATE=new - - ETCD_ROOT_PASSWORD=etcdrootpwd - - ETCD_ELECTION_TIMEOUT=1250 - ports: - - 2379 - - etcd2: - image: ${ETCD_IMAGE_REPOSITORY}:${ETCD_IMAGE_TAG} - user: root - cap_add: - - SYS_PTRACE - environment: - - ALLOW_NONE_AUTHENTICATION=yes - - ETCD_NAME=etcd2 - - ETCD_INITIAL_ADVERTISE_PEER_URLS=http://etcd2:2380 - - ETCD_LISTEN_PEER_URLS=http://0.0.0.0:2380 - - ETCD_LISTEN_CLIENT_URLS=http://0.0.0.0:2379 - - ETCD_ADVERTISE_CLIENT_URLS=http://etcd2:2379 - - ETCD_INITIAL_CLUSTER_TOKEN=etcd-cluster - - ETCD_INITIAL_CLUSTER=etcd1=http://etcd1:2380,etcd2=http://etcd2:2380,etcd3=http://etcd3:2380 - - ETCD_INITIAL_CLUSTER_STATE=new - - ETCD_ROOT_PASSWORD=etcdrootpwd - - ETCD_ELECTION_TIMEOUT=1250 - ports: - - 2379 - - etcd3: - image: ${ETCD_IMAGE_REPOSITORY}:${ETCD_IMAGE_TAG} - user: root - cap_add: - - SYS_PTRACE - environment: - - ALLOW_NONE_AUTHENTICATION=yes - - ETCD_NAME=etcd3 - - ETCD_INITIAL_ADVERTISE_PEER_URLS=http://etcd3:2380 - - ETCD_LISTEN_PEER_URLS=http://0.0.0.0:2380 - - ETCD_LISTEN_CLIENT_URLS=http://0.0.0.0:2379 - - ETCD_ADVERTISE_CLIENT_URLS=http://etcd3:2379 - - ETCD_INITIAL_CLUSTER_TOKEN=etcd-cluster - - ETCD_INITIAL_CLUSTER=etcd1=http://etcd1:2380,etcd2=http://etcd2:2380,etcd3=http://etcd3:2380 - - ETCD_INITIAL_CLUSTER_STATE=new - - ETCD_ROOT_PASSWORD=etcdrootpwd - - ETCD_ELECTION_TIMEOUT=1250 - ports: - - 2379 diff --git a/community_images/etcd/ironbank/etcd_test.sh b/community_images/etcd/ironbank/etcd_test.sh deleted file mode 100755 index 0f62e49738..0000000000 --- a/community_images/etcd/ironbank/etcd_test.sh +++ /dev/null @@ -1,41 +0,0 @@ -#!/bin/bash - -set -x -set -e - -ROOT_PASSWORD=etcdrootpwd - -function etcd_cmd() -{ - etcdctl --user=root:$ROOT_PASSWORD "$@" -} - -etcd_cmd version - -etcd_cmd put foo bar - -etcd_cmd lease grant 10 - -etcd_cmd get foo - -etcd_cmd get foo --hex - -etcd_cmd get foo --print-value-only - -etcd_cmd get --prefix foo - -etcd_cmd del foo - -etcd_cmd watch foo & - -etcd_cmd alarm list - -etcd_cmd check perf - -etcd_cmd check datascale - -etcd_cmd endpoint health - -etcd_cmd endpoint status - -etcd_cmd member list diff --git a/community_images/etcd/ironbank/image.yml b/community_images/etcd/ironbank/image.yml deleted file mode 100644 index 949595ac79..0000000000 --- a/community_images/etcd/ironbank/image.yml +++ /dev/null @@ -1,32 +0,0 @@ -name: etcd-ib -official_name: Etcd Ironbank -official_website: https://etcd.io/ -source_image_provider: Platform One -source_image_repo: registry1.dso.mil/ironbank/opensource/etcd/etcd -source_image_repo_link: https://registry1.dso.mil/harbor/projects/3/repositories/opensource%2Fetcd%2Fetcd -source_image_readme: https://repo1.dso.mil/dsop/opensource/etcd/etcd/-/blob/development/README.md -rf_docker_link: rapidfort/etcd-ib -github_location: etcd/ironbank -report_url: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fetcd%2Fetcd -usage_instructions: | - # install etcd, using docker run - $ docker run -it --name Etcd rapidfort/etcd-ib -what_is_text: | - etcd is a distributed key-value store designed to securely store data across a cluster. etcd is widely used in production on account of its reliability, fault-tolerance and ease of use. -disclaimer: | - Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. -input_registry: - registry: registry1.dso.mil - account: ironbank -repo_sets: - - opensource/etcd/etcd: - input_base_tag: "3.5." - output_repo: etcd-ib -runtimes: - - type: docker_compose - script: dc_coverage.sh - compose_file: docker-compose.yml - image_keys: - etcd-ib: - repository: "ETCD_IMAGE_REPOSITORY" - tag: "ETCD_IMAGE_TAG" diff --git a/community_images/fluentd/bitnami/.rfignore b/community_images/fluentd/bitnami/.rfignore deleted file mode 100644 index df9296ac6d..0000000000 --- a/community_images/fluentd/bitnami/.rfignore +++ /dev/null @@ -1,4 +0,0 @@ -opt/bitnami/common/licenses -opt/bitnami/consul/licenses -opt/bitnami/licenses -usr/share/common-licenses diff --git a/community_images/fluentd/bitnami/README.md b/community_images/fluentd/bitnami/README.md deleted file mode 100644 index a7fe3ea5a4..0000000000 --- a/community_images/fluentd/bitnami/README.md +++ /dev/null @@ -1,142 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for Fluentd - -RapidFort’s container optimization process hardened this Fluentd container. This container is free to use and has no license limitations. - -It is the same as the [Bitnami Fluentd][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is Fluentd? - -> Fluentd is a streaming data collector for unified logging layer hosted by CNCF. Fluentd lets you unify the data collection and consumption for a better use and understanding of data. - - -[Overview of Fluentd](https://www.fluentd.org/) - -Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - - -## How do I use this hardened Fluentd image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -$ helm repo add bitnami https://charts.bitnami.com/bitnami - -# install fluentd, just replace repository with RapidFort registry -$ helm install my-fluentd bitnami/fluentd --set image.repository=rapidfort/fluentd - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [Bitnami Fluentd][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [Bitnami Fluentd][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/fluentd][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links -* [`1`, `1-debian-11`, `1.16.3`, `1.16.3-debian-11-r` (1/debian-11/Dockerfile)](https://github.com/bitnami/containers/tree/main/bitnami/fluentd/1/debian-11/Dockerfile) - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=fluentd&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Ffluentd?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=fluentd&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Ffluentd?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=fluentd&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Ffluentd?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=fluentd&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Ffluentd?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=fluentd&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Ffluentd?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=fluentd&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/fluentd?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/fluentd?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/fluentd/bitnami/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/fluentd/bitnami/assets/cve_reduction.webp - -[source-image-repo-link]: https://hub.docker.com/r/bitnami/fluentd -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/fluentd diff --git a/community_images/fluentd/bitnami/assets/cve_reduction.webp b/community_images/fluentd/bitnami/assets/cve_reduction.webp deleted file mode 100644 index 767779bc90..0000000000 Binary files a/community_images/fluentd/bitnami/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/fluentd/bitnami/assets/metrics.webp b/community_images/fluentd/bitnami/assets/metrics.webp deleted file mode 100644 index e3b6d3e828..0000000000 Binary files a/community_images/fluentd/bitnami/assets/metrics.webp and /dev/null differ diff --git a/community_images/fluentd/bitnami/dc_coverage.sh b/community_images/fluentd/bitnami/dc_coverage.sh deleted file mode 100755 index f7d879da68..0000000000 --- a/community_images/fluentd/bitnami/dc_coverage.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -set -x -set -e - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" \ No newline at end of file diff --git a/community_images/fluentd/bitnami/docker-compose.yml b/community_images/fluentd/bitnami/docker-compose.yml deleted file mode 100644 index 96e85dd221..0000000000 --- a/community_images/fluentd/bitnami/docker-compose.yml +++ /dev/null @@ -1,60 +0,0 @@ -version: '2' - -services: - fluentd: - image: ${FLUENTD_IMAGE_REPOSITORY}:${FLUENTD_IMAGE_TAG} - cap_add: - - SYS_PTRACE - ports: - - '24224:24224' - - '5140:5140' - volumes: - - fluentd_data:/bitnami/fluentd - - ../../common/tests/common_commands.sh:/opt/bitnami/scripts/common_commands.sh:ro - backend1a: - image: nginxdemos/hello:plain-text - ports: - - '80' - depends_on: - - fluentd - logging: - driver: "fluentd" - options: - fluentd-address: localhost:24224 - tag: backend1a - backend1b: - image: nginxdemos/hello:plain-text - ports: - - '80' - depends_on: - - fluentd - logging: - driver: "fluentd" - options: - fluentd-address: localhost:24224 - tag: backend1b - backend2a: - image: nginxdemos/hello:plain-text - ports: - - '80' - depends_on: - - fluentd - logging: - driver: "fluentd" - options: - fluentd-address: localhost:24224 - tag: backend2a - backend2b: - image: nginxdemos/hello:plain-text - ports: - - '80' - depends_on: - - fluentd - logging: - driver: "fluentd" - options: - fluentd-address: localhost:24224 - tag: backend2b -volumes: - fluentd_data: - driver: local diff --git a/community_images/fluentd/bitnami/docker_coverage.sh b/community_images/fluentd/bitnami/docker_coverage.sh deleted file mode 100755 index f6439946cd..0000000000 --- a/community_images/fluentd/bitnami/docker_coverage.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -set -x -set -e - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker coverage = $JSON" - -CONTAINER_NAME=$(jq -r '.container_details.fluentd.name' < "$JSON_PARAMS") - -# try installing a plugin -docker exec \ - -i "$CONTAINER_NAME" \ - fluent-gem install fluent-plugin-grep - -# try installing a plugin using gem install -docker exec \ - -i "$CONTAINER_NAME" \ - gem install fluent-plugin-elasticsearch - -# list fluent gem list -docker exec \ - -i "$CONTAINER_NAME" \ - fluent-gem list diff --git a/community_images/fluentd/bitnami/image.yml b/community_images/fluentd/bitnami/image.yml deleted file mode 100644 index d5aa8558c3..0000000000 --- a/community_images/fluentd/bitnami/image.yml +++ /dev/null @@ -1,48 +0,0 @@ -name: fluentd -official_name: Fluentd -official_website: https://www.fluentd.org/ -source_image_provider: Bitnami -source_image_repo: docker.io/bitnami/fluentd -source_image_repo_link: https://hub.docker.com/r/bitnami/fluentd -source_image_readme: https://github.com/bitnami/containers/blob/main/bitnami/fluentd/README.md -rf_docker_link: rapidfort/fluentd -image_workflow_name: fluentd_bitnami -github_location: fluentd/bitnami -report_url: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Ffluentd -usage_instructions: | - $ helm repo add bitnami https://charts.bitnami.com/bitnami - - # install fluentd, just replace repository with RapidFort registry - $ helm install my-fluentd bitnami/fluentd --set image.repository=rapidfort/fluentd -what_is_text: | - Fluentd is a streaming data collector for unified logging layer hosted by CNCF. Fluentd lets you unify the data collection and consumption for a better use and understanding of data. -disclaimer: | - Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. -input_registry: - registry: docker.io - account: bitnami -repo_sets: - - fluentd: - input_base_tag: "1.16.2-debian-11-r" -runtimes: - - type: k8s - script: k8s_coverage.sh - helm: - repo: bitnami - repo_url: https://charts.bitnami.com/bitnami - chart: fluentd - wait_time_sec: 60 - image_keys: - fluentd: - repository: "image.repository" - tag: "image.tag" - override_file: "overrides.yml" - - type: docker_compose - script: dc_coverage.sh - compose_file: docker-compose.yml - image_keys: - fluentd: - repository: "FLUENTD_IMAGE_REPOSITORY" - tag: "FLUENTD_IMAGE_TAG" - - type: docker - script: docker_coverage.sh diff --git a/community_images/fluentd/bitnami/k8s_coverage.sh b/community_images/fluentd/bitnami/k8s_coverage.sh deleted file mode 100755 index e6c63ece3b..0000000000 --- a/community_images/fluentd/bitnami/k8s_coverage.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -set -x -set -e - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for k8s coverage = $JSON" diff --git a/community_images/fluentd/bitnami/overrides.yml b/community_images/fluentd/bitnami/overrides.yml deleted file mode 100644 index a4b5dac248..0000000000 --- a/community_images/fluentd/bitnami/overrides.yml +++ /dev/null @@ -1,35 +0,0 @@ -image: - pullSecrets: ["rf-regcred"] - pullPolicy: Always -forwarder: - containerSecurityContext: - enabled: true - runAsUser: 1001 - allowPrivilegeEscalation: true - capabilities: - add: ["SYS_PTRACE"] - extraEnvVars: - - name: "RF_VERBOSE" - value: "0" - livenessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 - readinessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 -aggregator: - containerSecurityContext: - enabled: true - runAsUser: 1001 - allowPrivilegeEscalation: true - capabilities: - add: ["SYS_PTRACE"] - extraEnvVars: - - name: "RF_VERBOSE" - value: "0" - livenessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 - readinessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 \ No newline at end of file diff --git a/community_images/fluentd/ironbank/.rfignore b/community_images/fluentd/ironbank/.rfignore deleted file mode 100755 index bd036ec246..0000000000 --- a/community_images/fluentd/ironbank/.rfignore +++ /dev/null @@ -1 +0,0 @@ -usr/share/licenses diff --git a/community_images/fluentd/ironbank/README.md b/community_images/fluentd/ironbank/README.md deleted file mode 100755 index 5754b9936f..0000000000 --- a/community_images/fluentd/ironbank/README.md +++ /dev/null @@ -1,139 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for Fluentd IronBank - -RapidFort’s container optimization process hardened this Fluentd IronBank container. This container is free to use and has no license limitations. - -It is the same as the [Platform One Fluentd IronBank][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is Fluentd IronBank? - -> Fluentd is a streaming data collector for unified logging layer hosted by CNCF. Fluentd lets you unify the data collection and consumption for a better use and understanding of data. - - -[Overview of Fluentd IronBank](https://www.fluentd.org/) - -Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - - -## How do I use this hardened Fluentd IronBank image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -# Using docker run: -$ docker run -d -p 24224:24224 -p 24224:24224/udp -v /data:/fluentd/log rapidfort/fluentd-ib - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [Platform One Fluentd IronBank][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [Platform One Fluentd IronBank][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/fluentd-ib][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=fluentd-ib&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Ffluentd%2Ffluentd?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=fluentd-ib&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Ffluentd%2Ffluentd?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=fluentd-ib&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Ffluentd%2Ffluentd?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=fluentd-ib&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Ffluentd%2Ffluentd?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=fluentd-ib&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Ffluentd%2Ffluentd?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=fluentd-ib&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/fluentd-ib?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/fluentd-ib?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/fluentd/ironbank/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/fluentd/ironbank/assets/cve_reduction.webp - -[source-image-repo-link]: https://registry1.dso.mil/harbor/projects/3/repositories/opensource%2Ffluentd%2Ffluentd -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/fluentd-ib diff --git a/community_images/fluentd/ironbank/assets/cve_reduction.webp b/community_images/fluentd/ironbank/assets/cve_reduction.webp deleted file mode 100644 index 4c05a2a8ab..0000000000 Binary files a/community_images/fluentd/ironbank/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/fluentd/ironbank/assets/metrics.webp b/community_images/fluentd/ironbank/assets/metrics.webp deleted file mode 100644 index 601b1367fc..0000000000 Binary files a/community_images/fluentd/ironbank/assets/metrics.webp and /dev/null differ diff --git a/community_images/fluentd/ironbank/dc_coverage.sh b/community_images/fluentd/ironbank/dc_coverage.sh deleted file mode 100755 index 67b840a2eb..0000000000 --- a/community_images/fluentd/ironbank/dc_coverage.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/bash - -set -x -set -e - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" - -PROJECT_NAME=$(jq -r '.project_name' < "$JSON_PARAMS") -CONTAINER_NAME="${PROJECT_NAME}"-fluentd-1 - -# try installing a plugin -docker exec -i "$CONTAINER_NAME" fluent-gem install fluent-plugin-grep - -# try installing a plugin using gem install -docker exec -i "$CONTAINER_NAME" gem install fluent-plugin-elasticsearch - -# list fluent gem list -docker exec -i "$CONTAINER_NAME" fluent-gem list diff --git a/community_images/fluentd/ironbank/docker-compose.yml b/community_images/fluentd/ironbank/docker-compose.yml deleted file mode 100755 index 5517947498..0000000000 --- a/community_images/fluentd/ironbank/docker-compose.yml +++ /dev/null @@ -1,60 +0,0 @@ -version: '2' - -services: - fluentd: - image: ${FLUENTD_IMAGE_REPOSITORY}:${FLUENTD_IMAGE_TAG} - user: root - cap_add: - - SYS_PTRACE - ports: - - '24224:24224' - - '5140:5140' - volumes: - - fluentd_data:/fluentd/log - backend1a: - image: nginxdemos/hello:plain-text - ports: - - '80' - depends_on: - - fluentd - logging: - driver: "fluentd" - options: - fluentd-address: localhost:24224 - tag: backend1a - backend1b: - image: nginxdemos/hello:plain-text - ports: - - '80' - depends_on: - - fluentd - logging: - driver: "fluentd" - options: - fluentd-address: localhost:24224 - tag: backend1b - backend2a: - image: nginxdemos/hello:plain-text - ports: - - '80' - depends_on: - - fluentd - logging: - driver: "fluentd" - options: - fluentd-address: localhost:24224 - tag: backend2a - backend2b: - image: nginxdemos/hello:plain-text - ports: - - '80' - depends_on: - - fluentd - logging: - driver: "fluentd" - options: - fluentd-address: localhost:24224 - tag: backend2b -volumes: - fluentd_data: - driver: local diff --git a/community_images/fluentd/ironbank/image.yml b/community_images/fluentd/ironbank/image.yml deleted file mode 100755 index 35dcd14028..0000000000 --- a/community_images/fluentd/ironbank/image.yml +++ /dev/null @@ -1,33 +0,0 @@ -name: fluentd-ib -official_name: Fluentd IronBank -official_website: https://www.fluentd.org/ -source_image_provider: Platform One -source_image_repo: registry1.dso.mil/ironbank/opensource/fluentd/fluentd -source_image_repo_link: https://registry1.dso.mil/harbor/projects/3/repositories/opensource%2Ffluentd%2Ffluentd -source_image_readme: https://repo1.dso.mil/dsop/opensource/fluentd/fluentd/-/blob/development/README.md -rf_docker_link: rapidfort/fluentd-ib -image_workflow_name: fluentd_ironbank -github_location: fluentd/ironbank -report_url: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Ffluentd%2Ffluentd -usage_instructions: | - # Using docker run: - $ docker run -d -p 24224:24224 -p 24224:24224/udp -v /data:/fluentd/log rapidfort/fluentd-ib -what_is_text: | - Fluentd is a streaming data collector for unified logging layer hosted by CNCF. Fluentd lets you unify the data collection and consumption for a better use and understanding of data. -disclaimer: | - Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. -input_registry: - registry: registry1.dso.mil - account: ironbank -repo_sets: - - opensource/fluentd/fluentd: - input_base_tag: "1.15." - output_repo: fluentd-ib -runtimes: - - type: docker_compose - script: dc_coverage.sh - compose_file: docker-compose.yml - image_keys: - fluentd-ib: - repository: "FLUENTD_IMAGE_REPOSITORY" - tag: "FLUENTD_IMAGE_TAG" diff --git a/community_images/fluentd/official/.rfignore b/community_images/fluentd/official/.rfignore deleted file mode 100644 index 1c799e0088..0000000000 --- a/community_images/fluentd/official/.rfignore +++ /dev/null @@ -1 +0,0 @@ -usr/share/common-licenses \ No newline at end of file diff --git a/community_images/fluentd/official/README.md b/community_images/fluentd/official/README.md deleted file mode 100755 index f11b20a029..0000000000 --- a/community_images/fluentd/official/README.md +++ /dev/null @@ -1,141 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for Fluentd Official - -RapidFort’s container optimization process hardened this Fluentd Official container. This container is free to use and has no license limitations. - -It is the same as the [Fluentd Fluentd Official][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is Fluentd Official? - -> Fluentd is a streaming data collector for unified logging layer hosted by CNCF. Fluentd lets you unify the data collection and consumption for a better use and understanding of data. - - -[Overview of Fluentd Official](https://www.fluentd.org/) - -Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - - -## How do I use this hardened Fluentd Official image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -# Using Docker run: -$ docker run -p 24224:24224 -p 24224:24224/udp -u fluent -v /path/to/dir:/fluentd/log rapidfort/fluentd-official - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [Fluentd Fluentd Official][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [Fluentd Fluentd Official][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/fluentd-official][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links -* ['v1.14.0-1.0', 'v1.14-1', 'latest'](https://github.com/fluent/fluentd-docker-image/blob/a9e4cee765c7aaf7876d6fe3282aa565dbcdc2a4/v1.14/alpine/Dockerfile) -* ['v1.14.0-debian-1.0', 'v1.14-debian-1'](https://github.com/fluent/fluentd-docker-image/blob/a9e4cee765c7aaf7876d6fe3282aa565dbcdc2a4/v1.14/debian/Dockerfile) - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=fluentd-official&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Ffluentd?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=fluentd-official&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Ffluentd?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=fluentd-official&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Ffluentd?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=fluentd-official&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Ffluentd?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=fluentd-official&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Ffluentd?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=fluentd-official&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/fluentd-official?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/fluentd-official?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/fluentd/official/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/fluentd/official/assets/cve_reduction.webp - -[source-image-repo-link]: https://hub.docker.com/_/fluentd -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/fluentd-official diff --git a/community_images/fluentd/official/assets/cve_reduction.webp b/community_images/fluentd/official/assets/cve_reduction.webp deleted file mode 100644 index c1bfc0d70a..0000000000 Binary files a/community_images/fluentd/official/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/fluentd/official/assets/metrics.webp b/community_images/fluentd/official/assets/metrics.webp deleted file mode 100644 index c905550b67..0000000000 Binary files a/community_images/fluentd/official/assets/metrics.webp and /dev/null differ diff --git a/community_images/fluentd/official/dc_coverage.sh b/community_images/fluentd/official/dc_coverage.sh deleted file mode 100755 index 6fd0bc6dc1..0000000000 --- a/community_images/fluentd/official/dc_coverage.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/bash - -set -x -set -e - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" - -PROJECT_NAME=$(jq -r '.project_name' < "$JSON_PARAMS") -CONTAINER_NAME="${PROJECT_NAME}"-fluentd-1 - -# try installing a plugin -docker exec -i "$CONTAINER_NAME" fluent-gem install fluent-plugin-grep - -# try installing a plugin using gem install -docker exec -i "$CONTAINER_NAME" gem install fluent-plugin-elasticsearch - -# list fluent gem list -docker exec -i "$CONTAINER_NAME" fluent-gem list \ No newline at end of file diff --git a/community_images/fluentd/official/docker-compose.yml b/community_images/fluentd/official/docker-compose.yml deleted file mode 100755 index 5517947498..0000000000 --- a/community_images/fluentd/official/docker-compose.yml +++ /dev/null @@ -1,60 +0,0 @@ -version: '2' - -services: - fluentd: - image: ${FLUENTD_IMAGE_REPOSITORY}:${FLUENTD_IMAGE_TAG} - user: root - cap_add: - - SYS_PTRACE - ports: - - '24224:24224' - - '5140:5140' - volumes: - - fluentd_data:/fluentd/log - backend1a: - image: nginxdemos/hello:plain-text - ports: - - '80' - depends_on: - - fluentd - logging: - driver: "fluentd" - options: - fluentd-address: localhost:24224 - tag: backend1a - backend1b: - image: nginxdemos/hello:plain-text - ports: - - '80' - depends_on: - - fluentd - logging: - driver: "fluentd" - options: - fluentd-address: localhost:24224 - tag: backend1b - backend2a: - image: nginxdemos/hello:plain-text - ports: - - '80' - depends_on: - - fluentd - logging: - driver: "fluentd" - options: - fluentd-address: localhost:24224 - tag: backend2a - backend2b: - image: nginxdemos/hello:plain-text - ports: - - '80' - depends_on: - - fluentd - logging: - driver: "fluentd" - options: - fluentd-address: localhost:24224 - tag: backend2b -volumes: - fluentd_data: - driver: local diff --git a/community_images/fluentd/official/image.yml b/community_images/fluentd/official/image.yml deleted file mode 100755 index 9c8c0e9da3..0000000000 --- a/community_images/fluentd/official/image.yml +++ /dev/null @@ -1,41 +0,0 @@ -name: fluentd-official -official_name: Fluentd Official -official_website: https://www.fluentd.org/ -source_image_provider: Fluentd -source_image_repo: docker.io/library/fluentd -source_image_repo_link: https://hub.docker.com/_/fluentd -source_image_readme: https://github.com/fluent/fluentd-docker-image/blob/master/README.md -rf_docker_link: rapidfort/fluentd-official -image_workflow_name: fluentd_official -github_location: fluentd/official -report_url: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Ffluentd -usage_instructions: | - # Using Docker run: - $ docker run -p 24224:24224 -p 24224:24224/udp -u fluent -v /path/to/dir:/fluentd/log rapidfort/fluentd-official -what_is_text: | - Fluentd is a streaming data collector for unified logging layer hosted by CNCF. Fluentd lets you unify the data collection and consumption for a better use and understanding of data. -disclaimer: | - Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. -docker_links: - - "['v1.14.0-1.0', 'v1.14-1', 'latest'](https://github.com/fluent/fluentd-docker-image/blob/a9e4cee765c7aaf7876d6fe3282aa565dbcdc2a4/v1.14/alpine/Dockerfile)" - - "['v1.14.0-debian-1.0', 'v1.14-debian-1'](https://github.com/fluent/fluentd-docker-image/blob/a9e4cee765c7aaf7876d6fe3282aa565dbcdc2a4/v1.14/debian/Dockerfile)" -input_registry: - registry: docker.io - account: library -repo_sets: - - fluentd: - input_base_tag: "v1.14." - output_repo: fluentd-official - - fluentd: - input_base_tag: "v1.14.*-debian*" - output_repo: fluentd-official -runtimes: - - type: docker_compose - script: dc_coverage.sh - compose_file: docker-compose.yml - image_keys: - fluentd-official: - repository: "FLUENTD_IMAGE_REPOSITORY" - tag: "FLUENTD_IMAGE_TAG" - - type: docker - script: docker_coverage.sh diff --git a/community_images/ghost/bitnami/.rfignore b/community_images/ghost/bitnami/.rfignore deleted file mode 100644 index 028c9c31cc..0000000000 --- a/community_images/ghost/bitnami/.rfignore +++ /dev/null @@ -1,4 +0,0 @@ -opt/bitnami/common/licenses -opt/bitnami/licenses -opt/bitnami/ghost/licenses -usr/share/common-licenses diff --git a/community_images/ghost/bitnami/README.md b/community_images/ghost/bitnami/README.md deleted file mode 100755 index f476c3f932..0000000000 --- a/community_images/ghost/bitnami/README.md +++ /dev/null @@ -1,142 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for Ghost - -RapidFort’s container optimization process hardened this Ghost container. This container is free to use and has no license limitations. - -It is the same as the [Bitnami Ghost][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is Ghost? - -> Ghost is an open source publishing platform designed to create blogs, magazines, and news sites. It includes a simple markdown editor with preview, theming, and SEO built-in to simplify editing. - - -[Overview of Ghost](https://ghost.org/) - -Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - - -## How do I use this hardened Ghost image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -$ helm repo add bitnami https://charts.bitnami.com/ghost - -# install ghost, just replace repository with RapidFort registry -$ helm install my-ghost bitnami/ghost --set image.repository=rapidfort/ghost - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [Bitnami Ghost][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [Bitnami Ghost][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/ghost][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links -* [`5`, `5-debian-11`, `5.74.5`, `5.74.5-debian-11-r` (5/debian-11/Dockerfile)](https://github.com/bitnami/containers/tree/main/bitnami/ghost/5/debian-11/Dockerfile) - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=ghost&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fghost?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=ghost&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fghost?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=ghost&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fghost?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=ghost&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fghost?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=ghost&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fghost?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=ghost&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/ghost?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/ghost?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/ghost/bitnami/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/ghost/bitnami/assets/cve_reduction.webp - -[source-image-repo-link]: https://hub.docker.com/r/bitnami/ghost -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/ghost diff --git a/community_images/ghost/bitnami/assets/cve_reduction.webp b/community_images/ghost/bitnami/assets/cve_reduction.webp deleted file mode 100644 index 10ed90fff3..0000000000 Binary files a/community_images/ghost/bitnami/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/ghost/bitnami/assets/metrics.webp b/community_images/ghost/bitnami/assets/metrics.webp deleted file mode 100644 index 2da3cfbc16..0000000000 Binary files a/community_images/ghost/bitnami/assets/metrics.webp and /dev/null differ diff --git a/community_images/ghost/bitnami/dc_coverage.sh b/community_images/ghost/bitnami/dc_coverage.sh deleted file mode 100755 index fb04f7215e..0000000000 --- a/community_images/ghost/bitnami/dc_coverage.sh +++ /dev/null @@ -1,59 +0,0 @@ -#!/bin/bash - -set -x -set -e - -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -# shellcheck disable=SC1091 -. "${SCRIPTPATH}"/../../common/scripts/bash_helper.sh - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" - -REPO_PATH=$(jq -r '.image_tag_details."ghost".repo_path' < "$JSON_PARAMS") -TAG=$(jq -r '.image_tag_details."ghost".tag' < "$JSON_PARAMS") - -# run docker for GHOST SMTP Mode -# create network and mysql db -docker network create ghost-network -docker run -d --name mysql-check \ - --env ALLOW_EMPTY_PASSWORD=yes \ - --env MYSQL_USER=bn_ghost \ - --env MYSQL_PASSWORD=bitnami \ - --env MYSQL_DATABASE=bitnami_ghost \ - --network ghost-network bitnami/mysql:latest -# Create ghost container -docker run --rm -i --cap-add=SYS_PTRACE --name ghost-smtp -d\ - --env GHOST_DATABASE_USER=bn_ghost \ - --env GHOST_DATABASE_NAME=bitnami_ghost \ - --env GHOST_SMTP_HOST=smtp.gmail.com \ - --env GHOST_SMTP_PORT=587 \ - --env GHOST_SMTP_USER=your_email@gmail.com \ - --env GHOST_SMTP_PASSWORD=your_password \ - --env GHOST_SMTP_FROM_ADDRESS=ghost@blog.com \ - --network ghost-network \ - "${REPO_PATH}:${TAG}" -# Waiting for container to be configured successfuly and removed. -sleep 120 -# Removing mysql container and ghost network -docker stop mysql-check -docker rm mysql-check -docker network rm ghost-network - -PROJECT_NAME=$(jq -r '.project_name' < "$JSON_PARAMS") -PORT=8080 -CONTAINER_NAME="${PROJECT_NAME}"-ghost-1 - -# UI Test -# exec into container and check configuration -docker exec -i "${CONTAINER_NAME}" cat /opt/bitnami/ghost/config.production.json - -# log for debugging -docker inspect "${CONTAINER_NAME}" - -# Running selenium tests -"${SCRIPTPATH}"/../../common/selenium_tests/runner-dc.sh "${PROJECT_NAME}" "${PORT}" "${SCRIPTPATH}"/selenium_tests 2>&1 diff --git a/community_images/ghost/bitnami/docker-compose.yml b/community_images/ghost/bitnami/docker-compose.yml deleted file mode 100755 index b40ee9534b..0000000000 --- a/community_images/ghost/bitnami/docker-compose.yml +++ /dev/null @@ -1,33 +0,0 @@ -version: '2' -services: - mysql: - image: rapidfort/mysql:latest - volumes: - - 'mysql_data:/bitnami/mysql' - environment: - - ALLOW_EMPTY_PASSWORD=yes - - MYSQL_USER=bn_ghost - - MYSQL_DATABASE=bitnami_ghost - ghost: - image: ${GHOST_IMAGE_REPOSITORY}:${GHOST_IMAGE_TAG} - restart: always - ports: - - '8080:2368' - volumes: - - 'ghost_data:/bitnami/ghost' - cap_add: - - SYS_PTRACE - depends_on: - - mysql - environment: - - ALLOW_EMPTY_PASSWORD=yes - - GHOST_DATABASE_HOST=mysql - - url=http://localhost:8080/ - - GHOST_DATABASE_PORT_NUMBER=3306 - - GHOST_DATABASE_USER=bn_ghost - - GHOST_DATABASE_NAME=bitnami_ghost -volumes: - mysql_data: - driver: local - ghost_data: - driver: local diff --git a/community_images/ghost/bitnami/image.yml b/community_images/ghost/bitnami/image.yml deleted file mode 100755 index f697e851ac..0000000000 --- a/community_images/ghost/bitnami/image.yml +++ /dev/null @@ -1,54 +0,0 @@ -name: ghost -official_name: Ghost -official_website: https://ghost.org/ -source_image_provider: Bitnami -source_image_repo: docker.io/bitnami/ghost -source_image_repo_link: https://hub.docker.com/r/bitnami/ghost -source_image_readme: https://github.com/bitnami/containers/blob/main/bitnami/ghost/README.md -rf_docker_link: rapidfort/ghost -image_workflow_name: ghost_bitnami -github_location: ghost/bitnami -report_url: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fghost -usage_instructions: | - $ helm repo add bitnami https://charts.bitnami.com/ghost - - # install ghost, just replace repository with RapidFort registry - $ helm install my-ghost bitnami/ghost --set image.repository=rapidfort/ghost -what_is_text: | - Ghost is an open source publishing platform designed to create blogs, magazines, and news sites. It includes a simple markdown editor with preview, theming, and SEO built-in to simplify editing. -disclaimer: | - Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. -input_registry: - registry: docker.io - account: bitnami -repo_sets: - - ghost: - input_base_tag: "5.69.0-debian-11-r" -runtimes: - - type: k8s - script: k8s_coverage.sh - helm: - repo: bitnami - repo_url: https://charts.bitnami.com/bitnami - chart: ghost - helm_additional_params: - ghostHost: "localhost" - tls_certs: - generate: true - secret_name: localhost-server-tls - common_name: localhost - image_keys: - ghost: - repository: "image.repository" - tag: "image.tag" - override_file: "overrides.yml" - - type: docker_compose - script: dc_coverage.sh - compose_file: docker-compose.yml - tls_certs: - generate: true - out_dir: certs - image_keys: - ghost: - repository: "GHOST_IMAGE_REPOSITORY" - tag: "GHOST_IMAGE_TAG" diff --git a/community_images/ghost/bitnami/k8s_coverage.sh b/community_images/ghost/bitnami/k8s_coverage.sh deleted file mode 100755 index a5c227ecdd..0000000000 --- a/community_images/ghost/bitnami/k8s_coverage.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/bash - -set -x -set -e - -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -# shellcheck disable=SC1091 -. "${SCRIPTPATH}"/../../common/scripts/bash_helper.sh - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for k8s coverage = $JSON" \ No newline at end of file diff --git a/community_images/ghost/bitnami/overrides.yml b/community_images/ghost/bitnami/overrides.yml deleted file mode 100755 index f201e68505..0000000000 --- a/community_images/ghost/bitnami/overrides.yml +++ /dev/null @@ -1,18 +0,0 @@ -image: - pullSecrets: ["rf-regcred"] - pullPolicy: Always -containerSecurityContext: - enabled: true - runAsUser: 1001 - allowPrivilegeEscalation: true - capabilities: - add: ["SYS_PTRACE"] -extraEnvVars: - - name: "RF_VERBOSE" - value: "0" -livenessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 -readinessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 diff --git a/community_images/ghost/bitnami/selenium_tests/conftest.py b/community_images/ghost/bitnami/selenium_tests/conftest.py deleted file mode 100755 index 1b44466c2d..0000000000 --- a/community_images/ghost/bitnami/selenium_tests/conftest.py +++ /dev/null @@ -1,23 +0,0 @@ -"""The conftest file for running selenium test.""" -# pylint: skip-file - -# conftest.py -import pytest # pylint: disable=import-error - - -def pytest_addoption(parser): - """The function to add options""" - parser.addoption("--server", action="store", help="Ghost server") - parser.addoption("--port", action="store", - help="port on host linked to Ghost container") - - -@pytest.fixture -def params(request): - """the params""" - config_params = {} - config_params['server'] = request.config.getoption('--server') - config_params['port'] = request.config.getoption('--port') - if config_params['server'] is None or config_params['port'] is None: - pytest.skip() - return config_params diff --git a/community_images/ghost/bitnami/selenium_tests/ghost.side b/community_images/ghost/bitnami/selenium_tests/ghost.side deleted file mode 100755 index a2e9a4cc92..0000000000 --- a/community_images/ghost/bitnami/selenium_tests/ghost.side +++ /dev/null @@ -1,254 +0,0 @@ -{ - "id": "fab56089-bd22-4c78-a6a0-53dc08c0f1ab", - "version": "2.0", - "name": "ghost", - "url": "http://localhost:8080", - "tests": [{ - "id": "1491eaf8-9709-46a7-b470-bc9175ad16e5", - "name": "primaryFunctions", - "commands": [{ - "id": "2f72a667-d657-494d-a33e-6993a9cd735a", - "comment": "", - "command": "open", - "target": "/", - "targets": [], - "value": "" - }, { - "id": "513e9ce1-8fcb-4a5a-b992-f9b3a5d44a23", - "comment": "", - "command": "setWindowSize", - "target": "1846x1053", - "targets": [], - "value": "" - }, { - "id": "de5a71e7-fd8b-4aa0-94f4-b9ea1d688f57", - "comment": "", - "command": "click", - "target": "linkText=About", - "targets": [ - ["linkText=About", "linkText"], - ["css=.nav-about > a", "css:finder"], - ["xpath=//a[contains(text(),'About')]", "xpath:link"], - ["xpath=//header[@id='gh-head']/div/nav/ul/li[2]/a", "xpath:idRelative"], - ["xpath=//a[@href='http://localhost:8080/about/']", "xpath:href"], - ["xpath=//li[2]/a", "xpath:position"], - ["xpath=//a[contains(.,'About')]", "xpath:innerText"] - ], - "value": "" - }, { - "id": "ee35e7c5-acda-410f-ad66-a90ccda225b5", - "comment": "", - "command": "open", - "target": "/ghost", - "targets": [], - "value": "" - }, { - "id": "05155672-3217-49dd-bd03-27a0229eea89", - "comment": "", - "command": "click", - "target": "id=identification", - "targets": [ - ["id=identification", "id"], - ["name=identification", "name"], - ["css=#identification", "css:finder"], - ["xpath=//input[@id='identification']", "xpath:attributes"], - ["xpath=//form[@id='login']/div/span/input", "xpath:idRelative"], - ["xpath=//input", "xpath:position"] - ], - "value": "" - }, { - "id": "cf9497dd-77ee-4964-b5fa-d96157689834", - "comment": "", - "command": "type", - "target": "id=identification", - "targets": [ - ["id=identification", "id"], - ["name=identification", "name"], - ["css=#identification", "css:finder"], - ["xpath=//input[@id='identification']", "xpath:attributes"], - ["xpath=//form[@id='login']/div/span/input", "xpath:idRelative"], - ["xpath=//input", "xpath:position"] - ], - "value": "user@example.com" - }, { - "id": "bb93a45c-28f6-403f-ac8e-898ccc11e108", - "comment": "", - "command": "click", - "target": "id=password", - "targets": [ - ["id=password", "id"], - ["name=password", "name"], - ["css=#password", "css:finder"], - ["xpath=//input[@id='password']", "xpath:attributes"], - ["xpath=//form[@id='login']/div[2]/span/input", "xpath:idRelative"], - ["xpath=//div[2]/span/input", "xpath:position"] - ], - "value": "" - }, { - "id": "56063c97-2c7d-4a1c-8ae2-549f34e391ad", - "comment": "", - "command": "type", - "target": "id=password", - "targets": [ - ["id=password", "id"], - ["name=password", "name"], - ["css=#password", "css:finder"], - ["xpath=//input[@id='password']", "xpath:attributes"], - ["xpath=//form[@id='login']/div[2]/span/input", "xpath:idRelative"], - ["xpath=//div[2]/span/input", "xpath:position"] - ], - "value": "bitnami123" - }, { - "id": "7de6d40d-4987-481a-85d2-c182024aea20", - "comment": "", - "command": "sendKeys", - "target": "id=password", - "targets": [ - ["id=password", "id"], - ["name=password", "name"], - ["css=#password", "css:finder"], - ["xpath=//input[@id='password']", "xpath:attributes"], - ["xpath=//form[@id='login']/div[2]/span/input", "xpath:idRelative"], - ["xpath=//div[2]/span/input", "xpath:position"] - ], - "value": "${KEY_ENTER}" - }, { - "id": "91bf7bc2-cb23-4126-8671-12fd8b7974e2", - "comment": "", - "command": "open", - "target": "ghost/#/members", - "targets": [], - "value": "" - }, { - "id": "2bc3f9c9-ce0a-4fae-81a4-3bac4281e232", - "comment": "", - "command": "click", - "target": "xpath=//span[contains(.,'Add yourself as a member to test')]", - "targets": [ - ["css=.gh-btn-green > span", "css:finder"], - ["xpath=//section/div/button/span", "xpath:position"], - ["xpath=//span[contains(.,'Add yourself as a member to test')]", "xpath:innerText"] - ], - "value": "" - }, { - "id": "4dc5d7d4-d10e-4c32-a780-f394432f41e8", - "comment": "", - "command": "open", - "target": "/ghost/#/editor/post", - "targets": [], - "value": "" - }, { - "id": "493907df-b8c3-4554-a150-9a45ff402217", - "comment": "", - "command": "type", - "target": "xpath=//textarea", - "targets": [ - ["id=ember11", "id"], - ["css=#ember11", "css:finder"], - ["xpath=//textarea[@id='ember11']", "xpath:attributes"], - ["xpath=//section[@id='ember7']/div/div/textarea", "xpath:idRelative"], - ["xpath=//textarea", "xpath:position"] - ], - "value": "Sample RF" - }, { - "id": "1aa3f994-647f-4574-a885-08b2bbc8b393", - "comment": "", - "command": "editContent", - "target": "css=.koenig-editor__editor", - "targets": [ - ["css=.koenig-editor__editor", "css:finder"], - ["xpath=//article[@id='ember78']/div/div", "xpath:idRelative"], - ["xpath=//article/div/div", "xpath:position"] - ], - "value": "

Hello


" - }, { - "id": "305f6845-4eab-4bde-a8bd-e358dd3fee57", - "comment": "", - "command": "click", - "target": "xpath=//span[contains(.,'Publish')]", - "targets": [ - ["css=.darkgrey > span", "css:finder"], - ["xpath=//section[@id='ember7']/header/section/button[2]/span", "xpath:idRelative"], - ["xpath=//button[2]/span", "xpath:position"], - ["xpath=//span[contains(.,'Publish')]", "xpath:innerText"] - ], - "value": "" - }, { - "id": "452463c0-2589-43c6-9b4a-fb7f38a9973a", - "comment": "", - "command": "click", - "target": "xpath=//span[contains(.,'Continue, final review →')]", - "targets": [ - ["css=.gh-btn-black > span", "css:finder"], - ["xpath=//div[@id='ember27']/div/div/div[3]/button/span", "xpath:idRelative"], - ["xpath=//div[4]/div/div/div/div[3]/button/span", "xpath:position"], - ["xpath=//span[contains(.,'Continue, final review →')]", "xpath:innerText"] - ], - "value": "" - }, { - "id": "05c67f81-533e-4abb-ae8f-04d919d934de", - "comment": "", - "command": "click", - "target": "xpath=//span[contains(.,'Publish post, right now')]", - "targets": [ - ["css=#ember37 > span", "css:finder"], - ["xpath=//button[@id='ember37']/span", "xpath:idRelative"], - ["xpath=//div[4]/div/div/div/div[2]/button/span", "xpath:position"], - ["xpath=//span[contains(.,'Publish post, right now')]", "xpath:innerText"] - ], - "value": "" - }, { - "id": "9845ca8f-0414-42c3-96c7-94a44d24507c", - "comment": "", - "command": "click", - "target": "css=.gh-post-bookmark-title", - "targets": [ - ["css=.gh-post-bookmark-title", "css:finder"], - ["xpath=//div[@id='ember27']/div/div/a/div/div/div[2]/div", "xpath:idRelative"], - ["xpath=//a/div/div/div[2]/div", "xpath:position"] - ], - "value": "", - "opensWindow": true, - "windowHandleName": "win3910", - "windowTimeout": 2000 - }, { - "id": "9a2f45e8-8ace-4492-a5a7-22bbadf611b3", - "comment": "", - "command": "open", - "target": "/ghost/#/settings", - "targets": [], - "value": "" - }, { - "id": "b7aaf822-4ec2-473a-8ea7-f3f4cb16d38d", - "comment": "", - "command": "open", - "target": "ghost/#/settings/design", - "targets": [], - "value": "" - }, { - "id": "84a4f23e-3ffc-4516-9a80-13720557dcf0", - "comment": "", - "command": "open", - "target": "/ghost/#/settings/analytics", - "targets": [], - "value": "" - }, { - "id": "78285fde-39c5-418b-96c5-0092c79b09de", - "comment": "", - "command": "close", - "target": "", - "targets": [], - "value": "" - }] - }], - "suites": [{ - "id": "025adc20-2dd6-477d-97f9-43efc547f88e", - "name": "Default Suite", - "persistSession": false, - "parallel": false, - "timeout": 300, - "tests": ["1491eaf8-9709-46a7-b470-bc9175ad16e5"] - }], - "urls": ["http://localhost:8080/"], - "plugins": [] -} \ No newline at end of file diff --git a/community_images/ghost/bitnami/selenium_tests/test_primaryFunctions.py b/community_images/ghost/bitnami/selenium_tests/test_primaryFunctions.py deleted file mode 100755 index d73105c222..0000000000 --- a/community_images/ghost/bitnami/selenium_tests/test_primaryFunctions.py +++ /dev/null @@ -1,55 +0,0 @@ -# Generated by Selenium IDE -# pylint: skip-file - -import pytest -import time -import json -from selenium import webdriver -from selenium.webdriver.chrome.options import Options -from selenium.webdriver.common.by import By -from selenium.webdriver.common.action_chains import ActionChains -from selenium.webdriver.support import expected_conditions -from selenium.webdriver.support.wait import WebDriverWait -from selenium.webdriver.common.keys import Keys -from selenium.webdriver.common.desired_capabilities import DesiredCapabilities - -class TestPrimaryFunctions(): - def setup_method(self, method): # pylint: disable=unused-argument - """setup method.""" - chrome_options = Options() - chrome_options.add_argument("--headless") - chrome_options.add_argument('--disable-dev-shm-usage') - chrome_options.add_argument("disable-infobars") - chrome_options.add_argument("--disable-extensions") - chrome_options.add_argument("--disable-gpu") - chrome_options.add_argument("--no-sandbox") - self.driver = webdriver.Chrome( - options=chrome_options) # pylint: disable=attribute-defined-outside-init - self.driver.implicitly_wait(10) - - def teardown_method(self, method): - """teardown method.""" - self.driver.quit() - - def test_primaryFunctions(self, params): - self.driver.get("http://localhost:{}/".format(params["port"])) - self.driver.set_window_size(1280, 1024) - self.driver.find_element(By.LINK_TEXT, "About").click() - self.driver.get("http://localhost:{}/ghost".format(params["port"])) - self.driver.find_element(By.ID, "identification").click() - self.driver.find_element(By.ID, "identification").send_keys("user@example.com") - self.driver.find_element(By.ID, "password").click() - self.driver.find_element(By.ID, "password").send_keys("bitnami123") - self.driver.find_element(By.ID, "password").send_keys(Keys.ENTER) - self.driver.get("http://localhost:{}/ghost/#/members".format(params["port"])) - self.driver.find_element(By.XPATH, "//span[contains(.,\'Add yourself as a member to test\')]").click() - self.driver.get("http://localhost:{}/ghost/#/editor/post".format(params["port"])) - self.driver.find_element(By.XPATH, "//textarea").send_keys("SampleRF") - self.driver.find_element(By.XPATH, "//article/div/div").click() - self.driver.find_element(By.XPATH, "//span[contains(.,\'Publish\')]").click() - self.driver.find_element(By.XPATH, "//span[contains(.,\'Continue, final review →\')]").click() - self.driver.find_element(By.XPATH, "//span[contains(.,\'Publish post, right now\')]").click() - self.driver.get("http://localhost:{}/ghost/#/settings".format(params["port"])) - self.driver.get("http://localhost:{}/ghost/#/settings/design".format(params["port"])) - self.driver.get("http://localhost:{}/ghost/#/settings/analytics".format(params["port"])) - self.driver.close() \ No newline at end of file diff --git a/community_images/grafana/ironbank/.rfignore b/community_images/grafana/ironbank/.rfignore deleted file mode 100644 index bd036ec246..0000000000 --- a/community_images/grafana/ironbank/.rfignore +++ /dev/null @@ -1 +0,0 @@ -usr/share/licenses diff --git a/community_images/grafana/ironbank/README.md b/community_images/grafana/ironbank/README.md deleted file mode 100644 index 308fabb939..0000000000 --- a/community_images/grafana/ironbank/README.md +++ /dev/null @@ -1,141 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for Grafana Ironbank - -RapidFort’s container optimization process hardened this Grafana Ironbank container. This container is free to use and has no license limitations. - -It is the same as the [Platform One Grafana Ironbank][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is Grafana Ironbank? - -> Grafana is a multi-platform open source analytics and interactive visualization web application. It provides charts, graphs, and alerts for the web when connected to supported data sources. - - -[Overview of Grafana Ironbank](https://grafana.com) - -Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - - -## How do I use this hardened Grafana Ironbank image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -# Using docker run -$ docker run -d --name=grafana -p 3000:3000 rapidfort/grafana-ib - -# Then, access it via http://localhost:3000/ or http://:3000/ in a browser. - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [Platform One Grafana Ironbank][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [Platform One Grafana Ironbank][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/grafana-ib][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=grafana-ib&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fgrafana%2Fgrafana?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=grafana-ib&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fgrafana%2Fgrafana?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=grafana-ib&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fgrafana%2Fgrafana?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=grafana-ib&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fgrafana%2Fgrafana?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=grafana-ib&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fgrafana%2Fgrafana?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=grafana-ib&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/grafana-ib?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/grafana-ib?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/grafana/ironbank/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/grafana/ironbank/assets/cve_reduction.webp - -[source-image-repo-link]: https://registry1.dso.mil/harbor/projects/3/repositories/opensource%2Fgrafana%2Fgrafana -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/grafana-ib diff --git a/community_images/grafana/ironbank/dc_coverage.sh b/community_images/grafana/ironbank/dc_coverage.sh deleted file mode 100755 index d45630af4d..0000000000 --- a/community_images/grafana/ironbank/dc_coverage.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash - -set -x -set -e - -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -# shellcheck disable=SC1091 -. "${SCRIPTPATH}"/../../common/scripts/bash_helper.sh - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" - -PROJECT_NAME=$(jq -r '.project_name' < "$JSON_PARAMS") - -PORT=3000 - -# Initiating Selenium tests -"${SCRIPTPATH}"/../../common/selenium_tests/runner-dc.sh "dummy_arg" "${PORT}" "${SCRIPTPATH}"/selenium_tests 2>&1 - -echo "Grafana cli coverage" -GRAFANA_CONTAINER=${PROJECT_NAME}-grafana-ib-1 -docker exec "${GRAFANA_CONTAINER}" grafana cli -h - -# Restart to setup and load plugins installed. -docker restart "${GRAFANA_CONTAINER}" -sleep 30 diff --git a/community_images/grafana/ironbank/docker-compose.yml b/community_images/grafana/ironbank/docker-compose.yml deleted file mode 100644 index 2fb4c679da..0000000000 --- a/community_images/grafana/ironbank/docker-compose.yml +++ /dev/null @@ -1,23 +0,0 @@ -version: '2' - -services: - prometheus: - image: rapidfort/prometheus:2.44 - ports: - - '9090:9090' - - alertmanager: - image: prom/alertmanager:v0.20.0 - ports: - - '9093:9093' - - grafana-ib: - image: ${GRAFANA_IMAGE_REPOSITORY}:${GRAFANA_IMAGE_TAG} - cap_add: - - SYS_PTRACE - environment: - - GF_INSTALL_PLUGINS=grafana-clock-panel - - GF_SERVER_ROOT_URL=http://my.grafana.server/ - ports: - - '3000:3000' - diff --git a/community_images/grafana/ironbank/image.yml b/community_images/grafana/ironbank/image.yml deleted file mode 100644 index 79df384f89..0000000000 --- a/community_images/grafana/ironbank/image.yml +++ /dev/null @@ -1,38 +0,0 @@ -name: grafana-ib -official_name: Grafana Ironbank -official_website: https://grafana.com -source_image_provider: Platform One -source_image_repo: registry1.dso.mil/ironbank/opensource/grafana/grafana -source_image_repo_link: https://registry1.dso.mil/harbor/projects/3/repositories/opensource%2Fgrafana%2Fgrafana -source_image_readme: https://repo1.dso.mil/dsop/opensource/grafana/grafana/-/blob/development/README.md -rf_docker_link: rapidfort/grafana-ib -image_workflow_name: grafana_ironbank -github_location: grafana/ironbank -report_url: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fgrafana%2Fgrafana -usage_instructions: | - # Using docker run - $ docker run -d --name=grafana -p 3000:3000 rapidfort/grafana-ib - - # Then, access it via http://localhost:3000/ or http://:3000/ in a browser. -what_is_text: | - Grafana is a multi-platform open source analytics and interactive visualization web application. It provides charts, graphs, and alerts for the web when connected to supported data sources. -disclaimer: | - Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. -input_registry: - registry: registry1.dso.mil - account: ironbank -repo_sets: - - opensource/grafana/grafana: - input_base_tag: "9.5." - output_repo: grafana-ib -runtimes: - - type: docker_compose - script: dc_coverage.sh - compose_file: docker-compose.yml - tls_certs: - generate: true - out_dir: certs - image_keys: - grafana-ib: - repository: "GRAFANA_IMAGE_REPOSITORY" - tag: "GRAFANA_IMAGE_TAG" diff --git a/community_images/grafana/ironbank/selenium_tests/__init__.py b/community_images/grafana/ironbank/selenium_tests/__init__.py deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/community_images/grafana/ironbank/selenium_tests/conftest.py b/community_images/grafana/ironbank/selenium_tests/conftest.py deleted file mode 100644 index abb22d71e3..0000000000 --- a/community_images/grafana/ironbank/selenium_tests/conftest.py +++ /dev/null @@ -1,23 +0,0 @@ -"""The conftest file for running selenium test.""" -# pylint: skip-file - -# conftest.py -import pytest # pylint: disable=import-error - - -def pytest_addoption(parser): - """The function to add options""" - parser.addoption("--server", action="store", help="grafana server") - parser.addoption("--port", action="store", - help="port for grafana container") - - -@pytest.fixture -def params(request): - """the params""" - config_params = {} - config_params['server'] = request.config.getoption('--server') - config_params['port'] = request.config.getoption('--port') - if config_params['server'] is None or config_params['port'] is None: - pytest.skip() - return config_params diff --git a/community_images/grafana/ironbank/selenium_tests/grafana_selenium_test.py b/community_images/grafana/ironbank/selenium_tests/grafana_selenium_test.py deleted file mode 100644 index 702b7aa3c8..0000000000 --- a/community_images/grafana/ironbank/selenium_tests/grafana_selenium_test.py +++ /dev/null @@ -1,165 +0,0 @@ -"""The selenium test.""" -# pylint: skip-file - -# Generated by Selenium IDE -import json # pylint: disable=import-error disable=unused-import -import time # pylint: disable=import-error disable=unused-import -import pytest # pylint: disable=import-error disable=unused-import -from selenium import webdriver # pylint: disable=import-error -from selenium.webdriver.chrome.options import Options # pylint: disable=import-error -from selenium.webdriver.common.by import By # pylint: disable=import-error -from selenium.webdriver.common.action_chains import ActionChains # pylint: disable=import-error disable=unused-import -from selenium.webdriver.support import expected_conditions # pylint: disable=import-error disable=unused-import -from selenium.webdriver.support.wait import WebDriverWait # pylint: disable=import-error disable=unused-import -from selenium.webdriver.common.keys import Keys # pylint: disable=import-error disable=unused-import -from selenium.webdriver.common.desired_capabilities import DesiredCapabilities # pylint: disable=import-error disable=unused-import -from selenium.webdriver.support import expected_conditions as EC - - -class TestGrafanatest1(): - """The test word press class for testing grafana image.""" - - def setup_method(self, method): # pylint: disable=unused-argument - """setup method.""" - chrome_options = Options() - chrome_options.add_argument("--headless") - chrome_options.add_argument('--disable-dev-shm-usage') - chrome_options.add_argument("disable-infobars") - chrome_options.add_argument("--disable-extensions") - chrome_options.add_argument("--disable-gpu") - chrome_options.add_argument("--no-sandbox") - self.driver = webdriver.Chrome( - options=chrome_options) # pylint: disable=attribute-defined-outside-init - self.driver.implicitly_wait(10) - - def teardown_method(self, method): # pylint: disable=unused-argument - """teardown method.""" - self.driver.quit() - - def test_login(self, params): - # Test name: initialize-and-setup-prometheus - # Step # | name | target | value | - # 1 | open | /login | - self.driver.get( - "http://localhost:{}/login".format( - params["port"])) # pylint: disable=consider-using-f-string - # 2 | setWindowSize | 727x785 | | - self.driver.set_window_size(727, 785) - # 3 | type | name=user | admin | - self.driver.find_element(By.NAME, "user").send_keys("admin") - # 4 | click | id=current-password | | - self.driver.find_element(By.ID, "current-password").click() - # 5 | type | id=current-password | admin | - self.driver.find_element(By.ID, "current-password").send_keys("admin") - # 6 | click | css=.css-8csoim-button > .css-1mhnkuh | | - self.driver.find_element(By.CSS_SELECTOR, ".css-8csoim-button > .css-1mhnkuh").click() - # 7 | click | css=.css-oq8fy1-button > .css-1mhnkuh | | - self.driver.find_element(By.CSS_SELECTOR, ".css-oq8fy1-button > .css-1mhnkuh").click() - # 8 | click | css=.css-hj6vlq | | - self.driver.find_element(By.CSS_SELECTOR, ".css-hj6vlq").click() - # 9 | click | css=.css-fv3lde:nth-child(7) .css-1xnfi89 | | - self.driver.find_element(By.CSS_SELECTOR, ".css-fv3lde:nth-child(7) .css-1xnfi89").click() - # 10 | click | css=.css-1y9dsbx-button | | - self.driver.find_element(By.CSS_SELECTOR, ".css-1y9dsbx-button").click() - # 11 | click | linkText=Data sources | | - self.driver.find_element(By.LINK_TEXT, "Data sources").click() - # 12 | click | xpath=//span[contains(.,'Add data source')] | | - self.driver.find_element(By.XPATH, "//span[contains(.,\'Add data source\')]").click() - - self.driver.implicitly_wait(10) - # 17 | click | xpath=//button[contains(.,'Prometheus')] | | - self.driver.find_element(By.XPATH, "//button[contains(.,\'Prometheus\')]").click() - # 18 | click | css=.css-y1sxu8 | | - self.driver.find_element(By.CSS_SELECTOR, ".css-y1sxu8").click() - # 19 | type | css=.width-20:nth-child(1) | http://10.10.0.165:9090 | - self.driver.find_element(By.CSS_SELECTOR, ".width-20:nth-child(1)").send_keys("http://localhost:9090") - # 20 | click | css=.css-z53gi5-button > .css-1mhnkuh | | - self.driver.find_element(By.CSS_SELECTOR, ".css-z53gi5-button > .css-1mhnkuh").click() - - ### Dashboards setup - # 1 | open | /datasources/edit//dashboards | | - self.driver.get( - "http://localhost:{}/datasources/edit/{}/dashboards".format( - params['port'], - self.driver.current_url[39:])) - # 2 | setWindowSize | 727x785 | | - self.driver.set_window_size(727, 785) - # 3 | click | css=tr:nth-child(2) .css-1mhnkuh | | - self.driver.find_element(By.CSS_SELECTOR, "tr:nth-child(2) .css-1mhnkuh").click() - # 4 | click | linkText=Prometheus 2.0 Stats | | - self.driver.find_element(By.LINK_TEXT, "Prometheus 2.0 Stats").click() - self.driver.implicitly_wait(10) - # 5 | runScript | window.scrollTo(0,0) | | - self.driver.execute_script("window.scrollTo(0,0)") - - ### Alert manager - # 1 | open | /connections/your-connections/datasources/new | | - self.driver.get( - "http://localhost:{}/connections/your-connections/datasources/new".format( - params['port'])) - # 2 | setWindowSize | 727x785 | | - self.driver.set_window_size(727, 785) - # 3 | click | css=.css-1mlczho-input-input | | - self.driver.find_element(By.CSS_SELECTOR, ".css-1mlczho-input-input").click() - # 4 | type | css=.css-1mlczho-input-input | alert | - self.driver.find_element(By.CSS_SELECTOR, ".css-1mlczho-input-input").send_keys("alert") - # 5 | click | css=.css-1cqw476 | | - self.driver.find_element(By.CSS_SELECTOR, ".css-1cqw476").click() - # 6 | mouseDown | xpath=//div[@id='reactRoot']/div/main/div[2]/div[3]/div/div[2]/div/div/div/div[3]/form/div[3]/div/div/div/div/div/div/div[2] | | - element = self.driver.find_element(By.XPATH, "//div[@id=\'reactRoot\']/div/main/div[2]/div[3]/div/div[2]/div/div/div/div[3]/form/div[3]/div/div/div/div/div/div/div[2]") - actions = ActionChains(self.driver) - actions.move_to_element(element).click_and_hold().perform() - # 7 | click | css=#react-select-2-option-2 .css-1gncicp-grafana-select-option-description | | - self.driver.find_element(By.CSS_SELECTOR, "#react-select-2-option-2 .css-1gncicp-grafana-select-option-description").click() - # 8 | click | css=.css-y1sxu8 | | - self.driver.find_element(By.CSS_SELECTOR, ".css-y1sxu8").click() - # 9 | type | css=.gf-form-input:nth-child(1) | http://10.10.0.165:9093 | - self.driver.find_element(By.CSS_SELECTOR, ".gf-form-input:nth-child(1)").send_keys("http://localhost:9093") - # 10 | click | css=.css-z53gi5-button > .css-1mhnkuh | | - self.driver.find_element(By.CSS_SELECTOR, ".css-z53gi5-button > .css-1mhnkuh").click() - - ### User management - # 1 | open | /admin/users/create | | - self.driver.get( - "http://localhost:{}/admin/users/create".format( - params['port'])) - # 2 | setWindowSize | 727x785 | | - self.driver.set_window_size(727, 785) - # 3 | click | id=name-input | | - self.driver.find_element(By.ID, "name-input").click() - # 4 | type | id=name-input | new user | - self.driver.find_element(By.ID, "name-input").send_keys("new user") - # 5 | click | id=email-input | | - self.driver.find_element(By.ID, "email-input").click() - # 6 | type | id=email-input | new@user.com | - self.driver.find_element(By.ID, "email-input").send_keys("new@user.com") - # 7 | click | id=username-input | | - self.driver.find_element(By.ID, "username-input").click() - # 8 | type | id=username-input | new-user | - self.driver.find_element(By.ID, "username-input").send_keys("new-user") - # 9 | click | id=password-input | | - self.driver.find_element(By.ID, "password-input").click() - # 10 | type | id=password-input | newuser | - self.driver.find_element(By.ID, "password-input").send_keys("newuser") - # 11 | click | css=.css-1mhnkuh | | - self.driver.find_element(By.CSS_SELECTOR, ".css-1mhnkuh").click() - # 12 | click | css=.css-1fwxvu6 | | - self.driver.find_element(By.CSS_SELECTOR, ".css-1fwxvu6").click() - self.driver.implicitly_wait(5) - - ### New User login - self.driver.get( - "http://localhost:{}/logout".format( - params['port'])) - # 1 | click | name=user | | - self.driver.find_element(By.NAME, "user").click() - # 2 | type | name=user | new-user | - self.driver.find_element(By.NAME, "user").send_keys("new-user") - # 3 | click | id=current-password | | - self.driver.find_element(By.ID, "current-password").click() - # 4 | type | id=current-password | newuser | - self.driver.find_element(By.ID, "current-password").send_keys("newuser") - # 5 | click | css=.css-8csoim-button > .css-1mhnkuh | | - self.driver.find_element(By.CSS_SELECTOR, ".css-8csoim-button > .css-1mhnkuh").click() - # 6 | click | css=.css-1fwxvu6 | | - self.driver.find_element(By.CSS_SELECTOR, ".css-1fwxvu6").click() diff --git a/community_images/haproxy/bitnami/.rfignore b/community_images/haproxy/bitnami/.rfignore deleted file mode 100644 index 3c79ad56d8..0000000000 --- a/community_images/haproxy/bitnami/.rfignore +++ /dev/null @@ -1,4 +0,0 @@ -opt/bitnami/common/licenses -opt/bitnami/licenses -opt/bitnami/haproxy/licenses -usr/share/common-licenses diff --git a/community_images/haproxy/bitnami/README.md b/community_images/haproxy/bitnami/README.md deleted file mode 100644 index 6428ad358d..0000000000 --- a/community_images/haproxy/bitnami/README.md +++ /dev/null @@ -1,142 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for HAProxy - -RapidFort’s container optimization process hardened this HAProxy container. This container is free to use and has no license limitations. - -It is the same as the [Bitnami HAProxy][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is HAProxy? - -> HAProxy is a TCP proxy and a HTTP reverse proxy. It supports SSL termination and offloading, TCP and HTTP normalization, traffic regulation, caching and protection against DDoS attacks. - - -[Overview of HAProxy](http://www.haproxy.org/) - -Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - - -## How do I use this hardened HAProxy image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -$ helm repo add bitnami https://charts.bitnami.com/haproxy - -# install haproxy, just replace repository with RapidFort registry -$ helm install my-haproxy bitnami/haproxy --set image.repository=rapidfort/haproxy - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [Bitnami HAProxy][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [Bitnami HAProxy][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/haproxy][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links -* [`2`, `2-debian-11`, `2.9.0`, `2.9.0-debian-11-r` (2/debian-11/Dockerfile)](https://github.com/bitnami/containers/tree/main/bitnami/haproxy/2/debian-11/Dockerfile) - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=haproxy&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fhaproxy?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=haproxy&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fhaproxy?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=haproxy&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fhaproxy?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=haproxy&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fhaproxy?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=haproxy&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fhaproxy?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=haproxy&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/haproxy?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/haproxy?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/haproxy/bitnami/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/haproxy/bitnami/assets/cve_reduction.webp - -[source-image-repo-link]: https://hub.docker.com/r/bitnami/haproxy -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/haproxy diff --git a/community_images/haproxy/bitnami/assets/cve_reduction.webp b/community_images/haproxy/bitnami/assets/cve_reduction.webp deleted file mode 100644 index 1f509ab5bb..0000000000 Binary files a/community_images/haproxy/bitnami/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/haproxy/bitnami/assets/metrics.webp b/community_images/haproxy/bitnami/assets/metrics.webp deleted file mode 100644 index 59f0b213f3..0000000000 Binary files a/community_images/haproxy/bitnami/assets/metrics.webp and /dev/null differ diff --git a/community_images/haproxy/bitnami/configs/haproxy-tcp.cfg b/community_images/haproxy/bitnami/configs/haproxy-tcp.cfg deleted file mode 100644 index 5655892b59..0000000000 --- a/community_images/haproxy/bitnami/configs/haproxy-tcp.cfg +++ /dev/null @@ -1,48 +0,0 @@ -global - log 127.0.0.1 local0 - cpu-map 1-4 0-3 - chroot /opt/bitnami/haproxy - mworker-max-reloads 3 - maxconn 256 - uid 99 - gid 99 - user root - hard-stop-after 100s - pidfile ./haproxy.pidfile - stats socket /tmp/haproxy - set-dumpable - server-state-file /etc/haproxy/state/current - setenv IMAGEFILEENDINGS ".gif .jpg .png" - strict-limits - no busy-polling - spread-checks 5 - max-spread-checks 15000 - maxcompcpuusage 90 - ssl-default-bind-ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS - ssl-default-bind-options no-sslv3 no-tls-tickets - ssl-default-server-ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS - ssl-default-server-options no-sslv3 no-tls-tickets - -defaults - timeout queue 100s - option checkcache - option httpchk - option tcplog - load-server-state-from-file global - compression algo identity - -frontend http-in - bind *:80 - timeout client 60s - default_backend flask - capture cookie ASPSESSION len 32 - -backend flask - timeout connect 10s - timeout server 100s - mode tcp - fullconn 10000 - balance roundrobin - server web1 python-flask-1:8080 - server web2 python-flask-2:8080 - diff --git a/community_images/haproxy/bitnami/configs/haproxy.cfg b/community_images/haproxy/bitnami/configs/haproxy.cfg deleted file mode 100755 index 6fd4b93a6d..0000000000 --- a/community_images/haproxy/bitnami/configs/haproxy.cfg +++ /dev/null @@ -1,45 +0,0 @@ -global - maxconn 256 - spread-checks 3 - ca-base /etc/ssl/certs - crt-base /etc/ssl/private -frontend http-in - bind *:80 - mode http - timeout client 60s - - acl app1 path_end -i /app1 - acl app2 path_end -i /app2 - http-request deny if { path -i -m beg /admin } - - use_backend app1Servers if app1 - use_backend app2Servers if app2 - - default_backend flask - -backend app1Servers - timeout connect 10s - timeout server 10s - mode http - balance source - server web1 python-flask-1:8080 - server web2 python-flask-2:8080 - -backend app2Servers - timeout connect 10s - timeout server 15s - mode http - balance source - server web3 python-flask-3:8080 - server web4 python-flask-4:8080 - -backend flask - timeout connect 10s - timeout server 100s - mode http - balance source - server web1 python-flask-1:8080 - server web2 python-flask-2:8080 - server web3 python-flask-3:8080 - server web4 python-flask-4:8080 - diff --git a/community_images/haproxy/bitnami/configs/sample-server/app/app.py b/community_images/haproxy/bitnami/configs/sample-server/app/app.py deleted file mode 100644 index 80df4dc430..0000000000 --- a/community_images/haproxy/bitnami/configs/sample-server/app/app.py +++ /dev/null @@ -1,48 +0,0 @@ -""" Sample flask app for testing """ -import socket -from flask import Flask,render_template # pylint: disable=import-error - -app = Flask(__name__) - -@app.route("/") -def index(): - """ add index route """ - try: - host_name = socket.gethostname() - host_ip = socket.gethostbyname(host_name) - return render_template('index.html', hostname=host_name, ip=host_ip, message = "Home page") - except Exception as _: # pylint: disable=broad-except - return render_template('error.html') - -@app.route("/app1") -def app1(): - """ app1 route """ - try: - host_name = socket.gethostname() - host_ip = socket.gethostbyname(host_name) - return render_template('index.html', hostname=host_name, ip=host_ip, message = "App1 page") - except Exception as _: # pylint: disable=broad-except - return render_template('error.html') - -@app.route("/app2") -def app2(): - """ app2 route """ - try: - host_name = socket.gethostname() - host_ip = socket.gethostbyname(host_name) - return render_template('index.html', hostname=host_name, ip=host_ip, message = "App2 page") - except Exception as _: # pylint: disable=broad-except - return render_template('error.html') - -@app.route("/admin") -def admin(): - """ admin route """ - try: - host_name = socket.gethostname() - host_ip = socket.gethostbyname(host_name) - return render_template('index.html', hostname=host_name, ip=host_ip, message = "Admin page (privileged)") - except Exception as _: # pylint: disable=broad-except - return render_template('error.html') - -if __name__ == "__main__": - app.run(host='0.0.0.0', port=8080) diff --git a/community_images/haproxy/bitnami/configs/sample-server/app/templates/error.html b/community_images/haproxy/bitnami/configs/sample-server/app/templates/error.html deleted file mode 100644 index ade0fa0e74..0000000000 --- a/community_images/haproxy/bitnami/configs/sample-server/app/templates/error.html +++ /dev/null @@ -1,10 +0,0 @@ - - - - - Error Occurred - - - Can not print the IP address of the container - - \ No newline at end of file diff --git a/community_images/haproxy/bitnami/configs/sample-server/app/templates/index.html b/community_images/haproxy/bitnami/configs/sample-server/app/templates/index.html deleted file mode 100644 index 83abebc03a..0000000000 --- a/community_images/haproxy/bitnami/configs/sample-server/app/templates/index.html +++ /dev/null @@ -1,10 +0,0 @@ - - - - - {{ message }} - - -The hostname of the container is {{ hostname }} and its IP is {{ ip }}. - - \ No newline at end of file diff --git a/community_images/haproxy/bitnami/dc_coverage.sh b/community_images/haproxy/bitnami/dc_coverage.sh deleted file mode 100755 index c81b4a4a7c..0000000000 --- a/community_images/haproxy/bitnami/dc_coverage.sh +++ /dev/null @@ -1,78 +0,0 @@ -#!/bin/bash - -set -x -set -e - -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -# shellcheck disable=SC1091 -. "${SCRIPTPATH}"/../../common/scripts/bash_helper.sh - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" - -CONTAINER_NAME=haproxy - -# log for debugging -docker inspect "${CONTAINER_NAME}" - -# finding port -docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"80/tcp\"[0].HostPort" -PORT=$(docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"80/tcp\"[0].HostPort") - -# run curl in loop (roundrobin) -for i in {1..10}; -do - echo "Attempt $i" - curl http://localhost:"${PORT}" -done - -# run curl in loop for app1 route -for i in {1..10}; -do - echo "Attempt $i" - curl http://localhost:"${PORT}"/app1 -done - -# run curl in loop for app2 route -for i in {1..10}; -do - echo "Attempt $i" - curl http://localhost:"${PORT}"/app2 -done - -# Running curl for admin (disabled by acl) -curl http://localhost:"${PORT}"/admin - -# Changing load balancing mode from roundrobin to leastconn -docker exec -i "${CONTAINER_NAME}" cp /bitnami/haproxy/conf/haproxy.cfg /bitnami/haproxy/haproxy.cfg -docker exec -i "${CONTAINER_NAME}" sed -i 's/roundrobin/leastconn/g' /bitnami/haproxy/haproxy.cfg -docker exec -i "${CONTAINER_NAME}" cp /bitnami/haproxy/haproxy.cfg /bitnami/haproxy/conf/haproxy.cfg -# reloading -docker kill -s HUP haproxy -sleep 5 -# Checking leastconn -# run curl in loop -for i in {1..10}; -do - echo "Attempt $i" - curl http://localhost:"${PORT}" -done - -# Changing load balancing mode from leastconn to source mode -docker exec -i "${CONTAINER_NAME}" cp /bitnami/haproxy/conf/haproxy.cfg /bitnami/haproxy/haproxy.cfg -docker exec -i "${CONTAINER_NAME}" sed -i 's/leastconn/source/g' /bitnami/haproxy/haproxy.cfg -docker exec -i "${CONTAINER_NAME}" cp /bitnami/haproxy/haproxy.cfg /bitnami/haproxy/conf/haproxy.cfg -# reloading -docker kill -s HUP haproxy -sleep 5 -# Checking source mode -# run curl in loop -for i in {1..10}; -do - echo "Attempt $i" - curl http://localhost:"${PORT}" -done \ No newline at end of file diff --git a/community_images/haproxy/bitnami/dc_coverage_tcp.sh b/community_images/haproxy/bitnami/dc_coverage_tcp.sh deleted file mode 100755 index c0bc191b08..0000000000 --- a/community_images/haproxy/bitnami/dc_coverage_tcp.sh +++ /dev/null @@ -1,61 +0,0 @@ -#!/bin/bash - -set -x -set -e - -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -# shellcheck disable=SC1091 -. "${SCRIPTPATH}"/../../common/scripts/bash_helper.sh - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" - -CONTAINER_NAME=haproxy - -# log for debugging -docker inspect "${CONTAINER_NAME}" - -# finding port -docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"80/tcp\"[0].HostPort" -PORT=$(docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"80/tcp\"[0].HostPort") - -# run curl in loop (roundrobin) -for i in {1..5}; -do - echo "Attempt $i" - curl http://localhost:"${PORT}" -done - -# Changing compression algo from identity to gzip -docker exec -i "${CONTAINER_NAME}" cp /bitnami/haproxy/conf/haproxy.cfg /bitnami/haproxy/haproxy.cfg -docker exec -i "${CONTAINER_NAME}" sed -i 's/identity/gzip/g' /bitnami/haproxy/haproxy.cfg -docker exec -i "${CONTAINER_NAME}" cp /bitnami/haproxy/haproxy.cfg /bitnami/haproxy/conf/haproxy.cfg -# reloading -docker kill -s HUP haproxy -sleep 5 -# Checking leastconn -# run curl in loop -for i in {1..4}; -do - echo "Attempt $i" - curl http://localhost:"${PORT}" -done - -# Changing compression algo from gzip to deflate -docker exec -i "${CONTAINER_NAME}" cp /bitnami/haproxy/conf/haproxy.cfg /bitnami/haproxy/haproxy.cfg -docker exec -i "${CONTAINER_NAME}" sed -i 's/gzip/deflate/g' /bitnami/haproxy/haproxy.cfg -docker exec -i "${CONTAINER_NAME}" cp /bitnami/haproxy/haproxy.cfg /bitnami/haproxy/conf/haproxy.cfg -# reloading -docker kill -s HUP haproxy -sleep 5 -# Checking source mode -# run curl in loop -for i in {1..10}; -do - echo "Attempt $i" - curl http://localhost:"${PORT}" -done \ No newline at end of file diff --git a/community_images/haproxy/bitnami/docker-compose-tcp.yml b/community_images/haproxy/bitnami/docker-compose-tcp.yml deleted file mode 100755 index d9eb1b8e04..0000000000 --- a/community_images/haproxy/bitnami/docker-compose-tcp.yml +++ /dev/null @@ -1,58 +0,0 @@ -version: '2' - -services: - python-flask-1: - image: python:3.6 - volumes: - - ./configs/sample-server/app:/app - container_name: python-flask-1 - cap_add: - - SYS_PTRACE - networks: - - haproxy - expose: - - "8080" - command: - - /bin/bash - - -c - - | - pip install flask==1.0.2 - python3 app/app.py - - python-flask-2: - image: python:3.6 - volumes: - - ./configs/sample-server/app:/app - container_name: python-flask-2 - cap_add: - - SYS_PTRACE - networks: - - haproxy - expose: - - "8080" - command: - - /bin/bash - - -c - - | - pip install flask==1.0.2 - python3 app/app.py - - haproxy: - image: ${HAPROXY_IMAGE_REPOSITORY}:${HAPROXY_IMAGE_TAG} - user: root - volumes: - - ./configs/haproxy-tcp.cfg:/bitnami/haproxy/conf/haproxy.cfg - container_name: haproxy - networks: - - haproxy - cap_add: - - SYS_PTRACE - ports: - - '0.0.0.0::80' - depends_on: - - python-flask-1 - - python-flask-2 - -networks: - haproxy: - driver: bridge diff --git a/community_images/haproxy/bitnami/docker-compose.yml b/community_images/haproxy/bitnami/docker-compose.yml deleted file mode 100755 index d4acc765cb..0000000000 --- a/community_images/haproxy/bitnami/docker-compose.yml +++ /dev/null @@ -1,96 +0,0 @@ -version: '2' - -services: - python-flask-1: - image: python:3.6 - volumes: - - ./configs/sample-server/app:/app - container_name: python-flask-1 - cap_add: - - SYS_PTRACE - networks: - - haproxy - expose: - - "8080" - command: - - /bin/bash - - -c - - | - pip install flask==1.0.2 - python3 app/app.py - - python-flask-2: - image: python:3.6 - volumes: - - ./configs/sample-server/app:/app - container_name: python-flask-2 - cap_add: - - SYS_PTRACE - networks: - - haproxy - expose: - - "8080" - command: - - /bin/bash - - -c - - | - pip install flask==1.0.2 - python3 app/app.py - - python-flask-3: - image: python:3.6 - volumes: - - ./configs/sample-server/app:/app - container_name: python-flask-3 - cap_add: - - SYS_PTRACE - networks: - - haproxy - expose: - - "8080" - command: - - /bin/bash - - -c - - | - pip install flask==1.0.2 - python3 app/app.py - - python-flask-4: - image: python:3.6 - volumes: - - ./configs/sample-server/app:/app - container_name: python-flask-4 - cap_add: - - SYS_PTRACE - networks: - - haproxy - expose: - - "8080" - command: - - /bin/bash - - -c - - | - pip install flask==1.0.2 - python3 app/app.py - - haproxy: - image: ${HAPROXY_IMAGE_REPOSITORY}:${HAPROXY_IMAGE_TAG} - user: root - volumes: - - ./configs/haproxy.cfg:/bitnami/haproxy/conf/haproxy.cfg - container_name: haproxy - networks: - - haproxy - cap_add: - - SYS_PTRACE - ports: - - '0.0.0.0::80' - depends_on: - - python-flask-1 - - python-flask-2 - - python-flask-3 - - python-flask-4 - -networks: - haproxy: - driver: bridge diff --git a/community_images/haproxy/bitnami/image.yml b/community_images/haproxy/bitnami/image.yml deleted file mode 100755 index ac06ae4d09..0000000000 --- a/community_images/haproxy/bitnami/image.yml +++ /dev/null @@ -1,63 +0,0 @@ -name: haproxy -official_name: HAProxy -official_website: http://www.haproxy.org/ -source_image_provider: Bitnami -source_image_repo: docker.io/bitnami/haproxy -source_image_repo_link: https://hub.docker.com/r/bitnami/haproxy -source_image_readme: https://github.com/bitnami/containers/blob/main/bitnami/haproxy/README.md -rf_docker_link: rapidfort/haproxy -image_workflow_name: haproxy_bitnami -github_location: haproxy/bitnami -report_url: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fhaproxy -usage_instructions: | - $ helm repo add bitnami https://charts.bitnami.com/haproxy - - # install haproxy, just replace repository with RapidFort registry - $ helm install my-haproxy bitnami/haproxy --set image.repository=rapidfort/haproxy -what_is_text: | - HAProxy is a TCP proxy and a HTTP reverse proxy. It supports SSL termination and offloading, TCP and HTTP normalization, traffic regulation, caching and protection against DDoS attacks. -disclaimer: | - Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. -input_registry: - registry: docker.io - account: bitnami -repo_sets: - - haproxy: - input_base_tag: "2.8.3-debian-11-r" -runtimes: - - type: k8s - script: k8s_coverage.sh - helm: - repo: bitnami - repo_url: https://charts.bitnami.com/bitnami - chart: haproxy - tls_certs: - generate: true - secret_name: localhost-server-tls - common_name: localhost - image_keys: - haproxy: - repository: "image.repository" - tag: "image.tag" - override_file: "overrides.yml" - - type: docker_compose - script: dc_coverage.sh - compose_file: docker-compose.yml - tls_certs: - generate: true - out_dir: certs - image_keys: - haproxy: - repository: "HAPROXY_IMAGE_REPOSITORY" - tag: "HAPROXY_IMAGE_TAG" - - type: docker_compose - script: dc_coverage_tcp.sh - compose_file: docker-compose-tcp.yml - tls_certs: - generate: true - out_dir: certs - image_keys: - haproxy: - repository: "HAPROXY_IMAGE_REPOSITORY" - tag: "HAPROXY_IMAGE_TAG" - diff --git a/community_images/haproxy/bitnami/k8s_coverage.sh b/community_images/haproxy/bitnami/k8s_coverage.sh deleted file mode 100755 index 3ab8bb7d5b..0000000000 --- a/community_images/haproxy/bitnami/k8s_coverage.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/bash - -set -x -set -e - -JSON_PARAMS="$1" - -NAMESPACE=$(jq -r '.namespace_name' < "$JSON_PARAMS") -RELEASE_NAME=$(jq -r '.release_name' < "$JSON_PARAMS") - -# fetch service url and store the urls in URLS file -rm -f URLS -minikube service "${RELEASE_NAME}" -n "${NAMESPACE}" --url | tee -a URLS -cat URLS -rm URLS \ No newline at end of file diff --git a/community_images/haproxy/bitnami/overrides.yml b/community_images/haproxy/bitnami/overrides.yml deleted file mode 100755 index 8d5ae45bce..0000000000 --- a/community_images/haproxy/bitnami/overrides.yml +++ /dev/null @@ -1,17 +0,0 @@ -image: - pullSecrets: ["rf-regcred"] - pullPolicy: Always -containerSecurityContext: - enabled: true - runAsUser: 1001 - capabilities: - add: ["SYS_PTRACE"] -extraEnvVars: - - name: "RF_VERBOSE" - value: "0" -livenessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 -readinessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 diff --git a/community_images/haproxy/ironbank/README.md b/community_images/haproxy/ironbank/README.md deleted file mode 100755 index ff80cff619..0000000000 --- a/community_images/haproxy/ironbank/README.md +++ /dev/null @@ -1,139 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for HAProxy IronBank - -RapidFort’s container optimization process hardened this HAProxy IronBank container. This container is free to use and has no license limitations. - -It is the same as the [Platform One HAProxy IronBank][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is HAProxy IronBank? - -> HAProxy is a TCP proxy and a HTTP reverse proxy. It supports SSL termination and offloading, TCP and HTTP normalization, traffic regulation, caching and protection against DDoS attacks. - - -[Overview of HAProxy IronBank](http://www.haproxy.org/) - -Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - - -## How do I use this hardened HAProxy IronBank image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -# Using docker run via bind mount: -$ docker run -d --name my-haproxy -v /path/to/etc/haproxy:/usr/local/etc/haproxy:ro --sysctl net.ipv4.ip_unprivileged_port_start=0 rapidfort/haproxy24-ib - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [Platform One HAProxy IronBank][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [Platform One HAProxy IronBank][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/haproxy24-ib][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=haproxy-ib&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fhaproxy%2Fhaproxy24?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=haproxy-ib&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fhaproxy%2Fhaproxy24?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=haproxy-ib&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fhaproxy%2Fhaproxy24?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=haproxy-ib&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fhaproxy%2Fhaproxy24?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=haproxy-ib&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fhaproxy%2Fhaproxy24?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=haproxy-ib&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/haproxy24-ib?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/haproxy24-ib?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/haproxy/ironbank/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/haproxy/ironbank/assets/cve_reduction.webp - -[source-image-repo-link]: https://registry1.dso.mil/harbor/projects/3/repositories/opensource%2Fhaproxy%2Fhaproxy24 -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/haproxy24-ib diff --git a/community_images/haproxy/ironbank/assets/cve_reduction.webp b/community_images/haproxy/ironbank/assets/cve_reduction.webp deleted file mode 100644 index 331052946a..0000000000 Binary files a/community_images/haproxy/ironbank/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/haproxy/ironbank/assets/metrics.webp b/community_images/haproxy/ironbank/assets/metrics.webp deleted file mode 100644 index f6322b72f5..0000000000 Binary files a/community_images/haproxy/ironbank/assets/metrics.webp and /dev/null differ diff --git a/community_images/haproxy/ironbank/configs/http-mode/haproxy1.cfg b/community_images/haproxy/ironbank/configs/http-mode/haproxy1.cfg deleted file mode 100755 index d7f51b1a77..0000000000 --- a/community_images/haproxy/ironbank/configs/http-mode/haproxy1.cfg +++ /dev/null @@ -1,45 +0,0 @@ -global - maxconn 256 - spread-checks 3 - ca-base /etc/ssl/certs - crt-base /etc/ssl/private -frontend http-in - bind *:80 - mode http - timeout client 60s - - acl app1 path_end -i /app1 - acl app2 path_end -i /app2 - http-request deny if { path -i -m beg /admin } - - use_backend app1Servers if app1 - use_backend app2Servers if app2 - - default_backend flask - -backend app1Servers - timeout connect 10s - timeout server 10s - mode http - balance roundrobin - server web1 python-flask-1:8080 - server web2 python-flask-2:8080 - -backend app2Servers - timeout connect 10s - timeout server 15s - mode http - balance roundrobin - server web3 python-flask-3:8080 - server web4 python-flask-4:8080 - -backend flask - timeout connect 10s - timeout server 100s - mode http - balance roundrobin - server web1 python-flask-1:8080 - server web2 python-flask-2:8080 - server web3 python-flask-3:8080 - server web4 python-flask-4:8080 - diff --git a/community_images/haproxy/ironbank/configs/http-mode/haproxy2.cfg b/community_images/haproxy/ironbank/configs/http-mode/haproxy2.cfg deleted file mode 100755 index 51231f504a..0000000000 --- a/community_images/haproxy/ironbank/configs/http-mode/haproxy2.cfg +++ /dev/null @@ -1,45 +0,0 @@ -global - maxconn 256 - spread-checks 3 - ca-base /etc/ssl/certs - crt-base /etc/ssl/private -frontend http-in - bind *:80 - mode http - timeout client 60s - - acl app1 path_end -i /app1 - acl app2 path_end -i /app2 - http-request deny if { path -i -m beg /admin } - - use_backend app1Servers if app1 - use_backend app2Servers if app2 - - default_backend flask - -backend app1Servers - timeout connect 10s - timeout server 10s - mode http - balance leastconn - server web1 python-flask-1:8080 - server web2 python-flask-2:8080 - -backend app2Servers - timeout connect 10s - timeout server 15s - mode http - balance leastconn - server web3 python-flask-3:8080 - server web4 python-flask-4:8080 - -backend flask - timeout connect 10s - timeout server 100s - mode http - balance leastconn - server web1 python-flask-1:8080 - server web2 python-flask-2:8080 - server web3 python-flask-3:8080 - server web4 python-flask-4:8080 - diff --git a/community_images/haproxy/ironbank/configs/http-mode/haproxy3.cfg b/community_images/haproxy/ironbank/configs/http-mode/haproxy3.cfg deleted file mode 100755 index 6fd4b93a6d..0000000000 --- a/community_images/haproxy/ironbank/configs/http-mode/haproxy3.cfg +++ /dev/null @@ -1,45 +0,0 @@ -global - maxconn 256 - spread-checks 3 - ca-base /etc/ssl/certs - crt-base /etc/ssl/private -frontend http-in - bind *:80 - mode http - timeout client 60s - - acl app1 path_end -i /app1 - acl app2 path_end -i /app2 - http-request deny if { path -i -m beg /admin } - - use_backend app1Servers if app1 - use_backend app2Servers if app2 - - default_backend flask - -backend app1Servers - timeout connect 10s - timeout server 10s - mode http - balance source - server web1 python-flask-1:8080 - server web2 python-flask-2:8080 - -backend app2Servers - timeout connect 10s - timeout server 15s - mode http - balance source - server web3 python-flask-3:8080 - server web4 python-flask-4:8080 - -backend flask - timeout connect 10s - timeout server 100s - mode http - balance source - server web1 python-flask-1:8080 - server web2 python-flask-2:8080 - server web3 python-flask-3:8080 - server web4 python-flask-4:8080 - diff --git a/community_images/haproxy/ironbank/configs/sample-server/app/app.py b/community_images/haproxy/ironbank/configs/sample-server/app/app.py deleted file mode 100755 index 9b174811ab..0000000000 --- a/community_images/haproxy/ironbank/configs/sample-server/app/app.py +++ /dev/null @@ -1,48 +0,0 @@ -""" Sample flask app for testing """ -import socket -from flask import Flask,render_template - -app = Flask(__name__) - -@app.route("/") -def index(): - """ add index route """ - try: - host_name = socket.gethostname() - host_ip = socket.gethostbyname(host_name) - return render_template('index.html', hostname=host_name, ip=host_ip, message = "Home page") - except Exception as _: # pylint: disable=broad-except - return render_template('error.html') - -@app.route("/app1") -def app1(): - """ app1 route """ - try: - host_name = socket.gethostname() - host_ip = socket.gethostbyname(host_name) - return render_template('index.html', hostname=host_name, ip=host_ip, message = "App1 page") - except Exception as _: # pylint: disable=broad-except - return render_template('error.html') - -@app.route("/app2") -def app2(): - """ app2 route """ - try: - host_name = socket.gethostname() - host_ip = socket.gethostbyname(host_name) - return render_template('index.html', hostname=host_name, ip=host_ip, message = "App2 page") - except Exception as _: # pylint: disable=broad-except - return render_template('error.html') - -@app.route("/admin") -def admin(): - """ admin route """ - try: - host_name = socket.gethostname() - host_ip = socket.gethostbyname(host_name) - return render_template('index.html', hostname=host_name, ip=host_ip, message = "Admin page (privileged)") - except Exception as _: # pylint: disable=broad-except - return render_template('error.html') - -if __name__ == "__main__": - app.run(host='0.0.0.0', port=8080) diff --git a/community_images/haproxy/ironbank/configs/sample-server/app/templates/error.html b/community_images/haproxy/ironbank/configs/sample-server/app/templates/error.html deleted file mode 100644 index ade0fa0e74..0000000000 --- a/community_images/haproxy/ironbank/configs/sample-server/app/templates/error.html +++ /dev/null @@ -1,10 +0,0 @@ - - - - - Error Occurred - - - Can not print the IP address of the container - - \ No newline at end of file diff --git a/community_images/haproxy/ironbank/configs/sample-server/app/templates/index.html b/community_images/haproxy/ironbank/configs/sample-server/app/templates/index.html deleted file mode 100644 index 83abebc03a..0000000000 --- a/community_images/haproxy/ironbank/configs/sample-server/app/templates/index.html +++ /dev/null @@ -1,10 +0,0 @@ - - - - - {{ message }} - - -The hostname of the container is {{ hostname }} and its IP is {{ ip }}. - - \ No newline at end of file diff --git a/community_images/haproxy/ironbank/configs/tcp-mode/haproxy-tcp1.cfg b/community_images/haproxy/ironbank/configs/tcp-mode/haproxy-tcp1.cfg deleted file mode 100755 index 1b5d62f4a2..0000000000 --- a/community_images/haproxy/ironbank/configs/tcp-mode/haproxy-tcp1.cfg +++ /dev/null @@ -1,47 +0,0 @@ -global - log 127.0.0.1 local0 - cpu-map 1-4 0-3 - mworker-max-reloads 3 - maxconn 256 - uid 99 - gid 99 - user root - hard-stop-after 100s - pidfile ./haproxy.pidfile - stats socket /tmp/haproxy - set-dumpable - server-state-file /etc/haproxy/state/current - setenv IMAGEFILEENDINGS ".gif .jpg .png" - strict-limits - no busy-polling - spread-checks 5 - max-spread-checks 15000 - maxcompcpuusage 90 - ssl-default-bind-ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS - ssl-default-bind-options no-sslv3 no-tls-tickets - ssl-default-server-ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS - ssl-default-server-options no-sslv3 no-tls-tickets - -defaults - timeout queue 100s - option checkcache - option httpchk - option tcplog - load-server-state-from-file global - compression algo identity - -frontend http-in - bind *:80 - timeout client 60s - default_backend flask - capture cookie ASPSESSION len 32 - -backend flask - timeout connect 10s - timeout server 100s - mode tcp - fullconn 10000 - balance roundrobin - server web1 python-flask-1:8080 - server web2 python-flask-2:8080 - diff --git a/community_images/haproxy/ironbank/configs/tcp-mode/haproxy-tcp2.cfg b/community_images/haproxy/ironbank/configs/tcp-mode/haproxy-tcp2.cfg deleted file mode 100755 index f0897cad62..0000000000 --- a/community_images/haproxy/ironbank/configs/tcp-mode/haproxy-tcp2.cfg +++ /dev/null @@ -1,47 +0,0 @@ -global - log 127.0.0.1 local0 - cpu-map 1-4 0-3 - mworker-max-reloads 3 - maxconn 256 - uid 99 - gid 99 - user root - hard-stop-after 100s - pidfile ./haproxy.pidfile - stats socket /tmp/haproxy - set-dumpable - server-state-file /etc/haproxy/state/current - setenv IMAGEFILEENDINGS ".gif .jpg .png" - strict-limits - no busy-polling - spread-checks 5 - max-spread-checks 15000 - maxcompcpuusage 90 - ssl-default-bind-ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS - ssl-default-bind-options no-sslv3 no-tls-tickets - ssl-default-server-ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS - ssl-default-server-options no-sslv3 no-tls-tickets - -defaults - timeout queue 100s - option checkcache - option httpchk - option tcplog - load-server-state-from-file global - compression algo gzip - -frontend http-in - bind *:80 - timeout client 60s - default_backend flask - capture cookie ASPSESSION len 32 - -backend flask - timeout connect 10s - timeout server 100s - mode tcp - fullconn 10000 - balance roundrobin - server web1 python-flask-1:8080 - server web2 python-flask-2:8080 - diff --git a/community_images/haproxy/ironbank/configs/tcp-mode/haproxy-tcp3.cfg b/community_images/haproxy/ironbank/configs/tcp-mode/haproxy-tcp3.cfg deleted file mode 100755 index 69bf48c46b..0000000000 --- a/community_images/haproxy/ironbank/configs/tcp-mode/haproxy-tcp3.cfg +++ /dev/null @@ -1,47 +0,0 @@ -global - log 127.0.0.1 local0 - cpu-map 1-4 0-3 - mworker-max-reloads 3 - maxconn 256 - uid 99 - gid 99 - user root - hard-stop-after 100s - pidfile ./haproxy.pidfile - stats socket /tmp/haproxy - set-dumpable - server-state-file /etc/haproxy/state/current - setenv IMAGEFILEENDINGS ".gif .jpg .png" - strict-limits - no busy-polling - spread-checks 5 - max-spread-checks 15000 - maxcompcpuusage 90 - ssl-default-bind-ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS - ssl-default-bind-options no-sslv3 no-tls-tickets - ssl-default-server-ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS - ssl-default-server-options no-sslv3 no-tls-tickets - -defaults - timeout queue 100s - option checkcache - option httpchk - option tcplog - load-server-state-from-file global - compression algo deflate - -frontend http-in - bind *:80 - timeout client 60s - default_backend flask - capture cookie ASPSESSION len 32 - -backend flask - timeout connect 10s - timeout server 100s - mode tcp - fullconn 10000 - balance roundrobin - server web1 python-flask-1:8080 - server web2 python-flask-2:8080 - diff --git a/community_images/haproxy/ironbank/dc_coverage.sh b/community_images/haproxy/ironbank/dc_coverage.sh deleted file mode 100755 index 4ea04d8fee..0000000000 --- a/community_images/haproxy/ironbank/dc_coverage.sh +++ /dev/null @@ -1,73 +0,0 @@ -#!/bin/bash - -set -x -set -e - -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -# shellcheck disable=SC1091 -. "${SCRIPTPATH}"/../../common/scripts/bash_helper.sh - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" - -# roundrobin mode -CONTAINER1_NAME=haproxy-1 -# leastconn mode -CONTAINER2_NAME=haproxy-2 -# source mode -CONTAINER3_NAME=haproxy-3 - -# log for debugging -docker inspect "${CONTAINER1_NAME}" -docker inspect "${CONTAINER2_NAME}" -docker inspect "${CONTAINER3_NAME}" - -# finding ports -docker inspect "${CONTAINER1_NAME}" | jq -r ".[].NetworkSettings.Ports.\"80/tcp\"[0].HostPort" -PORT1=$(docker inspect "${CONTAINER1_NAME}" | jq -r ".[].NetworkSettings.Ports.\"80/tcp\"[0].HostPort") -docker inspect "${CONTAINER2_NAME}" | jq -r ".[].NetworkSettings.Ports.\"80/tcp\"[0].HostPort" -PORT2=$(docker inspect "${CONTAINER2_NAME}" | jq -r ".[].NetworkSettings.Ports.\"80/tcp\"[0].HostPort") -docker inspect "${CONTAINER3_NAME}" | jq -r ".[].NetworkSettings.Ports.\"80/tcp\"[0].HostPort" -PORT3=$(docker inspect "${CONTAINER3_NAME}" | jq -r ".[].NetworkSettings.Ports.\"80/tcp\"[0].HostPort") - -# run curl in loop (roundrobin) -for i in {1..10}; -do - echo "Attempt $i" - curl http://localhost:"${PORT1}" -done - -# run curl in loop for app1 route -for i in {1..10}; -do - echo "Attempt $i" - curl http://localhost:"${PORT1}"/app1 -done - -# run curl in loop for app2 route -for i in {1..10}; -do - echo "Attempt $i" - curl http://localhost:"${PORT1}"/app2 -done - -# Running curl for admin (disabled by acl) -curl http://localhost:"${PORT1}"/admin - -# run curl in loop (leastconn) -for i in {1..10}; -do - echo "Attempt $i" - curl http://localhost:"${PORT2}" -done - -# run curl in loop (source) -for i in {1..10}; -do - echo "Attempt $i" - curl http://localhost:"${PORT3}" -done \ No newline at end of file diff --git a/community_images/haproxy/ironbank/dc_coverage_tcp.sh b/community_images/haproxy/ironbank/dc_coverage_tcp.sh deleted file mode 100755 index ae247490cd..0000000000 --- a/community_images/haproxy/ironbank/dc_coverage_tcp.sh +++ /dev/null @@ -1,57 +0,0 @@ -#!/bin/bash - -set -x -set -e - -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -# shellcheck disable=SC1091 -. "${SCRIPTPATH}"/../../common/scripts/bash_helper.sh - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" - -# identity mode -CONTAINER1_NAME=haproxy-1 -# gzip mode -CONTAINER2_NAME=haproxy-2 -# deflate mode -CONTAINER3_NAME=haproxy-3 - - -# log for debugging -docker inspect "${CONTAINER1_NAME}" -docker inspect "${CONTAINER2_NAME}" -docker inspect "${CONTAINER3_NAME}" - -# finding ports -docker inspect "${CONTAINER1_NAME}" | jq -r ".[].NetworkSettings.Ports.\"80/tcp\"[0].HostPort" -PORT1=$(docker inspect "${CONTAINER1_NAME}" | jq -r ".[].NetworkSettings.Ports.\"80/tcp\"[0].HostPort") -docker inspect "${CONTAINER2_NAME}" | jq -r ".[].NetworkSettings.Ports.\"80/tcp\"[0].HostPort" -PORT2=$(docker inspect "${CONTAINER2_NAME}" | jq -r ".[].NetworkSettings.Ports.\"80/tcp\"[0].HostPort") -docker inspect "${CONTAINER3_NAME}" | jq -r ".[].NetworkSettings.Ports.\"80/tcp\"[0].HostPort" -PORT3=$(docker inspect "${CONTAINER3_NAME}" | jq -r ".[].NetworkSettings.Ports.\"80/tcp\"[0].HostPort") - -# run curl in loop (identity) -for i in {1..5}; -do - echo "Attempt $i" - curl http://localhost:"${PORT1}" -done - -# run curl in loop (gzip) -for i in {1..5}; -do - echo "Attempt $i" - curl http://localhost:"${PORT2}" -done - -# run curl in loop (deflate) -for i in {1..5}; -do - echo "Attempt $i" - curl http://localhost:"${PORT3}" -done \ No newline at end of file diff --git a/community_images/haproxy/ironbank/docker-compose-tcp.yml b/community_images/haproxy/ironbank/docker-compose-tcp.yml deleted file mode 100755 index 49d03d6e0a..0000000000 --- a/community_images/haproxy/ironbank/docker-compose-tcp.yml +++ /dev/null @@ -1,90 +0,0 @@ -version: '2' - -services: - python-flask-1: - image: python:3.6 - volumes: - - ./configs/sample-server/app:/app - container_name: python-flask-1 - cap_add: - - SYS_PTRACE - networks: - - haproxy - expose: - - "8080" - command: - - /bin/bash - - -c - - | - pip install flask==1.0.2 - python3 app/app.py - - python-flask-2: - image: python:3.6 - volumes: - - ./configs/sample-server/app:/app - container_name: python-flask-2 - cap_add: - - SYS_PTRACE - networks: - - haproxy - expose: - - "8080" - command: - - /bin/bash - - -c - - | - pip install flask==1.0.2 - python3 app/app.py - - haproxy-1: - image: ${HAPROXY_IMAGE_REPOSITORY}:${HAPROXY_IMAGE_TAG} - user: root - volumes: - - ./configs/tcp-mode/haproxy-tcp1.cfg:/usr/local/etc/haproxy/haproxy.cfg - container_name: haproxy-1 - networks: - - haproxy - cap_add: - - SYS_PTRACE - ports: - - '0.0.0.0::80' - depends_on: - - python-flask-1 - - python-flask-2 - - haproxy-2: - image: ${HAPROXY_IMAGE_REPOSITORY}:${HAPROXY_IMAGE_TAG} - user: root - volumes: - - ./configs/tcp-mode/haproxy-tcp2.cfg:/usr/local/etc/haproxy/haproxy.cfg - container_name: haproxy-2 - networks: - - haproxy - cap_add: - - SYS_PTRACE - ports: - - '0.0.0.0::80' - depends_on: - - python-flask-1 - - python-flask-2 - - haproxy-3: - image: ${HAPROXY_IMAGE_REPOSITORY}:${HAPROXY_IMAGE_TAG} - user: root - volumes: - - ./configs/tcp-mode/haproxy-tcp3.cfg:/usr/local/etc/haproxy/haproxy.cfg - container_name: haproxy-3 - networks: - - haproxy - cap_add: - - SYS_PTRACE - ports: - - '0.0.0.0::80' - depends_on: - - python-flask-1 - - python-flask-2 - -networks: - haproxy: - driver: bridge diff --git a/community_images/haproxy/ironbank/docker-compose.yml b/community_images/haproxy/ironbank/docker-compose.yml deleted file mode 100755 index 4dbadc85fd..0000000000 --- a/community_images/haproxy/ironbank/docker-compose.yml +++ /dev/null @@ -1,132 +0,0 @@ -version: '2' - -services: - python-flask-1: - image: python:3.6 - volumes: - - ./configs/sample-server/app:/app - container_name: python-flask-1 - cap_add: - - SYS_PTRACE - networks: - - haproxy - expose: - - "8080" - command: - - /bin/bash - - -c - - | - pip install flask==1.0.2 - python3 app/app.py - - python-flask-2: - image: python:3.6 - volumes: - - ./configs/sample-server/app:/app - container_name: python-flask-2 - cap_add: - - SYS_PTRACE - networks: - - haproxy - expose: - - "8080" - command: - - /bin/bash - - -c - - | - pip install flask==1.0.2 - python3 app/app.py - - python-flask-3: - image: python:3.6 - volumes: - - ./configs/sample-server/app:/app - container_name: python-flask-3 - cap_add: - - SYS_PTRACE - networks: - - haproxy - expose: - - "8080" - command: - - /bin/bash - - -c - - | - pip install flask==1.0.2 - python3 app/app.py - - python-flask-4: - image: python:3.6 - volumes: - - ./configs/sample-server/app:/app - container_name: python-flask-4 - cap_add: - - SYS_PTRACE - networks: - - haproxy - expose: - - "8080" - command: - - /bin/bash - - -c - - | - pip install flask==1.0.2 - python3 app/app.py - - haproxy-1: - image: ${HAPROXY_IMAGE_REPOSITORY}:${HAPROXY_IMAGE_TAG} - user: root - volumes: - - ./configs/http-mode/haproxy1.cfg:/usr/local/etc/haproxy/haproxy.cfg - container_name: haproxy-1 - networks: - - haproxy - cap_add: - - SYS_PTRACE - ports: - - '0.0.0.0::80' - depends_on: - - python-flask-1 - - python-flask-2 - - python-flask-3 - - python-flask-4 - - haproxy-2: - image: ${HAPROXY_IMAGE_REPOSITORY}:${HAPROXY_IMAGE_TAG} - user: root - volumes: - - ./configs/http-mode/haproxy2.cfg:/usr/local/etc/haproxy/haproxy.cfg - container_name: haproxy-2 - networks: - - haproxy - cap_add: - - SYS_PTRACE - ports: - - '0.0.0.0::80' - depends_on: - - python-flask-1 - - python-flask-2 - - python-flask-3 - - python-flask-4 - - haproxy-3: - image: ${HAPROXY_IMAGE_REPOSITORY}:${HAPROXY_IMAGE_TAG} - user: root - volumes: - - ./configs/http-mode/haproxy3.cfg:/usr/local/etc/haproxy/haproxy.cfg - container_name: haproxy-3 - networks: - - haproxy - cap_add: - - SYS_PTRACE - ports: - - '0.0.0.0::80' - depends_on: - - python-flask-1 - - python-flask-2 - - python-flask-3 - - python-flask-4 - -networks: - haproxy: - driver: bridge diff --git a/community_images/haproxy/ironbank/image.yml b/community_images/haproxy/ironbank/image.yml deleted file mode 100755 index 0cb360ffd3..0000000000 --- a/community_images/haproxy/ironbank/image.yml +++ /dev/null @@ -1,49 +0,0 @@ -name: haproxy-ib -official_name: HAProxy IronBank -official_website: http://www.haproxy.org/ -source_image_provider: Platform One -source_image_repo: registry1.dso.mil/ironbank/opensource/haproxy/haproxy24 -source_image_repo_link: https://registry1.dso.mil/harbor/projects/3/repositories/opensource%2Fhaproxy%2Fhaproxy24 -source_image_readme: https://repo1.dso.mil/dsop/opensource/haproxy/haproxy24/-/blob/development/README.md -rf_docker_link: rapidfort/haproxy24-ib -image_workflow_name: haproxy_ironbank -github_location: haproxy/ironbank -report_url: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fhaproxy%2Fhaproxy24 -usage_instructions: | - # Using docker run via bind mount: - $ docker run -d --name my-haproxy -v /path/to/etc/haproxy:/usr/local/etc/haproxy:ro --sysctl net.ipv4.ip_unprivileged_port_start=0 rapidfort/haproxy24-ib -what_is_text: | - HAProxy is a TCP proxy and a HTTP reverse proxy. It supports SSL termination and offloading, TCP and HTTP normalization, traffic regulation, caching and protection against DDoS attacks. -disclaimer: | - Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. -input_registry: - registry: registry1.dso.mil - account: ironbank -repo_sets: - - opensource/haproxy/haproxy24: - input_base_tag: "2.4." - output_repo: haproxy24-ib -runtimes: - - type: docker_compose - script: dc_coverage.sh - compose_file: docker-compose.yml - wait_time_sec: 120 - tls_certs: - generate: true - out_dir: certs - image_keys: - haproxy24-ib: - repository: "HAPROXY_IMAGE_REPOSITORY" - tag: "HAPROXY_IMAGE_TAG" - - type: docker_compose - script: dc_coverage_tcp.sh - compose_file: docker-compose-tcp.yml - wait_time_sec: 120 - tls_certs: - generate: true - out_dir: certs - image_keys: - haproxy24-ib: - repository: "HAPROXY_IMAGE_REPOSITORY" - tag: "HAPROXY_IMAGE_TAG" - diff --git a/community_images/haproxy/official/.rfignore b/community_images/haproxy/official/.rfignore deleted file mode 100644 index 1c799e0088..0000000000 --- a/community_images/haproxy/official/.rfignore +++ /dev/null @@ -1 +0,0 @@ -usr/share/common-licenses \ No newline at end of file diff --git a/community_images/haproxy/official/README.md b/community_images/haproxy/official/README.md deleted file mode 100644 index d66a3fe533..0000000000 --- a/community_images/haproxy/official/README.md +++ /dev/null @@ -1,144 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for HAProxy Official - -RapidFort’s container optimization process hardened this HAProxy Official container. This container is free to use and has no license limitations. - -It is the same as the [The Docker Community HAProxy Official][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is HAProxy Official? - -> HAProxy is a TCP proxy and a HTTP reverse proxy. It supports SSL termination and offloading, TCP and HTTP normalization, traffic regulation, caching and protection against DDoS attacks. - - -[Overview of HAProxy Official](http://www.haproxy.org/) - -Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - - -## How do I use this hardened HAProxy Official image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -# Using docker run via bind mount: -$ docker run -d --name my-haproxy -v /path/to/etc/haproxy:/usr/local/etc/haproxy:ro --sysctl net.ipv4.ip_unprivileged_port_start=0 rapidfort/haproxy-official - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [The Docker Community HAProxy Official][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [The Docker Community HAProxy Official][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/haproxy-official][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links -* [`2.7-dev8`, `2.7-dev`, `2.7-dev8-bullseye`, `2.7-dev-bullseye`](https://github.com/docker-library/haproxy/blob/cd1c198fc46e312fccf9818c5388494eb4a70f83/2.7/Dockerfile) -* [`2.6.6`, `2.6`, `lts`, `latest`, `2.6.6-bullseye`, `2.6-bullseye`, `lts-bullseye`, `bullseye`](https://github.com/docker-library/haproxy/blob/bfdb47e3bb0de8315bf08876d7720ab3f46ccc28/2.6/Dockerfile) -* [`2.5.9`, `2.5`, `2.5.9-bullseye`, `2.5-bullseye`](https://github.com/docker-library/haproxy/blob/18c82fca3a11dc33c652328275a13155de6b054b/2.5/Dockerfile) -* [`2.4.19`, `2.4`, `2.4.19-bullseye`, `2.4-bullseye`](https://github.com/docker-library/haproxy/blob/b07fcf19b4ee54ef37ffbf7241372961ddc97b8c/2.4/Dockerfile) -* [`2.2.25`, `2.2`, `2.2.25-bullseye`, `2.2-bullseye`](https://github.com/docker-library/haproxy/blob/241d8833cfd3498f40cbd733c4fa7bc53d46f5c7/2.2/Dockerfile) - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=haproxy-official&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fhaproxy?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=haproxy-official&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fhaproxy?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=haproxy-official&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fhaproxy?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=haproxy-official&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fhaproxy?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=haproxy-official&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fhaproxy?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=haproxy-official&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/haproxy-official?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/haproxy-official?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/haproxy/official/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/haproxy/official/assets/cve_reduction.webp - -[source-image-repo-link]: https://hub.docker.com/_/haproxy -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/haproxy-official diff --git a/community_images/haproxy/official/assets/cve_reduction.webp b/community_images/haproxy/official/assets/cve_reduction.webp deleted file mode 100644 index 5752e6af22..0000000000 Binary files a/community_images/haproxy/official/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/haproxy/official/assets/metrics.webp b/community_images/haproxy/official/assets/metrics.webp deleted file mode 100644 index 7624cbee7f..0000000000 Binary files a/community_images/haproxy/official/assets/metrics.webp and /dev/null differ diff --git a/community_images/haproxy/official/configs/http-mode/haproxy1.cfg b/community_images/haproxy/official/configs/http-mode/haproxy1.cfg deleted file mode 100644 index d7f51b1a77..0000000000 --- a/community_images/haproxy/official/configs/http-mode/haproxy1.cfg +++ /dev/null @@ -1,45 +0,0 @@ -global - maxconn 256 - spread-checks 3 - ca-base /etc/ssl/certs - crt-base /etc/ssl/private -frontend http-in - bind *:80 - mode http - timeout client 60s - - acl app1 path_end -i /app1 - acl app2 path_end -i /app2 - http-request deny if { path -i -m beg /admin } - - use_backend app1Servers if app1 - use_backend app2Servers if app2 - - default_backend flask - -backend app1Servers - timeout connect 10s - timeout server 10s - mode http - balance roundrobin - server web1 python-flask-1:8080 - server web2 python-flask-2:8080 - -backend app2Servers - timeout connect 10s - timeout server 15s - mode http - balance roundrobin - server web3 python-flask-3:8080 - server web4 python-flask-4:8080 - -backend flask - timeout connect 10s - timeout server 100s - mode http - balance roundrobin - server web1 python-flask-1:8080 - server web2 python-flask-2:8080 - server web3 python-flask-3:8080 - server web4 python-flask-4:8080 - diff --git a/community_images/haproxy/official/configs/http-mode/haproxy2.cfg b/community_images/haproxy/official/configs/http-mode/haproxy2.cfg deleted file mode 100644 index 51231f504a..0000000000 --- a/community_images/haproxy/official/configs/http-mode/haproxy2.cfg +++ /dev/null @@ -1,45 +0,0 @@ -global - maxconn 256 - spread-checks 3 - ca-base /etc/ssl/certs - crt-base /etc/ssl/private -frontend http-in - bind *:80 - mode http - timeout client 60s - - acl app1 path_end -i /app1 - acl app2 path_end -i /app2 - http-request deny if { path -i -m beg /admin } - - use_backend app1Servers if app1 - use_backend app2Servers if app2 - - default_backend flask - -backend app1Servers - timeout connect 10s - timeout server 10s - mode http - balance leastconn - server web1 python-flask-1:8080 - server web2 python-flask-2:8080 - -backend app2Servers - timeout connect 10s - timeout server 15s - mode http - balance leastconn - server web3 python-flask-3:8080 - server web4 python-flask-4:8080 - -backend flask - timeout connect 10s - timeout server 100s - mode http - balance leastconn - server web1 python-flask-1:8080 - server web2 python-flask-2:8080 - server web3 python-flask-3:8080 - server web4 python-flask-4:8080 - diff --git a/community_images/haproxy/official/configs/http-mode/haproxy3.cfg b/community_images/haproxy/official/configs/http-mode/haproxy3.cfg deleted file mode 100644 index 6fd4b93a6d..0000000000 --- a/community_images/haproxy/official/configs/http-mode/haproxy3.cfg +++ /dev/null @@ -1,45 +0,0 @@ -global - maxconn 256 - spread-checks 3 - ca-base /etc/ssl/certs - crt-base /etc/ssl/private -frontend http-in - bind *:80 - mode http - timeout client 60s - - acl app1 path_end -i /app1 - acl app2 path_end -i /app2 - http-request deny if { path -i -m beg /admin } - - use_backend app1Servers if app1 - use_backend app2Servers if app2 - - default_backend flask - -backend app1Servers - timeout connect 10s - timeout server 10s - mode http - balance source - server web1 python-flask-1:8080 - server web2 python-flask-2:8080 - -backend app2Servers - timeout connect 10s - timeout server 15s - mode http - balance source - server web3 python-flask-3:8080 - server web4 python-flask-4:8080 - -backend flask - timeout connect 10s - timeout server 100s - mode http - balance source - server web1 python-flask-1:8080 - server web2 python-flask-2:8080 - server web3 python-flask-3:8080 - server web4 python-flask-4:8080 - diff --git a/community_images/haproxy/official/configs/sample-server/app/app.py b/community_images/haproxy/official/configs/sample-server/app/app.py deleted file mode 100644 index 80df4dc430..0000000000 --- a/community_images/haproxy/official/configs/sample-server/app/app.py +++ /dev/null @@ -1,48 +0,0 @@ -""" Sample flask app for testing """ -import socket -from flask import Flask,render_template # pylint: disable=import-error - -app = Flask(__name__) - -@app.route("/") -def index(): - """ add index route """ - try: - host_name = socket.gethostname() - host_ip = socket.gethostbyname(host_name) - return render_template('index.html', hostname=host_name, ip=host_ip, message = "Home page") - except Exception as _: # pylint: disable=broad-except - return render_template('error.html') - -@app.route("/app1") -def app1(): - """ app1 route """ - try: - host_name = socket.gethostname() - host_ip = socket.gethostbyname(host_name) - return render_template('index.html', hostname=host_name, ip=host_ip, message = "App1 page") - except Exception as _: # pylint: disable=broad-except - return render_template('error.html') - -@app.route("/app2") -def app2(): - """ app2 route """ - try: - host_name = socket.gethostname() - host_ip = socket.gethostbyname(host_name) - return render_template('index.html', hostname=host_name, ip=host_ip, message = "App2 page") - except Exception as _: # pylint: disable=broad-except - return render_template('error.html') - -@app.route("/admin") -def admin(): - """ admin route """ - try: - host_name = socket.gethostname() - host_ip = socket.gethostbyname(host_name) - return render_template('index.html', hostname=host_name, ip=host_ip, message = "Admin page (privileged)") - except Exception as _: # pylint: disable=broad-except - return render_template('error.html') - -if __name__ == "__main__": - app.run(host='0.0.0.0', port=8080) diff --git a/community_images/haproxy/official/configs/sample-server/app/templates/error.html b/community_images/haproxy/official/configs/sample-server/app/templates/error.html deleted file mode 100644 index ade0fa0e74..0000000000 --- a/community_images/haproxy/official/configs/sample-server/app/templates/error.html +++ /dev/null @@ -1,10 +0,0 @@ - - - - - Error Occurred - - - Can not print the IP address of the container - - \ No newline at end of file diff --git a/community_images/haproxy/official/configs/sample-server/app/templates/index.html b/community_images/haproxy/official/configs/sample-server/app/templates/index.html deleted file mode 100644 index 83abebc03a..0000000000 --- a/community_images/haproxy/official/configs/sample-server/app/templates/index.html +++ /dev/null @@ -1,10 +0,0 @@ - - - - - {{ message }} - - -The hostname of the container is {{ hostname }} and its IP is {{ ip }}. - - \ No newline at end of file diff --git a/community_images/haproxy/official/configs/tcp-mode/haproxy-tcp1.cfg b/community_images/haproxy/official/configs/tcp-mode/haproxy-tcp1.cfg deleted file mode 100644 index c6f4424358..0000000000 --- a/community_images/haproxy/official/configs/tcp-mode/haproxy-tcp1.cfg +++ /dev/null @@ -1,48 +0,0 @@ -global - log 127.0.0.1 local0 - cpu-map 1-4 0-3 - chroot /var/lib/haproxy - mworker-max-reloads 3 - maxconn 256 - uid 99 - gid 99 - user root - hard-stop-after 100s - pidfile ./haproxy.pidfile - stats socket /tmp/haproxy - set-dumpable - server-state-file /etc/haproxy/state/current - setenv IMAGEFILEENDINGS ".gif .jpg .png" - strict-limits - no busy-polling - spread-checks 5 - max-spread-checks 15000 - maxcompcpuusage 90 - ssl-default-bind-ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS - ssl-default-bind-options no-sslv3 no-tls-tickets - ssl-default-server-ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS - ssl-default-server-options no-sslv3 no-tls-tickets - -defaults - timeout queue 100s - option checkcache - option httpchk - option tcplog - load-server-state-from-file global - compression algo identity - -frontend http-in - bind *:80 - timeout client 60s - default_backend flask - capture cookie ASPSESSION len 32 - -backend flask - timeout connect 10s - timeout server 100s - mode tcp - fullconn 10000 - balance roundrobin - server web1 python-flask-1:8080 - server web2 python-flask-2:8080 - diff --git a/community_images/haproxy/official/configs/tcp-mode/haproxy-tcp2.cfg b/community_images/haproxy/official/configs/tcp-mode/haproxy-tcp2.cfg deleted file mode 100644 index fe7530a0ea..0000000000 --- a/community_images/haproxy/official/configs/tcp-mode/haproxy-tcp2.cfg +++ /dev/null @@ -1,48 +0,0 @@ -global - log 127.0.0.1 local0 - cpu-map 1-4 0-3 - chroot /var/lib/haproxy - mworker-max-reloads 3 - maxconn 256 - uid 99 - gid 99 - user root - hard-stop-after 100s - pidfile ./haproxy.pidfile - stats socket /tmp/haproxy - set-dumpable - server-state-file /etc/haproxy/state/current - setenv IMAGEFILEENDINGS ".gif .jpg .png" - strict-limits - no busy-polling - spread-checks 5 - max-spread-checks 15000 - maxcompcpuusage 90 - ssl-default-bind-ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS - ssl-default-bind-options no-sslv3 no-tls-tickets - ssl-default-server-ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS - ssl-default-server-options no-sslv3 no-tls-tickets - -defaults - timeout queue 100s - option checkcache - option httpchk - option tcplog - load-server-state-from-file global - compression algo gzip - -frontend http-in - bind *:80 - timeout client 60s - default_backend flask - capture cookie ASPSESSION len 32 - -backend flask - timeout connect 10s - timeout server 100s - mode tcp - fullconn 10000 - balance roundrobin - server web1 python-flask-1:8080 - server web2 python-flask-2:8080 - diff --git a/community_images/haproxy/official/configs/tcp-mode/haproxy-tcp3.cfg b/community_images/haproxy/official/configs/tcp-mode/haproxy-tcp3.cfg deleted file mode 100644 index 6c0b86f553..0000000000 --- a/community_images/haproxy/official/configs/tcp-mode/haproxy-tcp3.cfg +++ /dev/null @@ -1,48 +0,0 @@ -global - log 127.0.0.1 local0 - cpu-map 1-4 0-3 - chroot /var/lib/haproxy - mworker-max-reloads 3 - maxconn 256 - uid 99 - gid 99 - user root - hard-stop-after 100s - pidfile ./haproxy.pidfile - stats socket /tmp/haproxy - set-dumpable - server-state-file /etc/haproxy/state/current - setenv IMAGEFILEENDINGS ".gif .jpg .png" - strict-limits - no busy-polling - spread-checks 5 - max-spread-checks 15000 - maxcompcpuusage 90 - ssl-default-bind-ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS - ssl-default-bind-options no-sslv3 no-tls-tickets - ssl-default-server-ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS - ssl-default-server-options no-sslv3 no-tls-tickets - -defaults - timeout queue 100s - option checkcache - option httpchk - option tcplog - load-server-state-from-file global - compression algo deflate - -frontend http-in - bind *:80 - timeout client 60s - default_backend flask - capture cookie ASPSESSION len 32 - -backend flask - timeout connect 10s - timeout server 100s - mode tcp - fullconn 10000 - balance roundrobin - server web1 python-flask-1:8080 - server web2 python-flask-2:8080 - diff --git a/community_images/haproxy/official/dc_coverage.sh b/community_images/haproxy/official/dc_coverage.sh deleted file mode 100755 index 4ea04d8fee..0000000000 --- a/community_images/haproxy/official/dc_coverage.sh +++ /dev/null @@ -1,73 +0,0 @@ -#!/bin/bash - -set -x -set -e - -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -# shellcheck disable=SC1091 -. "${SCRIPTPATH}"/../../common/scripts/bash_helper.sh - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" - -# roundrobin mode -CONTAINER1_NAME=haproxy-1 -# leastconn mode -CONTAINER2_NAME=haproxy-2 -# source mode -CONTAINER3_NAME=haproxy-3 - -# log for debugging -docker inspect "${CONTAINER1_NAME}" -docker inspect "${CONTAINER2_NAME}" -docker inspect "${CONTAINER3_NAME}" - -# finding ports -docker inspect "${CONTAINER1_NAME}" | jq -r ".[].NetworkSettings.Ports.\"80/tcp\"[0].HostPort" -PORT1=$(docker inspect "${CONTAINER1_NAME}" | jq -r ".[].NetworkSettings.Ports.\"80/tcp\"[0].HostPort") -docker inspect "${CONTAINER2_NAME}" | jq -r ".[].NetworkSettings.Ports.\"80/tcp\"[0].HostPort" -PORT2=$(docker inspect "${CONTAINER2_NAME}" | jq -r ".[].NetworkSettings.Ports.\"80/tcp\"[0].HostPort") -docker inspect "${CONTAINER3_NAME}" | jq -r ".[].NetworkSettings.Ports.\"80/tcp\"[0].HostPort" -PORT3=$(docker inspect "${CONTAINER3_NAME}" | jq -r ".[].NetworkSettings.Ports.\"80/tcp\"[0].HostPort") - -# run curl in loop (roundrobin) -for i in {1..10}; -do - echo "Attempt $i" - curl http://localhost:"${PORT1}" -done - -# run curl in loop for app1 route -for i in {1..10}; -do - echo "Attempt $i" - curl http://localhost:"${PORT1}"/app1 -done - -# run curl in loop for app2 route -for i in {1..10}; -do - echo "Attempt $i" - curl http://localhost:"${PORT1}"/app2 -done - -# Running curl for admin (disabled by acl) -curl http://localhost:"${PORT1}"/admin - -# run curl in loop (leastconn) -for i in {1..10}; -do - echo "Attempt $i" - curl http://localhost:"${PORT2}" -done - -# run curl in loop (source) -for i in {1..10}; -do - echo "Attempt $i" - curl http://localhost:"${PORT3}" -done \ No newline at end of file diff --git a/community_images/haproxy/official/dc_coverage_tcp.sh b/community_images/haproxy/official/dc_coverage_tcp.sh deleted file mode 100755 index ae247490cd..0000000000 --- a/community_images/haproxy/official/dc_coverage_tcp.sh +++ /dev/null @@ -1,57 +0,0 @@ -#!/bin/bash - -set -x -set -e - -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -# shellcheck disable=SC1091 -. "${SCRIPTPATH}"/../../common/scripts/bash_helper.sh - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" - -# identity mode -CONTAINER1_NAME=haproxy-1 -# gzip mode -CONTAINER2_NAME=haproxy-2 -# deflate mode -CONTAINER3_NAME=haproxy-3 - - -# log for debugging -docker inspect "${CONTAINER1_NAME}" -docker inspect "${CONTAINER2_NAME}" -docker inspect "${CONTAINER3_NAME}" - -# finding ports -docker inspect "${CONTAINER1_NAME}" | jq -r ".[].NetworkSettings.Ports.\"80/tcp\"[0].HostPort" -PORT1=$(docker inspect "${CONTAINER1_NAME}" | jq -r ".[].NetworkSettings.Ports.\"80/tcp\"[0].HostPort") -docker inspect "${CONTAINER2_NAME}" | jq -r ".[].NetworkSettings.Ports.\"80/tcp\"[0].HostPort" -PORT2=$(docker inspect "${CONTAINER2_NAME}" | jq -r ".[].NetworkSettings.Ports.\"80/tcp\"[0].HostPort") -docker inspect "${CONTAINER3_NAME}" | jq -r ".[].NetworkSettings.Ports.\"80/tcp\"[0].HostPort" -PORT3=$(docker inspect "${CONTAINER3_NAME}" | jq -r ".[].NetworkSettings.Ports.\"80/tcp\"[0].HostPort") - -# run curl in loop (identity) -for i in {1..5}; -do - echo "Attempt $i" - curl http://localhost:"${PORT1}" -done - -# run curl in loop (gzip) -for i in {1..5}; -do - echo "Attempt $i" - curl http://localhost:"${PORT2}" -done - -# run curl in loop (deflate) -for i in {1..5}; -do - echo "Attempt $i" - curl http://localhost:"${PORT3}" -done \ No newline at end of file diff --git a/community_images/haproxy/official/docker-compose-tcp.yml b/community_images/haproxy/official/docker-compose-tcp.yml deleted file mode 100755 index 8272ce9063..0000000000 --- a/community_images/haproxy/official/docker-compose-tcp.yml +++ /dev/null @@ -1,90 +0,0 @@ -version: '2' - -services: - python-flask-1: - image: python:3.6 - volumes: - - ./configs/sample-server/app:/app - container_name: python-flask-1 - cap_add: - - SYS_PTRACE - networks: - - haproxy - expose: - - "8080" - command: - - /bin/bash - - -c - - | - pip install flask==1.0.2 - python3 app/app.py - - python-flask-2: - image: python:3.6 - volumes: - - ./configs/sample-server/app:/app - container_name: python-flask-2 - cap_add: - - SYS_PTRACE - networks: - - haproxy - expose: - - "8080" - command: - - /bin/bash - - -c - - | - pip install flask==1.0.2 - python3 app/app.py - - haproxy-1: - image: ${HAPROXY_OFFICIAL_IMAGE_REPOSITORY}:${HAPROXY_OFFICIAL_IMAGE_TAG} - user: root - volumes: - - ./configs/tcp-mode/haproxy-tcp1.cfg:/usr/local/etc/haproxy/haproxy.cfg - container_name: haproxy-1 - networks: - - haproxy - cap_add: - - SYS_PTRACE - ports: - - '0.0.0.0::80' - depends_on: - - python-flask-1 - - python-flask-2 - - haproxy-2: - image: ${HAPROXY_OFFICIAL_IMAGE_REPOSITORY}:${HAPROXY_OFFICIAL_IMAGE_TAG} - user: root - volumes: - - ./configs/tcp-mode/haproxy-tcp2.cfg:/usr/local/etc/haproxy/haproxy.cfg - container_name: haproxy-2 - networks: - - haproxy - cap_add: - - SYS_PTRACE - ports: - - '0.0.0.0::80' - depends_on: - - python-flask-1 - - python-flask-2 - - haproxy-3: - image: ${HAPROXY_OFFICIAL_IMAGE_REPOSITORY}:${HAPROXY_OFFICIAL_IMAGE_TAG} - user: root - volumes: - - ./configs/tcp-mode/haproxy-tcp3.cfg:/usr/local/etc/haproxy/haproxy.cfg - container_name: haproxy-3 - networks: - - haproxy - cap_add: - - SYS_PTRACE - ports: - - '0.0.0.0::80' - depends_on: - - python-flask-1 - - python-flask-2 - -networks: - haproxy: - driver: bridge diff --git a/community_images/haproxy/official/docker-compose.yml b/community_images/haproxy/official/docker-compose.yml deleted file mode 100755 index 30171449c2..0000000000 --- a/community_images/haproxy/official/docker-compose.yml +++ /dev/null @@ -1,132 +0,0 @@ -version: '2' - -services: - python-flask-1: - image: python:3.6 - volumes: - - ./configs/sample-server/app:/app - container_name: python-flask-1 - cap_add: - - SYS_PTRACE - networks: - - haproxy - expose: - - "8080" - command: - - /bin/bash - - -c - - | - pip install flask==1.0.2 - python3 app/app.py - - python-flask-2: - image: python:3.6 - volumes: - - ./configs/sample-server/app:/app - container_name: python-flask-2 - cap_add: - - SYS_PTRACE - networks: - - haproxy - expose: - - "8080" - command: - - /bin/bash - - -c - - | - pip install flask==1.0.2 - python3 app/app.py - - python-flask-3: - image: python:3.6 - volumes: - - ./configs/sample-server/app:/app - container_name: python-flask-3 - cap_add: - - SYS_PTRACE - networks: - - haproxy - expose: - - "8080" - command: - - /bin/bash - - -c - - | - pip install flask==1.0.2 - python3 app/app.py - - python-flask-4: - image: python:3.6 - volumes: - - ./configs/sample-server/app:/app - container_name: python-flask-4 - cap_add: - - SYS_PTRACE - networks: - - haproxy - expose: - - "8080" - command: - - /bin/bash - - -c - - | - pip install flask==1.0.2 - python3 app/app.py - - haproxy-1: - image: ${HAPROXY_OFFICIAL_IMAGE_REPOSITORY}:${HAPROXY_OFFICIAL_IMAGE_TAG} - user: root - volumes: - - ./configs/http-mode/haproxy1.cfg:/usr/local/etc/haproxy/haproxy.cfg - container_name: haproxy-1 - networks: - - haproxy - cap_add: - - SYS_PTRACE - ports: - - '0.0.0.0::80' - depends_on: - - python-flask-1 - - python-flask-2 - - python-flask-3 - - python-flask-4 - - haproxy-2: - image: ${HAPROXY_OFFICIAL_IMAGE_REPOSITORY}:${HAPROXY_OFFICIAL_IMAGE_TAG} - user: root - volumes: - - ./configs/http-mode/haproxy2.cfg:/usr/local/etc/haproxy/haproxy.cfg - container_name: haproxy-2 - networks: - - haproxy - cap_add: - - SYS_PTRACE - ports: - - '0.0.0.0::80' - depends_on: - - python-flask-1 - - python-flask-2 - - python-flask-3 - - python-flask-4 - - haproxy-3: - image: ${HAPROXY_OFFICIAL_IMAGE_REPOSITORY}:${HAPROXY_OFFICIAL_IMAGE_TAG} - user: root - volumes: - - ./configs/http-mode/haproxy3.cfg:/usr/local/etc/haproxy/haproxy.cfg - container_name: haproxy-3 - networks: - - haproxy - cap_add: - - SYS_PTRACE - ports: - - '0.0.0.0::80' - depends_on: - - python-flask-1 - - python-flask-2 - - python-flask-3 - - python-flask-4 - -networks: - haproxy: - driver: bridge diff --git a/community_images/haproxy/official/image.yml b/community_images/haproxy/official/image.yml deleted file mode 100644 index d40b061eef..0000000000 --- a/community_images/haproxy/official/image.yml +++ /dev/null @@ -1,65 +0,0 @@ -name: haproxy-official -official_name: HAProxy Official -official_website: http://www.haproxy.org/ -source_image_provider: The Docker Community -source_image_repo: docker.io/library/haproxy -source_image_repo_link: https://hub.docker.com/_/haproxy -source_image_readme: https://github.com/docker-library/docs/blob/master/haproxy/README.md -rf_docker_link: rapidfort/haproxy-official -image_workflow_name: haproxy_official -github_location: haproxy/official -report_url: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fhaproxy -usage_instructions: | - # Using docker run via bind mount: - $ docker run -d --name my-haproxy -v /path/to/etc/haproxy:/usr/local/etc/haproxy:ro --sysctl net.ipv4.ip_unprivileged_port_start=0 rapidfort/haproxy-official -what_is_text: | - HAProxy is a TCP proxy and a HTTP reverse proxy. It supports SSL termination and offloading, TCP and HTTP normalization, traffic regulation, caching and protection against DDoS attacks. -disclaimer: | - Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. -docker_links: - - "[`2.7-dev8`, `2.7-dev`, `2.7-dev8-bullseye`, `2.7-dev-bullseye`](https://github.com/docker-library/haproxy/blob/cd1c198fc46e312fccf9818c5388494eb4a70f83/2.7/Dockerfile)" - - "[`2.6.6`, `2.6`, `lts`, `latest`, `2.6.6-bullseye`, `2.6-bullseye`, `lts-bullseye`, `bullseye`](https://github.com/docker-library/haproxy/blob/bfdb47e3bb0de8315bf08876d7720ab3f46ccc28/2.6/Dockerfile)" - - "[`2.5.9`, `2.5`, `2.5.9-bullseye`, `2.5-bullseye`](https://github.com/docker-library/haproxy/blob/18c82fca3a11dc33c652328275a13155de6b054b/2.5/Dockerfile)" - - "[`2.4.19`, `2.4`, `2.4.19-bullseye`, `2.4-bullseye`](https://github.com/docker-library/haproxy/blob/b07fcf19b4ee54ef37ffbf7241372961ddc97b8c/2.4/Dockerfile)" - - "[`2.2.25`, `2.2`, `2.2.25-bullseye`, `2.2-bullseye`](https://github.com/docker-library/haproxy/blob/241d8833cfd3498f40cbd733c4fa7bc53d46f5c7/2.2/Dockerfile)" -input_registry: - registry: docker.io - account: library -repo_sets: - - haproxy: - input_base_tag: "2.*-dev8-bullseye" - output_repo: haproxy-official - - haproxy: - input_base_tag: "2.6.*-bullseye" - output_repo: haproxy-official - - haproxy: - input_base_tag: "2.5.*-bullseye" - output_repo: haproxy-official - - haproxy: - input_base_tag: "2.4.*-bullseye" - output_repo: haproxy-official - - haproxy: - input_base_tag: "2.2.*-bullseye" - output_repo: haproxy-official -runtimes: - - type: docker_compose - script: dc_coverage.sh - compose_file: docker-compose.yml - tls_certs: - generate: true - out_dir: certs - image_keys: - haproxy-official: - repository: "HAPROXY_OFFICIAL_IMAGE_REPOSITORY" - tag: "HAPROXY_OFFICIAL_IMAGE_TAG" - - type: docker_compose - script: dc_coverage_tcp.sh - compose_file: docker-compose-tcp.yml - tls_certs: - generate: true - out_dir: certs - image_keys: - haproxy-official: - repository: "HAPROXY_OFFICIAL_IMAGE_REPOSITORY" - tag: "HAPROXY_OFFICIAL_IMAGE_TAG" - diff --git a/community_images/influxdb/bitnami/.rfignore b/community_images/influxdb/bitnami/.rfignore deleted file mode 100644 index 35774bb2ea..0000000000 --- a/community_images/influxdb/bitnami/.rfignore +++ /dev/null @@ -1,4 +0,0 @@ -opt/bitnami/common/licenses -opt/bitnami/influxdb/licenses -opt/bitnami/licenses -usr/share/common-licenses diff --git a/community_images/influxdb/bitnami/README.md b/community_images/influxdb/bitnami/README.md deleted file mode 100644 index 6ba69395d6..0000000000 --- a/community_images/influxdb/bitnami/README.md +++ /dev/null @@ -1,142 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for InfluxDB™ - -RapidFort’s container optimization process hardened this InfluxDB™ container. This container is free to use and has no license limitations. - -It is the same as the [Bitnami InfluxDB™][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is InfluxDB™? - -> InfluxDB is a time series database built from the ground up to handle high write and query loads. InfluxDB is meant to be used as a backing store for any use case involving large amounts of timestamped data, including DevOps monitoring, application metrics, IoT sensor data, and real-time analytics. - - -[Overview of InfluxDB™](https://www.influxdata.com/products/influxdb-overview) - -InfluxDB(TM) is a trademark owned by InfluxData, which is not affiliated with, and does not endorse, this site. - - -## How do I use this hardened InfluxDB™ image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -$ helm repo add bitnami https://charts.bitnami.com/bitnami - -# install influxdb, just replace repository with RapidFort registry -$ helm install my-influxdb bitnami/influxdb --set image.repository=rapidfort/influxdb - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [Bitnami InfluxDB™][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [Bitnami InfluxDB™][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/influxdb][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links -* [`2`, `2-debian-11`, `2.7.4`, `2.7.4-debian-11-r` (2/debian-11/Dockerfile)](https://github.com/bitnami/containers/tree/main/bitnami/influxdb/2/debian-11/Dockerfile) - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=influxdb&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Finfluxdb?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=influxdb&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Finfluxdb?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=influxdb&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Finfluxdb?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=influxdb&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Finfluxdb?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=influxdb&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Finfluxdb?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=influxdb&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/influxdb?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/influxdb?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/influxdb/bitnami/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/influxdb/bitnami/assets/cve_reduction.webp - -[source-image-repo-link]: https://hub.docker.com/r/bitnami/influxdb -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/influxdb diff --git a/community_images/influxdb/bitnami/assets/cve_reduction.webp b/community_images/influxdb/bitnami/assets/cve_reduction.webp deleted file mode 100644 index 782bf0acda..0000000000 Binary files a/community_images/influxdb/bitnami/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/influxdb/bitnami/assets/metrics.webp b/community_images/influxdb/bitnami/assets/metrics.webp deleted file mode 100644 index eb1b95aaed..0000000000 Binary files a/community_images/influxdb/bitnami/assets/metrics.webp and /dev/null differ diff --git a/community_images/influxdb/bitnami/dc_coverage.sh b/community_images/influxdb/bitnami/dc_coverage.sh deleted file mode 100755 index f1e9de1475..0000000000 --- a/community_images/influxdb/bitnami/dc_coverage.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -set -x -set -e - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" diff --git a/community_images/influxdb/bitnami/docker-compose.yml b/community_images/influxdb/bitnami/docker-compose.yml deleted file mode 100644 index 3fed4ad698..0000000000 --- a/community_images/influxdb/bitnami/docker-compose.yml +++ /dev/null @@ -1,20 +0,0 @@ -version: '2' -services: - influxdb: - image: ${INFLUXDB_IMAGE_REPOSITORY}:${INFLUXDB_IMAGE_TAG} - cap_add: - - SYS_PTRACE - ports: - - 8086:8086 - - 8088:8088 - environment: - - INFLUXDB_ADMIN_USER_PASSWORD=bitnami123 - - INFLUXDB_ADMIN_USER_TOKEN=admintoken123 - - INFLUXDB_USER=my_user - - INFLUXDB_USER_PASSWORD=my_password - - INFLUXDB_DB=my_database - volumes: - - influxdb_data:/bitnami/influxdb -volumes: - influxdb_data: - driver: local diff --git a/community_images/influxdb/bitnami/docker.env b/community_images/influxdb/bitnami/docker.env deleted file mode 100644 index 6b520ad4b3..0000000000 --- a/community_images/influxdb/bitnami/docker.env +++ /dev/null @@ -1,5 +0,0 @@ -INFLUXDB_ADMIN_USER_PASSWORD="bitnami123" -INFLUXDB_ADMIN_USER_TOKEN="admintoken123" -INFLUXDB_USER="my_user" -INFLUXDB_USER_PASSWORD="my_password" -INFLUXDB_DB="my_database" diff --git a/community_images/influxdb/bitnami/docker_coverage.sh b/community_images/influxdb/bitnami/docker_coverage.sh deleted file mode 100755 index 109008160b..0000000000 --- a/community_images/influxdb/bitnami/docker_coverage.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -set -x -set -e - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker coverage = $JSON" diff --git a/community_images/influxdb/bitnami/image.yml b/community_images/influxdb/bitnami/image.yml deleted file mode 100644 index 254464a9ea..0000000000 --- a/community_images/influxdb/bitnami/image.yml +++ /dev/null @@ -1,49 +0,0 @@ -name: influxdb -official_name: InfluxDB™ -official_website: https://www.influxdata.com/products/influxdb-overview -source_image_provider: Bitnami -source_image_repo: docker.io/bitnami/influxdb -source_image_repo_link: https://hub.docker.com/r/bitnami/influxdb -source_image_readme: https://github.com/bitnami/containers/blob/main/bitnami/influxdb/README.md -rf_docker_link: rapidfort/influxdb -image_workflow_name: influxdb_bitnami -github_location: influxdb/bitnami -report_url: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Finfluxdb -usage_instructions: | - $ helm repo add bitnami https://charts.bitnami.com/bitnami - - # install influxdb, just replace repository with RapidFort registry - $ helm install my-influxdb bitnami/influxdb --set image.repository=rapidfort/influxdb -what_is_text: | - InfluxDB is a time series database built from the ground up to handle high write and query loads. InfluxDB is meant to be used as a backing store for any use case involving large amounts of timestamped data, including DevOps monitoring, application metrics, IoT sensor data, and real-time analytics. -disclaimer: | - InfluxDB(TM) is a trademark owned by InfluxData, which is not affiliated with, and does not endorse, this site. -input_registry: - registry: docker.io - account: bitnami -repo_sets: - - influxdb: - input_base_tag: "2.7.1-debian-11-r" -runtimes: - - type: k8s - script: k8s_coverage.sh - helm: - repo: bitnami - repo_url: https://charts.bitnami.com/bitnami - chart: influxdb - image_keys: - influxdb: - repository: "image.repository" - tag: "image.tag" - override_file: "overrides.yml" - - type: docker_compose - script: dc_coverage.sh - compose_file: docker-compose.yml - image_keys: - influxdb: - repository: "INFLUXDB_IMAGE_REPOSITORY" - tag: "INFLUXDB_IMAGE_TAG" - - type: docker - script: docker_coverage.sh - influxdb: - env_file: docker.env diff --git a/community_images/influxdb/bitnami/k8s_coverage.sh b/community_images/influxdb/bitnami/k8s_coverage.sh deleted file mode 100755 index 001d4f89ed..0000000000 --- a/community_images/influxdb/bitnami/k8s_coverage.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash - -set -x -set -e - -# shellcheck disable=SC1091 -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -JSON_PARAMS="$1" - -NAMESPACE=$(jq -r '.namespace_name' < "$JSON_PARAMS") -RELEASE_NAME=$(jq -r '.release_name' < "$JSON_PARAMS") -REPOSITORY=influxdb - -# get pod name -POD_NAME=$(kubectl -n "${NAMESPACE}" get pods -l app.kubernetes.io/name="$REPOSITORY" -o jsonpath="{.items[0].metadata.name}") - -# get influxdb token -INFLUXDB_TOKEN=$(kubectl get secret --namespace "${NAMESPACE}" "${RELEASE_NAME}" -o jsonpath="{.data.admin-user-token}" | base64 --decode) - -# copy tests into container -kubectl -n "${NAMESPACE}" cp "${SCRIPTPATH}"/tests/example.csv "${POD_NAME}":/tmp/example.csv -kubectl -n "${NAMESPACE}" cp "${SCRIPTPATH}"/tests/query.flux "${POD_NAME}":/tmp/query.flux - -# write data to db -kubectl -n "${NAMESPACE}" exec -it "${POD_NAME}" -- /bin/bash -c "influx write -t $INFLUXDB_TOKEN -b primary --org-id primary -f /tmp/example.csv" - -# run query on db -kubectl -n "${NAMESPACE}" exec -i "${POD_NAME}" -- influx query -t "$INFLUXDB_TOKEN" --org primary -f /tmp/query.flux diff --git a/community_images/influxdb/bitnami/overrides.yml b/community_images/influxdb/bitnami/overrides.yml deleted file mode 100644 index 1f18399c09..0000000000 --- a/community_images/influxdb/bitnami/overrides.yml +++ /dev/null @@ -1,28 +0,0 @@ -image: - pullSecrets: ["rf-regcred"] - pullPolicy: Always -influxdb: - containerSecurityContext: - enabled: true - runAsUser: 1001 - allowPrivilegeEscalation: true - capabilities: - add: ["SYS_PTRACE"] - extraEnvVars: - - name: "RF_VERBOSE" - value: "0" - livenessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 - readinessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 -auth: - admin: - username: admin - password: bitnami123 - token: admintoken123 -auth: - user: - username: my_user - password: my_password diff --git a/community_images/influxdb/bitnami/tests/example.csv b/community_images/influxdb/bitnami/tests/example.csv deleted file mode 100644 index 4bb88bedc9..0000000000 --- a/community_images/influxdb/bitnami/tests/example.csv +++ /dev/null @@ -1,8 +0,0 @@ -#datatype measurement,tag,double,dateTime:RFC3339 -m,host,used_percent,time -mem,host1,64.23,2020-01-01T00:00:00Z -mem,host2,72.01,2020-01-01T00:00:00Z -mem,host1,62.61,2020-01-01T00:00:10Z -mem,host2,72.98,2020-01-01T00:00:10Z -mem,host1,63.40,2020-01-01T00:00:20Z -mem,host2,73.77,2020-01-01T00:00:20Z \ No newline at end of file diff --git a/community_images/influxdb/bitnami/tests/query.flux b/community_images/influxdb/bitnami/tests/query.flux deleted file mode 100644 index d1d25ab415..0000000000 --- a/community_images/influxdb/bitnami/tests/query.flux +++ /dev/null @@ -1,2 +0,0 @@ -from(bucket: "primary") - |> range(start: -10y) diff --git a/community_images/kong/official/README.md b/community_images/kong/official/README.md deleted file mode 100644 index d155c2083f..0000000000 --- a/community_images/kong/official/README.md +++ /dev/null @@ -1,142 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for Kong - -RapidFort’s container optimization process hardened this Kong container. This container is free to use and has no license limitations. - -It is the same as the [The Kong Docker Maintainers Kong][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is Kong? - -> Kong or Kong API Gateway is a cloud-native, platform-agnostic, scalable API Gateway distinguished for its high performance and extensibility via plugins. - -By providing functionality for proxying, routing, load balancing, health checking, authentication (and more), Kong serves as the central layer for orchestrating microservices or conventional API traffic with ease. - - -[Overview of Kong](https://konghq.com) - -Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - - -## How do I use this hardened Kong image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -# Start the Gateway stack using -$ docker-compose up - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [The Kong Docker Maintainers Kong][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [The Kong Docker Maintainers Kong][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/kong][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links -* [`3.x.x-ubuntu`, `3.x-ubuntu`, `ubuntu`, (latest/Dockerfile)](https://github.com/Kong/docker-kong/blob/5a2610d900717a4a6c8ee98bc421d0d4599b126f/ubuntu/Dockerfile) - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=kong&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fkong?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=kong&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fkong?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=kong&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fkong?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=kong&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fkong?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=kong&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fkong?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=kong&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/kong?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/kong?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/kong/official/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/kong/official/assets/cve_reduction.webp - -[source-image-repo-link]: https://hub.docker.com/_/kong -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/kong diff --git a/community_images/kong/official/assets/cve_reduction.webp b/community_images/kong/official/assets/cve_reduction.webp deleted file mode 100644 index e88d6df4c4..0000000000 Binary files a/community_images/kong/official/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/kong/official/assets/metrics.webp b/community_images/kong/official/assets/metrics.webp deleted file mode 100644 index b695d04f49..0000000000 Binary files a/community_images/kong/official/assets/metrics.webp and /dev/null differ diff --git a/community_images/kong/official/dc_coverage.sh b/community_images/kong/official/dc_coverage.sh deleted file mode 100755 index ea5b5729dc..0000000000 --- a/community_images/kong/official/dc_coverage.sh +++ /dev/null @@ -1,182 +0,0 @@ -#!/bin/bash - -set -x -set -e - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" - -# PROJECT_NAME=$(jq -r '.project_name' < "$JSON_PARAMS") - -####################### -## SERVICES & ROUTES ## -####################### -# Add a new service -curl -i -s -X POST http://localhost:8001/services \ - --data name=example_service \ - --data url='http://mockbin.org' -# Get services -curl -i -X GET --url http://localhost:8001/services - -# Get example_service -curl -X GET http://localhost:8001/services/example_service - -# Update a service -curl --request PATCH \ - --url localhost:8001/services/example_service \ - --data retries=6 - -# Create a route to the service -curl -i -X POST http://localhost:8001/services/example_service/routes \ - --data 'paths[]=/mock' \ - --data name=example_route -# Get the route -curl -X GET http://localhost:8001/services/example_service/routes/example_route -# Update route -curl --request PATCH \ - --url localhost:8001/services/example_service/routes/example_route \ - --data tags="tutorial" -# List routes -curl http://localhost:8001/routes - -# Access application via the Kong Route on data plane (8000) -curl -X GET http://localhost:8000/mock -# Use Mockbib echo request -curl -X GET http://localhost:8000/mock/requests - -## END SERVICES & ROUTES ## - -################### -## RATE LIMITING ## -################### -# Enable rate limiting plugin -curl -i -X POST http://localhost:8001/plugins \ - --data name=rate-limiting \ - --data config.minute=5 \ - --data config.policy=local - -# Validate rate limiting -for _ in {1..6}; do curl -i localhost:8000/mock/request; echo; sleep 1; done - -# Service level rate limiting -curl -X POST http://localhost:8001/services/example_service/plugins \ - --data "name=rate-limiting" \ - --data config.minute=4 \ - --data config.policy=local -# Route level rate limiting -curl -X POST http://localhost:8001/routes/example_route/plugins \ - --data "name=rate-limiting" \ - --data config.minute=3 \ - --data config.policy=local -# Consumer level rate limiting -curl -X POST http://localhost:8001/consumers/ \ - --data username=ddooley -curl -X POST http://localhost:8001/plugins \ - --data "name=rate-limiting" \ - --data "consumer.username=ddooley" \ - --data "config.second=2" - -for _ in {1..3}; do curl -i http://localhost:8000/mock/request --data "consumer.username=ddooley"; echo; sleep 1; done - -## END RATE LIMITING ## - - -################### -## PROXY CACHING ## -################### -# Enable proxy caching -curl -i -X POST http://localhost:8001/plugins \ - --data "name=proxy-cache" \ - --data "config.request_method=GET" \ - --data "config.response_code=200" \ - --data "config.content_type=application/json; charset=utf-8" \ - --data "config.cache_ttl=30" \ - --data "config.strategy=memory" - -# Get a cache MISS, then a HIT -curl -i -X GET http://localhost:8000/mock/requests -curl -i -X GET http://localhost:8000/mock/requests - -# Service level caching -curl -X POST http://localhost:8001/services/example_service/plugins \ - --data "name=proxy-cache" \ - --data "config.request_method=GET" \ - --data "config.response_code=200" \ - --data "config.content_type=application/json; charset=utf-8" \ - --data "config.cache_ttl=30" \ - --data "config.strategy=memory" - -# Route level caching -curl -X POST http://localhost:8001/routes/example_route/plugins \ - --data "name=proxy-cache" \ - --data "config.request_method=GET" \ - --data "config.response_code=200" \ - --data "config.content_type=application/json; charset=utf-8" \ - --data "config.cache_ttl=30" \ - --data "config.strategy=memory" - -# Consumer level caching -curl -X POST http://localhost:8001/consumers/ \ - --data username=vgupta - -curl -X POST http://localhost:8001/consumers/vgupta/plugins \ - --data "name=proxy-cache" \ - --data "config.request_method=GET" \ - --data "config.response_code=200" \ - --data "config.content_type=application/json; charset=utf-8" \ - --data "config.cache_ttl=30" \ - --data "config.strategy=memory" -curl -i -X GET http://localhost:8000/mock/requests --data "consumer.username=vgupta" -curl -i -X GET http://localhost:8000/mock/requests --data "consumer.username=vgupta" - -## END PROXY CACHING ## - -############## -## KEY AUTH ## -############## -# Key Auth via Consumer -curl -i -X POST http://localhost:8001/consumers/ \ - --data username=ashish -curl -i -X POST http://localhost:8001/consumers/ashish/key-auth \ - --data key=top-secret-key -# Enable key authentication -curl -X POST http://localhost:8001/plugins/ \ - --data "name=key-auth" \ - --data "config.key_names=apikey" -# Send an unauthenticated request -curl -i http://localhost:8000/mock/request -# Send wrong key -curl -i http://localhost:8000/mock/request \ - -H 'apikey:bad-key' -# Send valid key -curl -i http://localhost:8000/mock/request \ - -H 'apikey:top-secret-key' -# Service based key authentication -curl -X POST http://localhost:8001/services/example_service/plugins \ - --data name=key-auth -# Route based key authentication -curl -X POST http://localhost:8001/routes/example_route/plugins \ - --data name=key-auth -## END KEY AUTH ## - -#################### -## LOAD BALANCING ## -#################### -# Create an upstream and targets -curl -X POST http://localhost:8001/upstreams \ - --data name=example_upstream -curl -X POST http://localhost:8001/upstreams/example_upstream/targets \ - --data target='mockbin.org:80' -curl -X POST http://localhost:8001/upstreams/example_upstream/targets \ - --data target='httpbin.org:80' -# Update the service to point to upstream -curl -X PATCH http://localhost:8001/services/example_service \ - --data host='example_upstream' -#Validate by hitting the route -curl -i http://localhost:8000/mock/request \ - -H 'apikey:top-secret-key' -## END LOAD BALANCING ## - diff --git a/community_images/kong/official/docker-compose.yml b/community_images/kong/official/docker-compose.yml deleted file mode 100644 index ec9f58475a..0000000000 --- a/community_images/kong/official/docker-compose.yml +++ /dev/null @@ -1,98 +0,0 @@ -version: "3.7" - - -volumes: - kong_data: {} - -networks: - kong-net: - external: false - - -services: - - ####################################### - # Postgres: The database used by Kong - ####################################### - kong-database: - image: postgres:9.6 - container_name: kong-postgres - restart: on-failure - networks: - - kong-net - volumes: - - kong_data:/var/lib/postgresql/data - environment: - POSTGRES_USER: kong - POSTGRES_PASSWORD: kongpass - POSTGRES_DB: kong - ports: - - "5432:5432" - healthcheck: - test: ["CMD", "pg_isready", "-U", "kong"] - interval: 30s - timeout: 30s - retries: 3 - stdin_open: true - tty: true - - ####################################### - # Kong database migration - ####################################### - kong-migration: - image: ${KONG_IMAGE_REPOSITORY}:${KONG_IMAGE_TAG} - cap_add: - - SYS_PTRACE - - SETUID - - SETGID - command: kong migrations bootstrap - networks: - - kong-net - restart: on-failure - environment: - KONG_DATABASE: postgres - KONG_PG_HOST: kong-database - KONG_PG_DATABASE: kong - KONG_PG_USER: kong - KONG_PG_PASSWORD: kongpass - depends_on: - kong-database: - condition: service_healthy - - - ####################################### - # Kong: The API Gateway - ####################################### - kong: - image: ${KONG_IMAGE_REPOSITORY}:${KONG_IMAGE_TAG} - cap_add: - - SYS_PTRACE - - SETUID - - SETGID - restart: on-failure - networks: - - kong-net - environment: - KONG_DATABASE: postgres - KONG_PG_HOST: kong-database - KONG_PG_DATABASE: kong - KONG_PG_USER: kong - KONG_PG_PASSWORD: kongpass - KONG_PROXY_LISTEN: 0.0.0.0:8000 - KONG_PROXY_LISTEN_SSL: 0.0.0.0:9443 - KONG_ADMIN_LISTEN: 0.0.0.0:8001 - depends_on: - kong-database: - condition: service_healthy - kong-migration: - condition: service_started - healthcheck: - test: ["CMD", "kong", "health"] - interval: 10s - timeout: 10s - retries: 10 - ports: - - "8000:8000" - - "8001:8001" - - "9443:9443" - - "8444:8444" diff --git a/community_images/kong/official/docker_coverage.sh b/community_images/kong/official/docker_coverage.sh deleted file mode 100755 index 87c7ba3798..0000000000 --- a/community_images/kong/official/docker_coverage.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash - -set -x -set -e - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker coverage = $JSON" - -# NETWORK_NAME=$(jq -r '.network_name' < "$JSON_PARAMS") -# ENVOY_HOST=$(jq -r '.container_details.envoy.ip_address' < "$JSON_PARAMS") diff --git a/community_images/kong/official/image.yml b/community_images/kong/official/image.yml deleted file mode 100644 index 9404534057..0000000000 --- a/community_images/kong/official/image.yml +++ /dev/null @@ -1,51 +0,0 @@ -name: kong -official_name: Kong -official_website: https://konghq.com -source_image_provider: The Kong Docker Maintainers -source_image_repo: docker.io/library/kong -source_image_repo_link: https://hub.docker.com/_/kong -source_image_readme: https://github.com/kong/kong#readme -rf_docker_link: rapidfort/kong -image_workflow_name: kong_official -github_location: kong/official -report_url: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fkong -usage_instructions: | - # Start the Gateway stack using - $ docker-compose up - -what_is_text: | - Kong or Kong API Gateway is a cloud-native, platform-agnostic, scalable API Gateway distinguished for its high performance and extensibility via plugins. - - By providing functionality for proxying, routing, load balancing, health checking, authentication (and more), Kong serves as the central layer for orchestrating microservices or conventional API traffic with ease. -disclaimer: | - Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. -docker_links: - - "[`3.x.x-ubuntu`, `3.x-ubuntu`, `ubuntu`, (latest/Dockerfile)](https://github.com/Kong/docker-kong/blob/5a2610d900717a4a6c8ee98bc421d0d4599b126f/ubuntu/Dockerfile)" -input_registry: - registry: docker.io - account: library -repo_sets: - - kong: - input_base_tag: "3.0.0-ubuntu" -runtimes: - - type: docker_compose - script: dc_coverage.sh - wait_time_sec: 60 - compose_file: docker-compose.yml - image_keys: - kong: - repository: "KONG_IMAGE_REPOSITORY" - tag: "KONG_IMAGE_TAG" - - type: k8s - script: k8s_coverage.sh - helm: - repo: kong - repo_url: https://charts.konghq.com - chart: kong - readiness_check_script: kong_setup.sh - image_keys: - kong: - repository: "image.repository" - tag: "image.tag" - override_file: "overrides.yml" - diff --git a/community_images/kong/official/k8s_coverage.sh b/community_images/kong/official/k8s_coverage.sh deleted file mode 100755 index 7986538312..0000000000 --- a/community_images/kong/official/k8s_coverage.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash - -set -x -set -e - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for k8s coverage = $JSON" - diff --git a/community_images/kong/official/kong_setup.sh b/community_images/kong/official/kong_setup.sh deleted file mode 100644 index aaa5e8d623..0000000000 --- a/community_images/kong/official/kong_setup.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash - -set -x -set -e - -NAMESPACE=$1 -RELEASE_NAME=$2 - -kubectl wait deployment "${RELEASE_NAME}"-kong -n "${NAMESPACE}" \ - --for=condition=Available=True --timeout=20m - diff --git a/community_images/kong/official/overrides.yml b/community_images/kong/official/overrides.yml deleted file mode 100644 index 0aea0e3be1..0000000000 --- a/community_images/kong/official/overrides.yml +++ /dev/null @@ -1,17 +0,0 @@ -image: - pullSecrets: ["rf-regcred"] - pullPolicy: Always -containerSecurityContext: - runAsUser: 1001 - allowPrivilegeEscalation: true - capabilities: - add: ["SYS_PTRACE"] -extraEnvVars: - - name: "RF_VERBOSE" - value: "0" -livenessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 -readinessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 diff --git a/community_images/mariadb/bitnami/.rfignore b/community_images/mariadb/bitnami/.rfignore deleted file mode 100644 index 2037ceac0b..0000000000 --- a/community_images/mariadb/bitnami/.rfignore +++ /dev/null @@ -1,4 +0,0 @@ -opt/bitnami/common/licenses -opt/bitnami/licenses -opt/bitnami/mariadb/licenses -usr/share/common-licenses diff --git a/community_images/mariadb/bitnami/README.md b/community_images/mariadb/bitnami/README.md deleted file mode 100644 index eff29a4d79..0000000000 --- a/community_images/mariadb/bitnami/README.md +++ /dev/null @@ -1,148 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for MariaDB - -RapidFort’s container optimization process hardened this MariaDB container. This container is free to use and has no license limitations. - -It is the same as the [Bitnami MariaDB][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is MariaDB? - -> MariaDB Server is one of the most popular database servers in the world. It’s made by the original developers of MySQL and guaranteed to stay open source. Notable users include Wikipedia, DBS Bank, and ServiceNow. - - -[Overview of MariaDB](https://www.mariadb.com/) - -Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - - -## How do I use this hardened MariaDB image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -$ helm repo add bitnami https://charts.bitnami.com/bitnami - -# install mariadb, just replace repository with RapidFort registry -$ helm install my-mariadb bitnami/mariadb --set image.repository=rapidfort/mariadb - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [Bitnami MariaDB][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [Bitnami MariaDB][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/mariadb][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links -* [`11.1`, `11.1-debian-11`, `11.1.3`, `11.1.3-debian-11-r` (11.1/debian-11/Dockerfile)](https://github.com/bitnami/containers/tree/main/bitnami/mariadb/11.1/debian-11/Dockerfile) -* [`11.0`, `11.0-debian-11`, `11.0.4`, `11.0.4-debian-11-r` (11.0/debian-11/Dockerfile)](https://github.com/bitnami/containers/tree/main/bitnami/mariadb/11.0/debian-11/Dockerfile) -* [`10.11`, `10.11-debian-11`, `10.11.6`, `10.11.6-debian-11-r` (10.11/debian-11/Dockerfile)](https://github.com/bitnami/containers/tree/main/bitnami/mariadb/10.11/debian-11/Dockerfile) -* [`10.10`, `10.10-debian-11`, `10.10.7`, `10.10.7-debian-11-r` (10.10/debian-11/Dockerfile)](https://github.com/bitnami/containers/tree/main/bitnami/mariadb/10.10/debian-11/Dockerfile) -* [`10.6`, `10.6-debian-11`, `10.6.16`, `10.6.16-debian-11-r` (10.6/debian-11/Dockerfile)](https://github.com/bitnami/containers/tree/main/bitnami/mariadb/10.6/debian-11/Dockerfile) -* [`10.5`, `10.5-debian-11`, `10.5.23`, `10.5.23-debian-11-r` (10.5/debian-11/Dockerfile)](https://github.com/bitnami/containers/tree/main/bitnami/mariadb/10.5/debian-11/Dockerfile) -* [`10.4`, `10.4-debian-11`, `10.4.32`, `10.4.32-debian-11-r` (10.4/debian-11/Dockerfile)](https://github.com/bitnami/containers/tree/main/bitnami/mariadb/10.4/debian-11/Dockerfile) - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=mariadb&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fmariadb?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=mariadb&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fmariadb?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=mariadb&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fmariadb?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=mariadb&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fmariadb?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=mariadb&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fmariadb?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=mariadb&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/mariadb?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/mariadb?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/mariadb/bitnami/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/mariadb/bitnami/assets/cve_reduction.webp - -[source-image-repo-link]: https://hub.docker.com/r/bitnami/mariadb -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/mariadb diff --git a/community_images/mariadb/bitnami/assets/cve_reduction.webp b/community_images/mariadb/bitnami/assets/cve_reduction.webp deleted file mode 100644 index 9b6421a847..0000000000 Binary files a/community_images/mariadb/bitnami/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/mariadb/bitnami/assets/metrics.webp b/community_images/mariadb/bitnami/assets/metrics.webp deleted file mode 100644 index ac002dbb92..0000000000 Binary files a/community_images/mariadb/bitnami/assets/metrics.webp and /dev/null differ diff --git a/community_images/mariadb/bitnami/docker-compose.yml b/community_images/mariadb/bitnami/docker-compose.yml deleted file mode 100644 index b7e50b0c83..0000000000 --- a/community_images/mariadb/bitnami/docker-compose.yml +++ /dev/null @@ -1,52 +0,0 @@ -version: '2.1' - -services: - mariadb-master: - image: ${MARIADB_IMAGE_REPOSITORY}:${MARIADB_IMAGE_TAG} - ports: - - '3306' - volumes: - - 'mariadb_master_data:/bitnami/mariadb' - environment: - - MARIADB_REPLICATION_MODE=master - - MARIADB_REPLICATION_USER=repl_user - - MARIADB_USER=my_user - - MARIADB_DATABASE=my_database - # ALLOW_EMPTY_PASSWORD is recommended only for development. - - ALLOW_EMPTY_PASSWORD=yes - - MARIADB_ROOT_PASSWORD=my_root_password - cap_add: - - SYS_PTRACE - healthcheck: - test: ['CMD', '/opt/bitnami/scripts/mariadb/healthcheck.sh'] - interval: 15s - timeout: 5s - retries: 6 - - mariadb-slave: - image: ${MARIADB_IMAGE_REPOSITORY}:${MARIADB_IMAGE_TAG} - ports: - - '3306' - depends_on: - - mariadb-master - environment: - - MARIADB_REPLICATION_MODE=slave - - MARIADB_REPLICATION_USER=repl_user - - MARIADB_USER=my_user - - MARIADB_DATABASE=my_database - - MARIADB_MASTER_HOST=mariadb-master - - MARIADB_MASTER_PORT_NUMBER=3306 - - MARIADB_MASTER_ROOT_PASSWORD=my_root_password - # ALLOW_EMPTY_PASSWORD is recommended only for development. - - ALLOW_EMPTY_PASSWORD=yes - cap_add: - - SYS_PTRACE - healthcheck: - test: ['CMD', '/opt/bitnami/scripts/mariadb/healthcheck.sh'] - interval: 15s - timeout: 5s - retries: 6 - -volumes: - mariadb_master_data: - driver: local \ No newline at end of file diff --git a/community_images/mariadb/bitnami/image.yml b/community_images/mariadb/bitnami/image.yml deleted file mode 100644 index a850dd2310..0000000000 --- a/community_images/mariadb/bitnami/image.yml +++ /dev/null @@ -1,61 +0,0 @@ -name: mariadb -official_name: MariaDB -official_website: https://www.mariadb.com/ -source_image_provider: Bitnami -source_image_repo: docker.io/bitnami/mariadb -source_image_repo_link: https://hub.docker.com/r/bitnami/mariadb -source_image_readme: https://github.com/bitnami/containers/blob/main/bitnami/mariadb/README.md -rf_docker_link: rapidfort/mariadb -image_workflow_name: mariadb_bitnami -github_location: mariadb/bitnami -report_url: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fmariadb -usage_instructions: | - $ helm repo add bitnami https://charts.bitnami.com/bitnami - - # install mariadb, just replace repository with RapidFort registry - $ helm install my-mariadb bitnami/mariadb --set image.repository=rapidfort/mariadb -what_is_text: | - MariaDB Server is one of the most popular database servers in the world. It’s made by the original developers of MySQL and guaranteed to stay open source. Notable users include Wikipedia, DBS Bank, and ServiceNow. -disclaimer: | - Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. -input_registry: - registry: docker.io - account: bitnami -repo_sets: - - mariadb: - input_base_tag: "11.1.2-debian-11-r" - - mariadb: - input_base_tag: "11.0.3-debian-11-r" - - mariadb: - input_base_tag: "10.11.5-debian-11-r" - - mariadb: - input_base_tag: "10.10.6-debian-11-r" - - mariadb: - input_base_tag: "10.6.15-debian-11-r" - - mariadb: - input_base_tag: "10.5.22-debian-11-r" - - mariadb: - input_base_tag: "10.4.31-debian-11-r" -runtimes: - - type: k8s - script: k8s_coverage.sh - helm: - repo: bitnami - repo_url: https://charts.bitnami.com/bitnami - chart: mariadb - wait_time_sec: 120 - image_keys: - mariadb: - repository: "image.repository" - tag: "image.tag" - override_file: "overrides.yml" - - type: docker_compose - compose_file: docker-compose.yml - image_keys: - mariadb: - repository: "MARIADB_IMAGE_REPOSITORY" - tag: "MARIADB_IMAGE_TAG" - - type: docker - mariadb: - environment: - MARIADB_ROOT_PASSWORD: my_root_password diff --git a/community_images/mariadb/bitnami/k8s_coverage.sh b/community_images/mariadb/bitnami/k8s_coverage.sh deleted file mode 100755 index 06a7b33fcf..0000000000 --- a/community_images/mariadb/bitnami/k8s_coverage.sh +++ /dev/null @@ -1,71 +0,0 @@ -#!/bin/bash - -set -x -set -e - -# shellcheck disable=SC1091 -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -# shellcheck disable=SC1091 -. "${SCRIPTPATH}"/../../common/tests/sysbench_tests.sh - -JSON_PARAMS="$1" - -NAMESPACE=$(jq -r '.namespace_name' < "$JSON_PARAMS") -RELEASE_NAME=$(jq -r '.release_name' < "$JSON_PARAMS") - -# get mariadb password -MARIADB_ROOT_PASSWORD=$(kubectl get secret --namespace "${NAMESPACE}" "${RELEASE_NAME}" -o jsonpath="{.data.mariadb-root-password}" | base64 --decode) - -# copy test.sql into container -kubectl -n "${NAMESPACE}" cp "${SCRIPTPATH}"/../../common/tests/test.my_sql "${RELEASE_NAME}"-0:/tmp/test.my_sql - -# run script -kubectl -n "${NAMESPACE}" exec -i "${RELEASE_NAME}"-0 -- /bin/bash -c "mysql -h localhost -uroot -p\"$MARIADB_ROOT_PASSWORD\" mysql < /tmp/test.my_sql" - -# copy mysql_coverage.sh into container -kubectl -n "${NAMESPACE}" cp "${SCRIPTPATH}"/../../common/tests/mysql_coverage.sh "${RELEASE_NAME}"-0:/tmp/mysql_coverage.sh - -# run mysql_coverage on cluster -kubectl -n "${NAMESPACE}" exec -i "${RELEASE_NAME}"-0 -- /bin/bash -c "/tmp/mysql_coverage.sh" - -# create sbtest schema -kubectl -n "${NAMESPACE}" exec -i "${RELEASE_NAME}"-0 \ - -- /bin/bash -c \ - "mysql -h localhost -uroot -p\"$MARIADB_ROOT_PASSWORD\" -e \"CREATE SCHEMA sbtest;\"" - -# prepare benchmark -kubectl run -n "${NAMESPACE}" sb-prepare \ - --rm -i --restart='Never' \ - --image severalnines/sysbench \ - --command -- sysbench \ - --db-driver=mysql \ - --oltp-table-size=100000 \ - --oltp-tables-count=24 \ - --threads=1 \ - --mysql-host="${RELEASE_NAME}" \ - --mysql-port=3306 \ - --mysql-user=root \ - --mysql-password="${MARIADB_ROOT_PASSWORD}" \ - --mysql-debug=on \ - /usr/share/sysbench/tests/include/oltp_legacy/parallel_prepare.lua \ - run - -# execute test -kubectl run -n "${NAMESPACE}" sb-run \ - --rm -i --restart='Never' \ - --image severalnines/sysbench \ - --command -- sysbench \ - --db-driver=mysql \ - --report-interval=2 \ - --mysql-table-engine=innodb \ - --oltp-table-size=100000 \ - --oltp-tables-count=24 \ - --threads=4 \ - --time=30 \ - --mysql-host="${RELEASE_NAME}" \ - --mysql-port=3306 \ - --mysql-user=root \ - --mysql-password="${MARIADB_ROOT_PASSWORD}" \ - /usr/share/sysbench/tests/include/oltp_legacy/oltp.lua \ - run diff --git a/community_images/mariadb/bitnami/overrides.yml b/community_images/mariadb/bitnami/overrides.yml deleted file mode 100644 index 8b521fe90c..0000000000 --- a/community_images/mariadb/bitnami/overrides.yml +++ /dev/null @@ -1,35 +0,0 @@ -image: - pullSecrets: ["rf-regcred"] - pullPolicy: Always -primary: - containerSecurityContext: - enabled: true - runAsUser: 1001 - allowPrivilegeEscalation: true - capabilities: - add: ["SYS_PTRACE"] - extraEnvVars: - - name: "RF_VERBOSE" - value: "0" - livenessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 - readinessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 -secondary: - containerSecurityContext: - enabled: true - runAsUser: 1001 - allowPrivilegeEscalation: true - capabilities: - add: ["SYS_PTRACE"] - extraEnvVars: - - name: "RF_VERBOSE" - value: "0" - livenessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 - readinessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 \ No newline at end of file diff --git a/community_images/mariadb/ironbank/.rfignore b/community_images/mariadb/ironbank/.rfignore deleted file mode 100644 index bd036ec246..0000000000 --- a/community_images/mariadb/ironbank/.rfignore +++ /dev/null @@ -1 +0,0 @@ -usr/share/licenses diff --git a/community_images/mariadb/ironbank/README.md b/community_images/mariadb/ironbank/README.md deleted file mode 100644 index c371ac6e9c..0000000000 --- a/community_images/mariadb/ironbank/README.md +++ /dev/null @@ -1,139 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for MariaDB IronBank - -RapidFort’s container optimization process hardened this MariaDB IronBank container. This container is free to use and has no license limitations. - -It is the same as the [Platform One MariaDB IronBank][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is MariaDB IronBank? - -> MariaDB Server is one of the most popular database servers in the world. It’s made by the original developers of MySQL and guaranteed to stay open source. Notable users include Wikipedia, DBS Bank, and ServiceNow. - - -[Overview of MariaDB IronBank](https://www.mariadb.com/) - -Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - - -## How do I use this hardened MariaDB IronBank image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -$ docker run --name some-mariadb --env MARIADB_USER=example-user --env MARIADB_PASSWORD=my_cool_secret --env MARIADB_ROOT_PASSWORD=my-secret-pw rapidfort/mariadb-ib:latest - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [Platform One MariaDB IronBank][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [Platform One MariaDB IronBank][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/mariadb-ib][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links -* [`latest` (Dockerfile)](https://repo1.dso.mil/dsop/opensource/mariadb/mariadb106/-/blob/development/Dockerfile) - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=mariadb-ib&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fmariadb%2Fmariadb?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=mariadb-ib&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fmariadb%2Fmariadb?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=mariadb-ib&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fmariadb%2Fmariadb?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=mariadb-ib&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fmariadb%2Fmariadb?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=mariadb-ib&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fmariadb%2Fmariadb?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=mariadb-ib&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/mariadb-ib?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/mariadb-ib?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/mariadb/ironbank/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/mariadb/ironbank/assets/cve_reduction.webp - -[source-image-repo-link]: https://registry1.dso.mil/harbor/projects/3/repositories/opensource%2Fmariadb%2Fmariadb -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/mariadb-ib diff --git a/community_images/mariadb/ironbank/assets/cve_reduction.webp b/community_images/mariadb/ironbank/assets/cve_reduction.webp deleted file mode 100644 index 1a011266a0..0000000000 Binary files a/community_images/mariadb/ironbank/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/mariadb/ironbank/assets/metrics.webp b/community_images/mariadb/ironbank/assets/metrics.webp deleted file mode 100644 index 33ada3b0d0..0000000000 Binary files a/community_images/mariadb/ironbank/assets/metrics.webp and /dev/null differ diff --git a/community_images/mariadb/ironbank/docker_coverage.sh b/community_images/mariadb/ironbank/docker_coverage.sh deleted file mode 100755 index a0048d90f2..0000000000 --- a/community_images/mariadb/ironbank/docker_coverage.sh +++ /dev/null @@ -1,77 +0,0 @@ -#!/bin/bash - -set -x -set -e - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker coverage = $JSON" - -CONTAINER_NAME=$(jq -r '.container_details."mariadb-ib".name' < "$JSON_PARAMS") -NETWORK_NAME=$(jq -r '.network_name' < "$JSON_PARAMS") -MYSQL_HOST=$(jq -r '.container_details."mariadb-ib".ip_address' < "$JSON_PARAMS") - -SCRIPTPATH=$(jq -r '.image_script_dir' < "$JSON_PARAMS") - - -# shellcheck disable=SC1091 -. "${SCRIPTPATH}"/../../common/tests/sysbench_tests.sh - -# get mysql password -MYSQL_ROOT_PASSWORD=my_root_password - -# copy test.sql into container -docker cp "${SCRIPTPATH}"/../../common/tests/test.my_sql "${CONTAINER_NAME}":/tmp/test.my_sql - -# run script -docker exec -i "${CONTAINER_NAME}" \ - /bin/bash -c "mysql -h localhost -uroot -p\"$MYSQL_ROOT_PASSWORD\" mysql < /tmp/test.my_sql" - -# copy mysql_coverage.sh into container -docker cp "${SCRIPTPATH}"/../../common/tests/mysql_coverage.sh "${CONTAINER_NAME}":/tmp/mysql_coverage.sh - -# run mysql_coverage on cluster -docker exec -i "${CONTAINER_NAME}" /bin/bash -c "/tmp/mysql_coverage.sh" - -# create sbtest schema -docker exec -i "${CONTAINER_NAME}" \ - /bin/bash -c \ - "mysql -h localhost -uroot -p\"$MYSQL_ROOT_PASSWORD\" -e \"CREATE SCHEMA sbtest;\"" - -# prepare benchmark -docker run --network="${NETWORK_NAME}" \ - --name sb-prepare --rm -i \ - severalnines/sysbench \ - sysbench \ - --db-driver=mysql \ - --oltp-table-size=100000 \ - --oltp-tables-count=24 \ - --threads=1 \ - --mysql-host="${MYSQL_HOST}" \ - --mysql-port=3306 \ - --mysql-user=root \ - --mysql-password="${MYSQL_ROOT_PASSWORD}" \ - --mysql-debug=on \ - /usr/share/sysbench/tests/include/oltp_legacy/parallel_prepare.lua \ - run - -# execute test -docker run --network="${NETWORK_NAME}" \ - --name sb-run --rm -i \ - severalnines/sysbench \ - sysbench \ - --db-driver=mysql \ - --report-interval=2 \ - --mysql-table-engine=innodb \ - --oltp-table-size=100000 \ - --oltp-tables-count=24 \ - --threads=4 \ - --time=45 \ - --mysql-host="${MYSQL_HOST}" \ - --mysql-port=3306 \ - --mysql-user=root \ - --mysql-password="${MYSQL_ROOT_PASSWORD}" \ - /usr/share/sysbench/tests/include/oltp_legacy/oltp.lua \ - run diff --git a/community_images/mariadb/ironbank/image.yml b/community_images/mariadb/ironbank/image.yml deleted file mode 100644 index ad6bb0e049..0000000000 --- a/community_images/mariadb/ironbank/image.yml +++ /dev/null @@ -1,35 +0,0 @@ -name: mariadb-ib -official_name: MariaDB IronBank -official_website: https://www.mariadb.com/ -source_image_provider: Platform One -source_image_repo: registry1.dso.mil/ironbank/opensource/mariadb/mariadb -source_image_repo_link: https://registry1.dso.mil/harbor/projects/3/repositories/opensource%2Fmariadb%2Fmariadb -source_image_readme: https://repo1.dso.mil/dsop/opensource/mariadb/mariadb106/-/blob/development/Dockerfile -rf_docker_link: rapidfort/mariadb-ib -image_workflow_name: mariadb_ironbank -github_location: mariadb/ironbank -report_url: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fmariadb%2Fmariadb -usage_instructions: | - $ docker run --name some-mariadb --env MARIADB_USER=example-user --env MARIADB_PASSWORD=my_cool_secret --env MARIADB_ROOT_PASSWORD=my-secret-pw rapidfort/mariadb-ib:latest -what_is_text: | - MariaDB Server is one of the most popular database servers in the world. It’s made by the original developers of MySQL and guaranteed to stay open source. Notable users include Wikipedia, DBS Bank, and ServiceNow. -disclaimer: | - Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. -docker_links: - - "[`latest` (Dockerfile)](https://repo1.dso.mil/dsop/opensource/mariadb/mariadb106/-/blob/development/Dockerfile)" -input_registry: - registry: registry1.dso.mil - account: ironbank -repo_sets: - - opensource/mariadb/mariadb: - input_base_tag: "10.5." - output_repo: mariadb-ib -runtimes: - - type: docker - script: docker_coverage.sh - wait_time_sec: 60 - mariadb-ib: - exec_command: --default-authentication-plugin=mysql_native_password - environment: - MARIADB_ROOT_PASSWORD: my_root_password - MARIADB_ROOT_HOST: "%" diff --git a/community_images/mariadb/official/README.md b/community_images/mariadb/official/README.md deleted file mode 100644 index feb8bcb97e..0000000000 --- a/community_images/mariadb/official/README.md +++ /dev/null @@ -1,139 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for MariaDB Official - -RapidFort’s container optimization process hardened this MariaDB Official container. This container is free to use and has no license limitations. - -It is the same as the [MariaDB Developer Community MariaDB Official][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is MariaDB Official? - -> MariaDB Server is one of the most popular database servers in the world. It's made by the original developers of MySQL and guaranteed to stay open source. Notable users include Wikipedia, DBS Bank, and ServiceNow. - - -[Overview of MariaDB Official](https://www.mariadb.com/) - -Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - - -## How do I use this hardened MariaDB Official image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -$ docker run --name some-mariadb --env MARIADB_USER=example-user --env MARIADB_PASSWORD=my_cool_secret --env MARIADB_ROOT_PASSWORD=my-secret-pw rapidfort/mariadb-ib:latest - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [MariaDB Developer Community MariaDB Official][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [MariaDB Developer Community MariaDB Official][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/mariadb-official][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links -* [`10.10.1-rc-jammy`, `10.10-rc-jammy`, `10.10.1-rc`, `10.10-rc`](https://github.com/MariaDB/mariadb-docker/blob/ee8996e7fd507cfbef594c0369af092e5cf9078a/10.10/Dockerfile) - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=mariadb-official&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fmariadb?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=mariadb-official&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fmariadb?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=mariadb-official&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fmariadb?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=mariadb-official&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fmariadb?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=mariadb-official&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fmariadb?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=mariadb-official&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/mariadb-official?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/mariadb-official?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/mariadb/official/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/mariadb/official/assets/cve_reduction.webp - -[source-image-repo-link]: https://hub.docker.com/_/mariadb -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/mariadb-official diff --git a/community_images/mariadb/official/assets/cve_reduction.webp b/community_images/mariadb/official/assets/cve_reduction.webp deleted file mode 100644 index 7cb244b1fd..0000000000 Binary files a/community_images/mariadb/official/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/mariadb/official/assets/metrics.webp b/community_images/mariadb/official/assets/metrics.webp deleted file mode 100644 index 54930c2a5a..0000000000 Binary files a/community_images/mariadb/official/assets/metrics.webp and /dev/null differ diff --git a/community_images/mariadb/official/docker_coverage.sh b/community_images/mariadb/official/docker_coverage.sh deleted file mode 100755 index ca012424b3..0000000000 --- a/community_images/mariadb/official/docker_coverage.sh +++ /dev/null @@ -1,77 +0,0 @@ -#!/bin/bash - -set -x -set -e - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker coverage = $JSON" - -CONTAINER_NAME=$(jq -r '.container_details."mariadb-official".name' < "$JSON_PARAMS") -NETWORK_NAME=$(jq -r '.network_name' < "$JSON_PARAMS") -MYSQL_HOST=$(jq -r '.container_details."mariadb-official".ip_address' < "$JSON_PARAMS") - -SCRIPTPATH=$(jq -r '.image_script_dir' < "$JSON_PARAMS") - - -# shellcheck disable=SC1091 -. "${SCRIPTPATH}"/../../common/tests/sysbench_tests.sh - -# get mysql password -MYSQL_ROOT_PASSWORD=my_root_password - -# copy test.sql into container -docker cp "${SCRIPTPATH}"/../../common/tests/test.my_sql "${CONTAINER_NAME}":/tmp/test.my_sql - -# run script -docker exec -i "${CONTAINER_NAME}" \ - /bin/bash -c "mysql -h localhost -uroot -p\"$MYSQL_ROOT_PASSWORD\" mysql < /tmp/test.my_sql" - -# copy mysql_coverage.sh into container -docker cp "${SCRIPTPATH}"/../../common/tests/mysql_coverage.sh "${CONTAINER_NAME}":/tmp/mysql_coverage.sh - -# run mysql_coverage on cluster -docker exec -i "${CONTAINER_NAME}" /bin/bash -c "/tmp/mysql_coverage.sh" - -# create sbtest schema -docker exec -i "${CONTAINER_NAME}" \ - /bin/bash -c \ - "mysql -h localhost -uroot -p\"$MYSQL_ROOT_PASSWORD\" -e \"CREATE SCHEMA sbtest;\"" - -# prepare benchmark -docker run --network="${NETWORK_NAME}" \ - --name sb-prepare --rm -i \ - severalnines/sysbench \ - sysbench \ - --db-driver=mysql \ - --oltp-table-size=100000 \ - --oltp-tables-count=24 \ - --threads=1 \ - --mysql-host="${MYSQL_HOST}" \ - --mysql-port=3306 \ - --mysql-user=root \ - --mysql-password="${MYSQL_ROOT_PASSWORD}" \ - --mysql-debug=on \ - /usr/share/sysbench/tests/include/oltp_legacy/parallel_prepare.lua \ - run - -# execute test -docker run --network="${NETWORK_NAME}" \ - --name sb-run --rm -i \ - severalnines/sysbench \ - sysbench \ - --db-driver=mysql \ - --report-interval=2 \ - --mysql-table-engine=innodb \ - --oltp-table-size=100000 \ - --oltp-tables-count=24 \ - --threads=4 \ - --time=45 \ - --mysql-host="${MYSQL_HOST}" \ - --mysql-port=3306 \ - --mysql-user=root \ - --mysql-password="${MYSQL_ROOT_PASSWORD}" \ - /usr/share/sysbench/tests/include/oltp_legacy/oltp.lua \ - run diff --git a/community_images/mariadb/official/image.yml b/community_images/mariadb/official/image.yml deleted file mode 100644 index db5fe71b87..0000000000 --- a/community_images/mariadb/official/image.yml +++ /dev/null @@ -1,35 +0,0 @@ -name: mariadb-official -official_name: MariaDB Official -official_website: https://www.mariadb.com/ -source_image_provider: MariaDB Developer Community -source_image_repo: docker.io/library/mariadb -source_image_repo_link: https://hub.docker.com/_/mariadb -source_image_readme: https://github.com/MariaDB/mariadb-docker/tree/ee8996e7fd507cfbef594c0369af092e5cf9078a#readme -rf_docker_link: rapidfort/mariadb-official -image_workflow_name: mariadb_official -github_location: mariadb/official -report_url: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fmariadb -usage_instructions: | - $ docker run --name some-mariadb --env MARIADB_USER=example-user --env MARIADB_PASSWORD=my_cool_secret --env MARIADB_ROOT_PASSWORD=my-secret-pw rapidfort/mariadb-ib:latest -what_is_text: | - MariaDB Server is one of the most popular database servers in the world. It's made by the original developers of MySQL and guaranteed to stay open source. Notable users include Wikipedia, DBS Bank, and ServiceNow. -disclaimer: | - Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. -docker_links: - - "[`10.10.1-rc-jammy`, `10.10-rc-jammy`, `10.10.1-rc`, `10.10-rc`](https://github.com/MariaDB/mariadb-docker/blob/ee8996e7fd507cfbef594c0369af092e5cf9078a/10.10/Dockerfile)" -input_registry: - registry: docker.io - account: library -repo_sets: - - mariadb: - input_base_tag: "10.10.*" - output_repo: mariadb-official -runtimes: - - type: docker - script: docker_coverage.sh - wait_time_sec: 60 - mariadb-official: - exec_command: --default-authentication-plugin=mysql_native_password - environment: - MARIADB_ROOT_PASSWORD: my_root_password - MARIADB_ROOT_HOST: "%" diff --git a/community_images/mariadb/official/k8s_coverage.sh b/community_images/mariadb/official/k8s_coverage.sh deleted file mode 100755 index 06a7b33fcf..0000000000 --- a/community_images/mariadb/official/k8s_coverage.sh +++ /dev/null @@ -1,71 +0,0 @@ -#!/bin/bash - -set -x -set -e - -# shellcheck disable=SC1091 -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -# shellcheck disable=SC1091 -. "${SCRIPTPATH}"/../../common/tests/sysbench_tests.sh - -JSON_PARAMS="$1" - -NAMESPACE=$(jq -r '.namespace_name' < "$JSON_PARAMS") -RELEASE_NAME=$(jq -r '.release_name' < "$JSON_PARAMS") - -# get mariadb password -MARIADB_ROOT_PASSWORD=$(kubectl get secret --namespace "${NAMESPACE}" "${RELEASE_NAME}" -o jsonpath="{.data.mariadb-root-password}" | base64 --decode) - -# copy test.sql into container -kubectl -n "${NAMESPACE}" cp "${SCRIPTPATH}"/../../common/tests/test.my_sql "${RELEASE_NAME}"-0:/tmp/test.my_sql - -# run script -kubectl -n "${NAMESPACE}" exec -i "${RELEASE_NAME}"-0 -- /bin/bash -c "mysql -h localhost -uroot -p\"$MARIADB_ROOT_PASSWORD\" mysql < /tmp/test.my_sql" - -# copy mysql_coverage.sh into container -kubectl -n "${NAMESPACE}" cp "${SCRIPTPATH}"/../../common/tests/mysql_coverage.sh "${RELEASE_NAME}"-0:/tmp/mysql_coverage.sh - -# run mysql_coverage on cluster -kubectl -n "${NAMESPACE}" exec -i "${RELEASE_NAME}"-0 -- /bin/bash -c "/tmp/mysql_coverage.sh" - -# create sbtest schema -kubectl -n "${NAMESPACE}" exec -i "${RELEASE_NAME}"-0 \ - -- /bin/bash -c \ - "mysql -h localhost -uroot -p\"$MARIADB_ROOT_PASSWORD\" -e \"CREATE SCHEMA sbtest;\"" - -# prepare benchmark -kubectl run -n "${NAMESPACE}" sb-prepare \ - --rm -i --restart='Never' \ - --image severalnines/sysbench \ - --command -- sysbench \ - --db-driver=mysql \ - --oltp-table-size=100000 \ - --oltp-tables-count=24 \ - --threads=1 \ - --mysql-host="${RELEASE_NAME}" \ - --mysql-port=3306 \ - --mysql-user=root \ - --mysql-password="${MARIADB_ROOT_PASSWORD}" \ - --mysql-debug=on \ - /usr/share/sysbench/tests/include/oltp_legacy/parallel_prepare.lua \ - run - -# execute test -kubectl run -n "${NAMESPACE}" sb-run \ - --rm -i --restart='Never' \ - --image severalnines/sysbench \ - --command -- sysbench \ - --db-driver=mysql \ - --report-interval=2 \ - --mysql-table-engine=innodb \ - --oltp-table-size=100000 \ - --oltp-tables-count=24 \ - --threads=4 \ - --time=30 \ - --mysql-host="${RELEASE_NAME}" \ - --mysql-port=3306 \ - --mysql-user=root \ - --mysql-password="${MARIADB_ROOT_PASSWORD}" \ - /usr/share/sysbench/tests/include/oltp_legacy/oltp.lua \ - run diff --git a/community_images/mariadb/official/overrides.yml b/community_images/mariadb/official/overrides.yml deleted file mode 100644 index 8b521fe90c..0000000000 --- a/community_images/mariadb/official/overrides.yml +++ /dev/null @@ -1,35 +0,0 @@ -image: - pullSecrets: ["rf-regcred"] - pullPolicy: Always -primary: - containerSecurityContext: - enabled: true - runAsUser: 1001 - allowPrivilegeEscalation: true - capabilities: - add: ["SYS_PTRACE"] - extraEnvVars: - - name: "RF_VERBOSE" - value: "0" - livenessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 - readinessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 -secondary: - containerSecurityContext: - enabled: true - runAsUser: 1001 - allowPrivilegeEscalation: true - capabilities: - add: ["SYS_PTRACE"] - extraEnvVars: - - name: "RF_VERBOSE" - value: "0" - livenessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 - readinessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 \ No newline at end of file diff --git a/community_images/memcached/bitnami/.rfignore b/community_images/memcached/bitnami/.rfignore deleted file mode 100644 index 1062bc27fb..0000000000 --- a/community_images/memcached/bitnami/.rfignore +++ /dev/null @@ -1,4 +0,0 @@ -opt/bitnami/common/licenses -opt/bitnami/licenses -opt/bitnami/memcached/licenses -usr/share/common-licenses diff --git a/community_images/memcached/bitnami/README.md b/community_images/memcached/bitnami/README.md deleted file mode 100644 index c62f182576..0000000000 --- a/community_images/memcached/bitnami/README.md +++ /dev/null @@ -1,143 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for Memcached - -RapidFort’s container optimization process hardened this Memcached container. This container is free to use and has no license limitations. - -It is the same as the [Bitnami Memcached][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is Memcached? - -> Memcached is an high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. - - -[Overview of Memcached](http://memcached.org/) - -Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - - -## How do I use this hardened Memcached image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -# Docker -$ docker run --name memcached rapidfort/memcached:latest -# Kubernetes -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release rapidfort/memcached - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [Bitnami Memcached][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [Bitnami Memcached][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/memcached][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links -* [`1`, `1-debian-11`, `1.6.22`, `1.6.22-debian-11-r` (1/debian-11/Dockerfile)](https://github.com/bitnami/containers/tree/main/bitnami/memcached/1/debian-11/Dockerfile) - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=memcached&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fmemcached?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=memcached&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fmemcached?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=memcached&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fmemcached?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=memcached&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fmemcached?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=memcached&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fmemcached?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=memcached&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/memcached?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/memcached?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/memcached/bitnami/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/memcached/bitnami/assets/cve_reduction.webp - -[source-image-repo-link]: https://hub.docker.com/r/bitnami/memcached -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/memcached diff --git a/community_images/memcached/bitnami/assets/cve_reduction.webp b/community_images/memcached/bitnami/assets/cve_reduction.webp deleted file mode 100644 index 8a79e20477..0000000000 Binary files a/community_images/memcached/bitnami/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/memcached/bitnami/assets/metrics.webp b/community_images/memcached/bitnami/assets/metrics.webp deleted file mode 100644 index cb2743bb94..0000000000 Binary files a/community_images/memcached/bitnami/assets/metrics.webp and /dev/null differ diff --git a/community_images/memcached/bitnami/dc_coverage.sh b/community_images/memcached/bitnami/dc_coverage.sh deleted file mode 100755 index 3456e85b27..0000000000 --- a/community_images/memcached/bitnami/dc_coverage.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/bash - -set -x -set -e - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") -echo "Json params for docker compose coverage = $JSON" - -SCRIPTPATH=$(jq -r '.image_script_dir' < "$JSON_PARAMS") - -# PROJECT_NAME=$(jq -r '.project_name' < "$JSON_PARAMS") -"${SCRIPTPATH}"/mc_cli.sh 127.0.0.1 11211 "set test_key 0 60 10"$'\n'"0123456789" -"${SCRIPTPATH}"/mc_cli.sh 127.0.0.1 11211 "get test_key" -"${SCRIPTPATH}"/mc_cli.sh 127.0.0.1 11211 "replace test_key 0 100 11"$'\n'"Hello World" -"${SCRIPTPATH}"/mc_cli.sh 127.0.0.1 11211 "get test_key" -"${SCRIPTPATH}"/mc_cli.sh 127.0.0.1 11211 "delete test_key" -"${SCRIPTPATH}"/mc_cli.sh 127.0.0.1 11211 "stats" -"${SCRIPTPATH}"/mc_cli.sh 127.0.0.1 11211 "stats items" diff --git a/community_images/memcached/bitnami/docker-compose.yml b/community_images/memcached/bitnami/docker-compose.yml deleted file mode 100644 index 4af9f86aa1..0000000000 --- a/community_images/memcached/bitnami/docker-compose.yml +++ /dev/null @@ -1,9 +0,0 @@ -version: '2' - -services: - memcached: - image: ${MEMCACHED_IMAGE_REPOSITORY}:${MEMCACHED_IMAGE_TAG} - cap_add: - - SYS_PTRACE - ports: - - '11211:11211' diff --git a/community_images/memcached/bitnami/image.yml b/community_images/memcached/bitnami/image.yml deleted file mode 100644 index b77a4045c1..0000000000 --- a/community_images/memcached/bitnami/image.yml +++ /dev/null @@ -1,46 +0,0 @@ -name: memcached -official_name: Memcached -official_website: http://memcached.org/ -source_image_provider: Bitnami -source_image_repo: docker.io/bitnami/memcached -source_image_repo_link: https://hub.docker.com/r/bitnami/memcached -source_image_readme: https://github.com/bitnami/containers/blob/main/bitnami/memcached/README.md -rf_docker_link: rapidfort/memcached -image_workflow_name: memcached_bitnami -github_location: memcached/bitnami -report_url: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fmemcached -usage_instructions: | - # Docker - $ docker run --name memcached rapidfort/memcached:latest - # Kubernetes - $ helm repo add bitnami https://charts.bitnami.com/bitnami - $ helm install my-release rapidfort/memcached -what_is_text: | - Memcached is an high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. -disclaimer: | - Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. -input_registry: - registry: docker.io - account: bitnami -repo_sets: - - memcached: - input_base_tag: "1.6.21-debian-11-r" -runtimes: - - type: k8s - helm: - repo: bitnami - repo_url: https://charts.bitnami.com/bitnami - chart: memcached - readiness_wait_pod_name_suffix: - - "master-0" - image_keys: - memcached: {} - override_file: "overrides.yml" - - type: docker_compose - script: dc_coverage.sh - compose_file: docker-compose.yml - image_keys: - memcached: - repository: "MEMCACHED_IMAGE_REPOSITORY" - tag: "MEMCACHED_IMAGE_TAG" - - type: docker diff --git a/community_images/memcached/bitnami/mc_cli.sh b/community_images/memcached/bitnami/mc_cli.sh deleted file mode 100755 index 87d6728db7..0000000000 --- a/community_images/memcached/bitnami/mc_cli.sh +++ /dev/null @@ -1,57 +0,0 @@ -#!/usr/bin/env expect - -set env(HOME) /usr/local/bin -set env(SHELL) /bin/bash -set env(TERM) xterm -set timeout 3 - -# Destination IP address -set HOST [lindex ${argv} 0] - -# Destination Port -set PORT [lindex ${argv} 1] - -# Memcached commands -set COMMAND [lindex ${argv} 2] - -# Usage instructions if no arguments supplied. -if { ${argc} < 1 } { - send_user "Usage: ${argv0} \[command\]\n" - send_user "e.g. ${argv0} 127.0.0.1 11211 \"stats settings\"\n" - send_user " ${argv0} 127.0.0.1 11211 \"set key_name 0 60 10\"$'\\n'\"0123456789\"\n" - send_user " ${argv0} 127.0.0.1 11211 \"get key_name\"\n\n" - exit 1 -} - -if { - [info exists PORT] - && "${PORT}" == "" -} { - set PORT "11211" -} - -if { - [info exists COMMAND] - && "${COMMAND}" == "" -} { - set COMMAND "stats" -} - -log_user 0 -spawn telnet ${HOST} ${PORT} -expect { - default { - send_user "ERROR: Unable to connect to ${HOST} ${PORT}\n" - exit 1 - } - "'^]'." { - log_user 1 - send "${COMMAND}\n" - expect { - -re "(?:DELETED|END|ERROR|NOT_FOUND|STORED|VERSION \[0-9\]+\.\[0-9\]+\.\[0-9\]+)" { - send "quit\n" - } - } - expect eof - } -} diff --git a/community_images/memcached/bitnami/overrides.yml b/community_images/memcached/bitnami/overrides.yml deleted file mode 100644 index f201e68505..0000000000 --- a/community_images/memcached/bitnami/overrides.yml +++ /dev/null @@ -1,18 +0,0 @@ -image: - pullSecrets: ["rf-regcred"] - pullPolicy: Always -containerSecurityContext: - enabled: true - runAsUser: 1001 - allowPrivilegeEscalation: true - capabilities: - add: ["SYS_PTRACE"] -extraEnvVars: - - name: "RF_VERBOSE" - value: "0" -livenessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 -readinessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 diff --git a/community_images/memcached/ironbank/README.md b/community_images/memcached/ironbank/README.md deleted file mode 100755 index f2ef378afd..0000000000 --- a/community_images/memcached/ironbank/README.md +++ /dev/null @@ -1,139 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for Memcached IronBank - -RapidFort’s container optimization process hardened this Memcached IronBank container. This container is free to use and has no license limitations. - -It is the same as the [Platform One Memcached IronBank][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is Memcached IronBank? - -> Memcached is an high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. - - -[Overview of Memcached IronBank](http://memcached.org/) - -Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - - -## How do I use this hardened Memcached IronBank image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -# Docker -$ docker run --name memcached rapidfort/memcached-ib:latest - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [Platform One Memcached IronBank][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [Platform One Memcached IronBank][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/memcached-ib][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=memcached-ib&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fmemcached%2Fmemcached?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=memcached-ib&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fmemcached%2Fmemcached?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=memcached-ib&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fmemcached%2Fmemcached?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=memcached-ib&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fmemcached%2Fmemcached?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=memcached-ib&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fmemcached%2Fmemcached?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=memcached-ib&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/memcached-ib?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/memcached-ib?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/memcached/ironbank/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/memcached/ironbank/assets/cve_reduction.webp - -[source-image-repo-link]: https://registry1.dso.mil/harbor/projects/3/repositories/opensource%2Fmemcached%2Fmemcached -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/memcached-ib diff --git a/community_images/memcached/ironbank/assets/cve_reduction.webp b/community_images/memcached/ironbank/assets/cve_reduction.webp deleted file mode 100644 index ee2f564e1c..0000000000 Binary files a/community_images/memcached/ironbank/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/memcached/ironbank/assets/metrics.webp b/community_images/memcached/ironbank/assets/metrics.webp deleted file mode 100644 index 20533d004a..0000000000 Binary files a/community_images/memcached/ironbank/assets/metrics.webp and /dev/null differ diff --git a/community_images/memcached/ironbank/dc_coverage.sh b/community_images/memcached/ironbank/dc_coverage.sh deleted file mode 100755 index 3456e85b27..0000000000 --- a/community_images/memcached/ironbank/dc_coverage.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/bash - -set -x -set -e - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") -echo "Json params for docker compose coverage = $JSON" - -SCRIPTPATH=$(jq -r '.image_script_dir' < "$JSON_PARAMS") - -# PROJECT_NAME=$(jq -r '.project_name' < "$JSON_PARAMS") -"${SCRIPTPATH}"/mc_cli.sh 127.0.0.1 11211 "set test_key 0 60 10"$'\n'"0123456789" -"${SCRIPTPATH}"/mc_cli.sh 127.0.0.1 11211 "get test_key" -"${SCRIPTPATH}"/mc_cli.sh 127.0.0.1 11211 "replace test_key 0 100 11"$'\n'"Hello World" -"${SCRIPTPATH}"/mc_cli.sh 127.0.0.1 11211 "get test_key" -"${SCRIPTPATH}"/mc_cli.sh 127.0.0.1 11211 "delete test_key" -"${SCRIPTPATH}"/mc_cli.sh 127.0.0.1 11211 "stats" -"${SCRIPTPATH}"/mc_cli.sh 127.0.0.1 11211 "stats items" diff --git a/community_images/memcached/ironbank/docker-compose.yml b/community_images/memcached/ironbank/docker-compose.yml deleted file mode 100755 index 4af9f86aa1..0000000000 --- a/community_images/memcached/ironbank/docker-compose.yml +++ /dev/null @@ -1,9 +0,0 @@ -version: '2' - -services: - memcached: - image: ${MEMCACHED_IMAGE_REPOSITORY}:${MEMCACHED_IMAGE_TAG} - cap_add: - - SYS_PTRACE - ports: - - '11211:11211' diff --git a/community_images/memcached/ironbank/image.yml b/community_images/memcached/ironbank/image.yml deleted file mode 100755 index 7004595fce..0000000000 --- a/community_images/memcached/ironbank/image.yml +++ /dev/null @@ -1,33 +0,0 @@ -name: memcached-ib -official_name: Memcached IronBank -official_website: http://memcached.org/ -source_image_provider: Platform One -source_image_repo: registry1.dso.mil/ironbank/opensource/memcached/memcached -source_image_repo_link: https://registry1.dso.mil/harbor/projects/3/repositories/opensource%2Fmemcached%2Fmemcached -source_image_readme: https://repo1.dso.mil/dsop/opensource/memcached/memcached/-/blob/development/README.md -rf_docker_link: rapidfort/memcached-ib -image_workflow_name: memcached_ironbank -github_location: memcached/ironbank -report_url: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fmemcached%2Fmemcached -usage_instructions: | - # Docker - $ docker run --name memcached rapidfort/memcached-ib:latest -what_is_text: | - Memcached is an high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. -disclaimer: | - Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. -input_registry: - registry: registry1.dso.mil - account: ironbank -repo_sets: - - opensource/memcached/memcached: - input_base_tag: "1.6." - output_repo: memcached-ib -runtimes: - - type: docker_compose - script: dc_coverage.sh - compose_file: docker-compose.yml - image_keys: - memcached-ib: - repository: "MEMCACHED_IMAGE_REPOSITORY" - tag: "MEMCACHED_IMAGE_TAG" diff --git a/community_images/memcached/ironbank/mc_cli.sh b/community_images/memcached/ironbank/mc_cli.sh deleted file mode 100755 index 7345b0314b..0000000000 --- a/community_images/memcached/ironbank/mc_cli.sh +++ /dev/null @@ -1,58 +0,0 @@ -#!/usr/bin/env expect -# shellcheck disable=SC1071 - -set env(HOME) /usr/local/bin -set env(SHELL) /bin/bash -set env(TERM) xterm -set timeout 3 - -# Destination IP address -set HOST [lindex ${argv} 0] - -# Destination Port -set PORT [lindex ${argv} 1] - -# Memcached commands -set COMMAND [lindex ${argv} 2] - -# Usage instructions if no arguments supplied. -if { ${argc} < 1 } { - send_user "Usage: ${argv0} \[command\]\n" - send_user "e.g. ${argv0} 127.0.0.1 11211 \"stats settings\"\n" - send_user " ${argv0} 127.0.0.1 11211 \"set key_name 0 60 10\"$'\\n'\"0123456789\"\n" - send_user " ${argv0} 127.0.0.1 11211 \"get key_name\"\n\n" - exit 1 -} - -if { - [info exists PORT] - && "${PORT}" == "" -} { - set PORT "11211" -} - -if { - [info exists COMMAND] - && "${COMMAND}" == "" -} { - set COMMAND "stats" -} - -log_user 0 -spawn telnet ${HOST} ${PORT} -expect { - default { - send_user "ERROR: Unable to connect to ${HOST} ${PORT}\n" - exit 1 - } - "'^]'." { - log_user 1 - send "${COMMAND}\n" - expect { - -re "(?:DELETED|END|ERROR|NOT_FOUND|STORED|VERSION \[0-9\]+\.\[0-9\]+\.\[0-9\]+)" { - send "quit\n" - } - } - expect eof - } -} diff --git a/community_images/memcached/official/README.md b/community_images/memcached/official/README.md deleted file mode 100644 index 60bc6f2da9..0000000000 --- a/community_images/memcached/official/README.md +++ /dev/null @@ -1,141 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for Memcached Official - -RapidFort’s container optimization process hardened this Memcached Official container. This container is free to use and has no license limitations. - -It is the same as the [The Docker Community Memcached Official][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is Memcached Official? - -> Memcached is an high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. - - -[Overview of Memcached Official](http://memcached.org/) - -Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - - -## How do I use this hardened Memcached Official image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -# Docker -$ docker run --name memcached rapidfort/memcached:latest - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [The Docker Community Memcached Official][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [The Docker Community Memcached Official][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/memcached-official][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links -* [`1.6.17`, `1.6`, `1`, `latest`, `1.6.17-bullseye`, `1.6-bullseye`, `1-bullseye`, `bullseye` (Dockerfile)](https://github.com/docker-library/memcached/blob/1c39f318e3a5c1b06e4c9b0d4b870c9223b26428/debian/Dockerfile) -* [`1.6.17-alpine`, `1.6-alpine`, `1-alpine`, `alpine`, `1.6.17-alpine3.16`, `1.6-alpine3.16`, `1-alpine3.16`, `alpine3.16` (Dockerfile)](https://github.com/docker-library/memcached/blob/1c39f318e3a5c1b06e4c9b0d4b870c9223b26428/alpine/Dockerfile) - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=memcached-official&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fmemcached?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=memcached-official&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fmemcached?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=memcached-official&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fmemcached?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=memcached-official&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fmemcached?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=memcached-official&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fmemcached?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=memcached-official&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/memcached-official?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/memcached-official?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/memcached/official/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/memcached/official/assets/cve_reduction.webp - -[source-image-repo-link]: https://hub.docker.com/_/memcached -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/memcached-official diff --git a/community_images/memcached/official/assets/cve_reduction.webp b/community_images/memcached/official/assets/cve_reduction.webp deleted file mode 100644 index 549137f427..0000000000 Binary files a/community_images/memcached/official/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/memcached/official/assets/metrics.webp b/community_images/memcached/official/assets/metrics.webp deleted file mode 100644 index f77af24d1c..0000000000 Binary files a/community_images/memcached/official/assets/metrics.webp and /dev/null differ diff --git a/community_images/memcached/official/dc_coverage.sh b/community_images/memcached/official/dc_coverage.sh deleted file mode 100755 index 3456e85b27..0000000000 --- a/community_images/memcached/official/dc_coverage.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/bash - -set -x -set -e - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") -echo "Json params for docker compose coverage = $JSON" - -SCRIPTPATH=$(jq -r '.image_script_dir' < "$JSON_PARAMS") - -# PROJECT_NAME=$(jq -r '.project_name' < "$JSON_PARAMS") -"${SCRIPTPATH}"/mc_cli.sh 127.0.0.1 11211 "set test_key 0 60 10"$'\n'"0123456789" -"${SCRIPTPATH}"/mc_cli.sh 127.0.0.1 11211 "get test_key" -"${SCRIPTPATH}"/mc_cli.sh 127.0.0.1 11211 "replace test_key 0 100 11"$'\n'"Hello World" -"${SCRIPTPATH}"/mc_cli.sh 127.0.0.1 11211 "get test_key" -"${SCRIPTPATH}"/mc_cli.sh 127.0.0.1 11211 "delete test_key" -"${SCRIPTPATH}"/mc_cli.sh 127.0.0.1 11211 "stats" -"${SCRIPTPATH}"/mc_cli.sh 127.0.0.1 11211 "stats items" diff --git a/community_images/memcached/official/docker-compose.yml b/community_images/memcached/official/docker-compose.yml deleted file mode 100644 index 4af9f86aa1..0000000000 --- a/community_images/memcached/official/docker-compose.yml +++ /dev/null @@ -1,9 +0,0 @@ -version: '2' - -services: - memcached: - image: ${MEMCACHED_IMAGE_REPOSITORY}:${MEMCACHED_IMAGE_TAG} - cap_add: - - SYS_PTRACE - ports: - - '11211:11211' diff --git a/community_images/memcached/official/image.yml b/community_images/memcached/official/image.yml deleted file mode 100644 index 0083e9293a..0000000000 --- a/community_images/memcached/official/image.yml +++ /dev/null @@ -1,39 +0,0 @@ -name: memcached-official -official_name: Memcached Official -official_website: http://memcached.org/ -source_image_provider: The Docker Community -source_image_repo: docker.io/library/memcached -source_image_repo_link: https://hub.docker.com/_/memcached -source_image_readme: https://github.com/docker-library/memcached#readme -rf_docker_link: rapidfort/memcached-official -image_workflow_name: memcached_official -github_location: memcached/official -report_url: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fmemcached -usage_instructions: | - # Docker - $ docker run --name memcached rapidfort/memcached:latest -what_is_text: | - Memcached is an high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. -disclaimer: | - Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. -docker_links: - - "[`1.6.17`, `1.6`, `1`, `latest`, `1.6.17-bullseye`, `1.6-bullseye`, `1-bullseye`, `bullseye` (Dockerfile)](https://github.com/docker-library/memcached/blob/1c39f318e3a5c1b06e4c9b0d4b870c9223b26428/debian/Dockerfile)" - - "[`1.6.17-alpine`, `1.6-alpine`, `1-alpine`, `alpine`, `1.6.17-alpine3.16`, `1.6-alpine3.16`, `1-alpine3.16`, `alpine3.16` (Dockerfile)](https://github.com/docker-library/memcached/blob/1c39f318e3a5c1b06e4c9b0d4b870c9223b26428/alpine/Dockerfile)" -input_registry: - registry: docker.io - account: library -repo_sets: - - memcached: - input_base_tag: "1.6*bullseye" - output_repo: memcached-official - - memcached: - input_base_tag: "1.6*alpine" - output_repo: memcached-official -runtimes: - - type: docker_compose - script: dc_coverage.sh - compose_file: docker-compose.yml - image_keys: - memcached-official: - repository: "MEMCACHED_IMAGE_REPOSITORY" - tag: "MEMCACHED_IMAGE_TAG" diff --git a/community_images/memcached/official/mc_cli.sh b/community_images/memcached/official/mc_cli.sh deleted file mode 100755 index 87d6728db7..0000000000 --- a/community_images/memcached/official/mc_cli.sh +++ /dev/null @@ -1,57 +0,0 @@ -#!/usr/bin/env expect - -set env(HOME) /usr/local/bin -set env(SHELL) /bin/bash -set env(TERM) xterm -set timeout 3 - -# Destination IP address -set HOST [lindex ${argv} 0] - -# Destination Port -set PORT [lindex ${argv} 1] - -# Memcached commands -set COMMAND [lindex ${argv} 2] - -# Usage instructions if no arguments supplied. -if { ${argc} < 1 } { - send_user "Usage: ${argv0} \[command\]\n" - send_user "e.g. ${argv0} 127.0.0.1 11211 \"stats settings\"\n" - send_user " ${argv0} 127.0.0.1 11211 \"set key_name 0 60 10\"$'\\n'\"0123456789\"\n" - send_user " ${argv0} 127.0.0.1 11211 \"get key_name\"\n\n" - exit 1 -} - -if { - [info exists PORT] - && "${PORT}" == "" -} { - set PORT "11211" -} - -if { - [info exists COMMAND] - && "${COMMAND}" == "" -} { - set COMMAND "stats" -} - -log_user 0 -spawn telnet ${HOST} ${PORT} -expect { - default { - send_user "ERROR: Unable to connect to ${HOST} ${PORT}\n" - exit 1 - } - "'^]'." { - log_user 1 - send "${COMMAND}\n" - expect { - -re "(?:DELETED|END|ERROR|NOT_FOUND|STORED|VERSION \[0-9\]+\.\[0-9\]+\.\[0-9\]+)" { - send "quit\n" - } - } - expect eof - } -} diff --git a/community_images/microsoft-sql-server-2019/ironbank/README.md b/community_images/microsoft-sql-server-2019/ironbank/README.md deleted file mode 100755 index b108cefc7d..0000000000 --- a/community_images/microsoft-sql-server-2019/ironbank/README.md +++ /dev/null @@ -1,140 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for Microsoft SQL Server 2019 - -RapidFort’s container optimization process hardened this Microsoft SQL Server 2019 container. This container is free to use and has no license limitations. - -It is the same as the [Platform One Microsoft SQL Server 2019][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is Microsoft SQL Server 2019? - -> Microsoft SQL Server is a relational database management system developed by Microsoft. As a database server, it is a software product with the primary function of storing and retrieving data as requested by other software applications—which may run either on the same computer or on another computer across a network. - - -[Overview of Microsoft SQL Server 2019](https://www.microsoft.com/en-in/sql-server) - -Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - - -## How do I use this hardened Microsoft SQL Server 2019 image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -# Using docker run: -$ docker run -d -e "ACCEPT_EULA=Y" -e "MSSQL_SA_PASSWORD=yourStrong(!)Password" --name my-mssql-server -p 1433:1433 rapidfort/microsoft-sql-server-2019-ib:latest - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [Platform One Microsoft SQL Server 2019][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [Platform One Microsoft SQL Server 2019][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/microsoft-sql-server-2019-ib][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links -* [`latest` (Dockerfile)](https://repo1.dso.mil/dsop/microsoft/microsoft/microsoft-sql-server-2019-rhel8/-/blob/development/Dockerfile) - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=microsoft-sql-server-2019-ib&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fmicrosoft%2Fmicrosoft%2Fmicrosoft-sql-server-2019-rhel8?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=microsoft-sql-server-2019-ib&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fmicrosoft%2Fmicrosoft%2Fmicrosoft-sql-server-2019-rhel8?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=microsoft-sql-server-2019-ib&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fmicrosoft%2Fmicrosoft%2Fmicrosoft-sql-server-2019-rhel8?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=microsoft-sql-server-2019-ib&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fmicrosoft%2Fmicrosoft%2Fmicrosoft-sql-server-2019-rhel8?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=microsoft-sql-server-2019-ib&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fmicrosoft%2Fmicrosoft%2Fmicrosoft-sql-server-2019-rhel8?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=microsoft-sql-server-2019-ib&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/microsoft-sql-server-2019-ib?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/microsoft-sql-server-2019-ib?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/microsoft-sql-server-2019/ironbank/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/microsoft-sql-server-2019/ironbank/assets/cve_reduction.webp - -[source-image-repo-link]: https://registry1.dso.mil/harbor/projects/3/repositories/microsoft%2Fmicrosoft%2Fmicrosoft-sql-server-2019-rhel8 -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/microsoft-sql-server-2019-ib diff --git a/community_images/microsoft-sql-server-2019/ironbank/assets/cve_reduction.webp b/community_images/microsoft-sql-server-2019/ironbank/assets/cve_reduction.webp deleted file mode 100644 index 45eb3c961d..0000000000 Binary files a/community_images/microsoft-sql-server-2019/ironbank/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/microsoft-sql-server-2019/ironbank/assets/metrics.webp b/community_images/microsoft-sql-server-2019/ironbank/assets/metrics.webp deleted file mode 100644 index 565397d7f2..0000000000 Binary files a/community_images/microsoft-sql-server-2019/ironbank/assets/metrics.webp and /dev/null differ diff --git a/community_images/microsoft-sql-server-2019/ironbank/dc_coverage.sh b/community_images/microsoft-sql-server-2019/ironbank/dc_coverage.sh deleted file mode 100755 index 9b656681b4..0000000000 --- a/community_images/microsoft-sql-server-2019/ironbank/dc_coverage.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -set -x -set -e - -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -# shellcheck disable=SC1091 -. "${SCRIPTPATH}"/../../common/scripts/bash_helper.sh - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" - -PROJECT_NAME=$(jq -r '.project_name' < "$JSON_PARAMS") - -CONTAINER_NAME="${PROJECT_NAME}"-microsoft-sql-server-1 - -# Running tests -docker cp "${SCRIPTPATH}"/tests/azure_ib.ms_sql "${CONTAINER_NAME}":/tmp/test1.ms_sql -docker exec -i "${CONTAINER_NAME}" /opt/mssql-tools/bin/sqlcmd -S localhost -U SA -P 'DevPass123!' -i "./tmp/test1.ms_sql" - -# Running backup functionality test -docker cp "${SCRIPTPATH}"/tests/azure_ib_bak.ms_sql "${CONTAINER_NAME}":/tmp/test2.ms_sql -docker exec -i "${CONTAINER_NAME}" /opt/mssql-tools/bin/sqlcmd -S localhost -U SA -P 'DevPass123!' -i "./tmp/test2.ms_sql" \ No newline at end of file diff --git a/community_images/microsoft-sql-server-2019/ironbank/docker-compose.yml b/community_images/microsoft-sql-server-2019/ironbank/docker-compose.yml deleted file mode 100755 index 3667a4eb9b..0000000000 --- a/community_images/microsoft-sql-server-2019/ironbank/docker-compose.yml +++ /dev/null @@ -1,13 +0,0 @@ -version: '2' - -services: - microsoft-sql-server: - image: ${SQL_SERVER_REPOSITORY}:${SQL_SERVER_TAG} - environment: - - "ACCEPT_EULA=Y" - - "MSSQL_SA_PASSWORD=DevPass123!" - - "MSSQL_PID=Developer" - cap_add: - - SYS_PTRACE - ports: - - "1433:1433" \ No newline at end of file diff --git a/community_images/microsoft-sql-server-2019/ironbank/image.yml b/community_images/microsoft-sql-server-2019/ironbank/image.yml deleted file mode 100755 index 1a62e55bd7..0000000000 --- a/community_images/microsoft-sql-server-2019/ironbank/image.yml +++ /dev/null @@ -1,39 +0,0 @@ -name: microsoft-sql-server-2019-ib -official_name: Microsoft SQL Server 2019 -official_website: https://www.microsoft.com/en-in/sql-server -source_image_provider: Platform One -source_image_repo: registry1.dso.mil/ironbank/microsoft/microsoft/microsoft-sql-server-2019-rhel8 -source_image_repo_link: https://registry1.dso.mil/harbor/projects/3/repositories/microsoft%2Fmicrosoft%2Fmicrosoft-sql-server-2019-rhel8 -source_image_readme: https://repo1.dso.mil/dsop/microsoft/microsoft/microsoft-sql-server-2019-rhel8/-/blob/development/README.md -rf_docker_link: rapidfort/microsoft-sql-server-2019-ib -image_workflow_name: microsoft-sql-server-2019_ironbank -github_location: microsoft-sql-server-2019/ironbank -report_url: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fmicrosoft%2Fmicrosoft%2Fmicrosoft-sql-server-2019-rhel8 -usage_instructions: | - # Using docker run: - $ docker run -d -e "ACCEPT_EULA=Y" -e "MSSQL_SA_PASSWORD=yourStrong(!)Password" --name my-mssql-server -p 1433:1433 rapidfort/microsoft-sql-server-2019-ib:latest -what_is_text: | - Microsoft SQL Server is a relational database management system developed by Microsoft. As a database server, it is a software product with the primary function of storing and retrieving data as requested by other software applications—which may run either on the same computer or on another computer across a network. -disclaimer: | - Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. -docker_links: - - "[`latest` (Dockerfile)](https://repo1.dso.mil/dsop/microsoft/microsoft/microsoft-sql-server-2019-rhel8/-/blob/development/Dockerfile)" -input_registry: - registry: registry1.dso.mil - account: ironbank -repo_sets: - - microsoft/microsoft/microsoft-sql-server-2019-rhel8: - input_base_tag: "2019-CU*-rhel-8" - output_repo: microsoft-sql-server-2019-ib -runtimes: - - type: docker_compose - script: dc_coverage.sh - compose_file: docker-compose.yml - wait_time_sec: 120 - tls_certs: - generate: true - out_dir: certs - image_keys: - microsoft-sql-server-2019-ib: - repository: "SQL_SERVER_REPOSITORY" - tag: "SQL_SERVER_TAG" diff --git a/community_images/microsoft-sql-server-2019/ironbank/tests/azure_ib.ms_sql b/community_images/microsoft-sql-server-2019/ironbank/tests/azure_ib.ms_sql deleted file mode 100644 index acc1ca8fe8..0000000000 --- a/community_images/microsoft-sql-server-2019/ironbank/tests/azure_ib.ms_sql +++ /dev/null @@ -1,271 +0,0 @@ -select @@VERSION -GO - -CREATE DATABASE TestDB; -SELECT Name from sys.databases; -GO - -USE TestDB; -GO - --- Create -CREATE TABLE employees ( - name VARCHAR(50), - id INT PRIMARY KEY, - email VARCHAR(50), - phone_number VARCHAR(20), - hire_date DATE, - salary INT -); - -CREATE TABLE employees_updates ( - name VARCHAR(50), - id INT PRIMARY KEY, - email VARCHAR(50), - phone_number VARCHAR(20), - hire_date DATE, - salary INT -); - -CREATE TABLE departments ( - id INT PRIMARY KEY, - name VARCHAR(50), - location VARCHAR(50) -); - -CREATE TABLE employee_department ( - employee_id INT, - department_id INT, - PRIMARY KEY (employee_id, department_id), - FOREIGN KEY (employee_id) REFERENCES employees(id), - FOREIGN KEY (department_id) REFERENCES departments(id) -); -GO - --- Insert -INSERT INTO employees (name, id, email, phone_number, hire_date, salary) -VALUES ('John Doe', 1, 'john.doe@gmail.com', '555-1234', '2020-01-01', 50000), - ('Jane Smith', 2, 'jane.smith@gmail.com', '555-5678', '2020-02-01', 60000), - ('Bob Johnson', 3, 'bob.johnson@gmail.com', '555-9012', '2020-03-01', 70000); - -INSERT INTO employees_updates (name, id, email, phone_number, hire_date, salary) -VALUES('Linda', 7, 'Linda.summer@gmail.com', '555-9753', '2021-02-01', 60000); - --- Select -SELECT * FROM employees; - --- Update -UPDATE employees SET salary = 55000 WHERE name = 'John Doe'; - --- Delete -DELETE FROM employees WHERE name = 'Bob Johnson'; - --- Merge -MERGE employees AS target -USING employees_updates AS source -ON (target.id = source.id) -WHEN MATCHED THEN - UPDATE SET target.name = source.name, - target.salary = source.salary, - target.email = source.email -WHEN NOT MATCHED BY TARGET THEN - INSERT (id, name, salary, email) - VALUES (source.id, source.name, source.salary, source.email); - --- Select -SELECT name, email, salary INTO new_employees FROM employees; -SELECT TOP 2 * FROM employees ORDER BY salary DESC; - --- Bulk insert --- BULK INSERT employees FROM 'C:\data\employees.csv' WITH (FORMAT = 'CSV'); - --- Group by -SELECT hire_date, COUNT(*) AS num_employees FROM employees GROUP BY hire_date; - --- Join -SELECT e.name AS employee_name, d.name AS department_name -FROM employees e -INNER JOIN employee_department ed ON e.id = ed.employee_id -INNER JOIN departments d ON ed.department_id = d.id - --- Truncate -TRUNCATE TABLE employees; -GO - --- Alter -ALTER TABLE employees ADD address VARCHAR(100); - --- Drop -ALTER TABLE employees DROP COLUMN address; - --- Create index -CREATE INDEX idx_email ON employees (email); - --- Alter index -ALTER INDEX idx_email ON employees REBUILD; - --- Drop index -DROP INDEX idx_email ON employees; -GO - --- Create view (should be first query in batch) -CREATE VIEW high_paid_employees AS -SELECT name, salary FROM employees WHERE salary > 50000; -GO - --- Alter view (should be first query in batch) -ALTER VIEW high_paid_employees AS -SELECT name, email, salary FROM employees WHERE salary > 50000; - --- Drop view -DROP VIEW high_paid_employees; -GO - --- Create procedure -CREATE PROCEDURE get_employee_info (@id INT) -AS -SELECT name, salary FROM employees WHERE id = @id; -GO - --- Alter procedure (must be in a single query batch) -ALTER PROCEDURE get_employee_info (@id INT) -AS -SELECT name, email, salary FROM employees WHERE id = @id; -GO - --- Drop procedure -DROP PROCEDURE get_employee_info; - --- Create function -CREATE FUNCTION get_employee_age (@hire_date DATE) -RETURNS INT -AS -BEGIN - DECLARE @age INT - SET @age = DATEDIFF(YEAR, @hire_date, GETDATE()) - RETURN @age -END; -GO - -SET STATISTICS TIME ON --- Alter function (must be in a single query batch) -ALTER FUNCTION get_employee_age (@hire_date DATE, @phone_number VARCHAR(20)) -RETURNS INT -AS -BEGIN - DECLARE @age INT - SET @age = DATEDIFF(YEAR, @hire_date, GETDATE()) - RETURN @age -END; -GO - --- Drop function -DROP FUNCTION get_employee_age; - --- Create trigger -CREATE TRIGGER update_hire_date -ON employees -AFTER UPDATE -AS -BEGIN - IF UPDATE(name) - BEGIN - UPDATE employees SET hire_date = GETDATE() WHERE id IN (SELECT id FROM inserted) - END -END; -GO - --- Alter trigger (must be in a single query batch) -ALTER TRIGGER update_hire_date -ON employees -AFTER UPDATE -AS -BEGIN - IF UPDATE(name) OR UPDATE(email) - BEGIN - UPDATE employees SET hire_date = GETDATE() WHERE id IN (SELECT id FROM inserted) - END -END; -GO - --- Grant permissions -CREATE LOGIN new_user WITH PASSWORD = 'Rapidfort123!'; -CREATE USER new_user FOR LOGIN new_user; -GRANT SELECT ON employees TO new_user; - --- Revoke permission -REVOKE SELECT ON employees FROM new_user; - --- Deny permission -DENY INSERT ON employees TO new_user; -DROP USER new_user -GO - --- Start transaction -BEGIN TRANSACTION; - -INSERT INTO employees (name, id, email, phone_number, hire_date, salary) -VALUES ('John Snow', 1001, 'john.show@gmail.com', '555-1234', '2022-01-01', 50000); - --- Save transaction -SAVE TRANSACTION Savepoint1; - -UPDATE employees SET phone_number = '555-5678' WHERE id = 1001; - --- Commit transaction -COMMIT TRANSACTION; - --- Start transaction -BEGIN TRANSACTION; - -INSERT INTO employees (name, id, email, phone_number, hire_date, salary) -VALUES ('Jane Smith', 1002, 'jane.smith@gmail.com', '555-9876', '2022-02-01', 60000); - --- Rollback transaction -ROLLBACK TRANSACTION Savepoint1; -GO - --- Some DQL queries -SELECT name, salary -FROM employees -WHERE salary > 50000 -ORDER BY salary DESC; - -SELECT TOP 5 name, salary -FROM employees -ORDER BY salary DESC; - -SELECT hire_date, AVG(salary) as avg_salary -FROM employees -GROUP BY hire_date -HAVING AVG(salary) > 40000; - -SELECT hire_date, COUNT(*) as num_employees -FROM employees -GROUP BY hire_date -ORDER BY hire_date ASC; - -SELECT DISTINCT hire_date -FROM employees -WHERE hire_date IS NOT NULL; -GO - --- Some System functions -SELECT name, hire_date, YEAR(hire_date) AS hire_year -FROM employees; - -UPDATE employees -SET salary = 75000 -WHERE YEAR(hire_date) = 2022; - -DELETE FROM employees -WHERE salary > 100000; - -SELECT TOP 2 name, salary -FROM employees -ORDER BY salary DESC; - -SELECT 'Hello, ' + USER_NAME() + '! Today is ' + CONVERT(VARCHAR(20), CURRENT_TIMESTAMP, 101); -SELECT OBJECT_ID('employees'); -SELECT CURRENT_TIMESTAMP, DATEPART(YEAR, CURRENT_TIMESTAMP), DATEPART(MONTH, CURRENT_TIMESTAMP); -GO diff --git a/community_images/microsoft-sql-server-2019/ironbank/tests/azure_ib_bak.ms_sql b/community_images/microsoft-sql-server-2019/ironbank/tests/azure_ib_bak.ms_sql deleted file mode 100644 index 8711058424..0000000000 --- a/community_images/microsoft-sql-server-2019/ironbank/tests/azure_ib_bak.ms_sql +++ /dev/null @@ -1,22 +0,0 @@ --- Backup database, delete then restore -USE master; -GO -BACKUP DATABASE TestDB -TO DISK = N'/var/opt/mssql/data/TestDB.bak' -WITH NOFORMAT, NOINIT, -NAME = N'TestDB-Full Database Backup', SKIP, NOREWIND, NOUNLOAD, STATS = 10; -GO - -USE master; -GO -RESTORE DATABASE TestDB -FROM DISK = N'/var/opt/mssql/data/TestDB.bak' WITH FILE = 1, NOUNLOAD, STATS = 5; -GO - -EXEC msdb.dbo.sp_delete_database_backuphistory @database_name = N'TestDB' -GO - -USE master; -GO -DROP DATABASE TestDB; -GO \ No newline at end of file diff --git a/community_images/mongodb/bitnami/.rfignore b/community_images/mongodb/bitnami/.rfignore deleted file mode 100644 index f12caf96d1..0000000000 --- a/community_images/mongodb/bitnami/.rfignore +++ /dev/null @@ -1,4 +0,0 @@ -opt/bitnami/common/licenses -opt/bitnami/licenses -opt/bitnami/mongodb/licenses -usr/share/common-licenses diff --git a/community_images/mongodb/bitnami/README.md b/community_images/mongodb/bitnami/README.md deleted file mode 100644 index c91cc16833..0000000000 --- a/community_images/mongodb/bitnami/README.md +++ /dev/null @@ -1,144 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for MongoDB® - -RapidFort’s container optimization process hardened this MongoDB® container. This container is free to use and has no license limitations. - -It is the same as the [Bitnami MongoDB®][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is MongoDB®? - -> MongoDB® is a free and open-source cross-platform document-oriented database program. Classified as a NoSQL database program, MongoDB uses JSON-like documents with schemata. MongoDB is developed by MongoDB Inc., and is published under a combination of the Server Side Public License and the Apache License. - - -[Overview of MongoDB®](https://www.mongodb.com/) - -Disclaimer: The respective trademarks mentioned in the offering are owned by the respective companies. We do not provide a commercial license for any of these products. This listing has an open-source license. MongoDB(R) is run and maintained by MongoDB, which is a completely separate project from RapidFort. - - -## How do I use this hardened MongoDB® image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -$ helm repo add bitnami https://charts.bitnami.com/bitnami - -# install mongodb, just replace repository with RapidFort registry -$ helm install my-mongodb bitnami/mongodb --set image.repository=rapidfort/mongodb - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [Bitnami MongoDB®][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [Bitnami MongoDB®][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/mongodb][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links -* [`7.0`, `7.0-debian-11`, `7.0.4`, `7.0.4-debian-11-r` (7.0/debian-11/Dockerfile)](https://github.com/bitnami/containers/tree/main/bitnami/mongodb/7.0/debian-11/Dockerfile) -* [`6.0`, `6.0-debian-11`, `6.0.12`, `6.0.12-debian-11-r` (6.0/debian-11/Dockerfile)](https://github.com/bitnami/containers/tree/main/bitnami/mongodb/6.0/debian-11/Dockerfile) -* [`5.0`, `5.0-debian-11`, `5.0.23`, `5.0.23-debian-11-r` (5.0/debian-11/Dockerfile)](https://github.com/bitnami/containers/tree/main/bitnami/mongodb/5.0/debian-11/Dockerfile) - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=mongodb&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fmongodb?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=mongodb&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fmongodb?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=mongodb&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fmongodb?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=mongodb&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fmongodb?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=mongodb&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fmongodb?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=mongodb&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/mongodb?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/mongodb?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/mongodb/bitnami/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/mongodb/bitnami/assets/cve_reduction.webp - -[source-image-repo-link]: https://hub.docker.com/r/bitnami/mongodb -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/mongodb diff --git a/community_images/mongodb/bitnami/assets/cve_reduction.webp b/community_images/mongodb/bitnami/assets/cve_reduction.webp deleted file mode 100644 index 3e5fc5ba5a..0000000000 Binary files a/community_images/mongodb/bitnami/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/mongodb/bitnami/assets/metrics.webp b/community_images/mongodb/bitnami/assets/metrics.webp deleted file mode 100644 index 203b4db9fa..0000000000 Binary files a/community_images/mongodb/bitnami/assets/metrics.webp and /dev/null differ diff --git a/community_images/mongodb/bitnami/client.yml.base b/community_images/mongodb/bitnami/client.yml.base deleted file mode 100644 index ca7379e421..0000000000 --- a/community_images/mongodb/bitnami/client.yml.base +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - labels: - run: mongodb-release-client - name: mongodb-release-client -spec: - containers: - - command: - - /bin/bash - - -c - - sleep infinity - env: - - name: MONGODB_ROOT_PASSWORD - value: ${MONGODB_ROOT_PASSWORD} - name: mongodb-release-client - image: ${IMAGE_REPOSITORY}:${TAG} - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: ["SYS_PTRACE"] diff --git a/community_images/mongodb/bitnami/dc_coverage.sh b/community_images/mongodb/bitnami/dc_coverage.sh deleted file mode 100755 index f7d879da68..0000000000 --- a/community_images/mongodb/bitnami/dc_coverage.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -set -x -set -e - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" \ No newline at end of file diff --git a/community_images/mongodb/bitnami/docker-compose.yml b/community_images/mongodb/bitnami/docker-compose.yml deleted file mode 100644 index 054fc72e5e..0000000000 --- a/community_images/mongodb/bitnami/docker-compose.yml +++ /dev/null @@ -1,44 +0,0 @@ -version: '2' - -services: - mongodb-primary: - image: ${MONGODB_IMAGE_REPOSITORY}:${MONGODB_IMAGE_TAG} - environment: - - MONGODB_ADVERTISED_HOSTNAME=mongodb-primary - - MONGODB_REPLICA_SET_MODE=primary - - MONGODB_ROOT_PASSWORD=password123 - - MONGODB_REPLICA_SET_KEY=replicasetkey123 - volumes: - - 'mongodb_master_data:/bitnami/mongodb' - cap_add: - - SYS_PTRACE - - mongodb-secondary: - image: ${MONGODB_IMAGE_REPOSITORY}:${MONGODB_IMAGE_TAG} - depends_on: - - mongodb-primary - environment: - - MONGODB_ADVERTISED_HOSTNAME=mongodb-secondary - - MONGODB_REPLICA_SET_MODE=secondary - - MONGODB_INITIAL_PRIMARY_HOST=mongodb-primary - - MONGODB_INITIAL_PRIMARY_ROOT_PASSWORD=password123 - - MONGODB_REPLICA_SET_KEY=replicasetkey123 - cap_add: - - SYS_PTRACE - - mongodb-arbiter: - image: ${MONGODB_IMAGE_REPOSITORY}:${MONGODB_IMAGE_TAG} - depends_on: - - mongodb-primary - environment: - - MONGODB_ADVERTISED_HOSTNAME=mongodb-arbiter - - MONGODB_REPLICA_SET_MODE=arbiter - - MONGODB_INITIAL_PRIMARY_HOST=mongodb-primary - - MONGODB_INITIAL_PRIMARY_ROOT_PASSWORD=password123 - - MONGODB_REPLICA_SET_KEY=replicasetkey123 - cap_add: - - SYS_PTRACE - -volumes: - mongodb_master_data: - driver: local \ No newline at end of file diff --git a/community_images/mongodb/bitnami/docker-compose.yml.base b/community_images/mongodb/bitnami/docker-compose.yml.base deleted file mode 100644 index fa2109de2e..0000000000 --- a/community_images/mongodb/bitnami/docker-compose.yml.base +++ /dev/null @@ -1,44 +0,0 @@ -version: '2' - -services: - mongodb-primary: - image: @IMAGE - environment: - - MONGODB_ADVERTISED_HOSTNAME=mongodb-primary - - MONGODB_REPLICA_SET_MODE=primary - - MONGODB_ROOT_PASSWORD=password123 - - MONGODB_REPLICA_SET_KEY=replicasetkey123 - volumes: - - 'mongodb_master_data:/bitnami/mongodb' - cap_add: - - SYS_PTRACE - - mongodb-secondary: - image: @IMAGE - depends_on: - - mongodb-primary - environment: - - MONGODB_ADVERTISED_HOSTNAME=mongodb-secondary - - MONGODB_REPLICA_SET_MODE=secondary - - MONGODB_INITIAL_PRIMARY_HOST=mongodb-primary - - MONGODB_INITIAL_PRIMARY_ROOT_PASSWORD=password123 - - MONGODB_REPLICA_SET_KEY=replicasetkey123 - cap_add: - - SYS_PTRACE - - mongodb-arbiter: - image: @IMAGE - depends_on: - - mongodb-primary - environment: - - MONGODB_ADVERTISED_HOSTNAME=mongodb-arbiter - - MONGODB_REPLICA_SET_MODE=arbiter - - MONGODB_INITIAL_PRIMARY_HOST=mongodb-primary - - MONGODB_INITIAL_PRIMARY_ROOT_PASSWORD=password123 - - MONGODB_REPLICA_SET_KEY=replicasetkey123 - cap_add: - - SYS_PTRACE - -volumes: - mongodb_master_data: - driver: local \ No newline at end of file diff --git a/community_images/mongodb/bitnami/docker_coverage.sh b/community_images/mongodb/bitnami/docker_coverage.sh deleted file mode 100755 index 78f1290bd6..0000000000 --- a/community_images/mongodb/bitnami/docker_coverage.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/bash - -set -x -set -e - -# shellcheck disable=SC1091 -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -# shellcheck disable=SC1091 -. "${SCRIPTPATH}"/mongo_helpers.sh - -JSON_PARAMS="$1" -NAMESPACE=$(jq -r '.namespace_name' < "$JSON_PARAMS") -CONTAINER_NAME=$(jq -r '.image_tag_details.mongodb.container_name' < "$JSON_PARAMS") -MONGODB_ROOT_PASSWORD=password123 - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" - -# get docker host ip -MONGODB_HOST=$(docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Networks[\"${NAMESPACE}\"].IPAddress") - -# run tests -run_mongodb_test "$MONGODB_HOST" "$MONGODB_ROOT_PASSWORD" "${NAMESPACE}" \ No newline at end of file diff --git a/community_images/mongodb/bitnami/image.yml b/community_images/mongodb/bitnami/image.yml deleted file mode 100644 index cb94b243a3..0000000000 --- a/community_images/mongodb/bitnami/image.yml +++ /dev/null @@ -1,54 +0,0 @@ -name: mongodb -official_name: MongoDB® -official_website: https://www.mongodb.com/ -source_image_provider: Bitnami -source_image_repo: docker.io/bitnami/mongodb -source_image_repo_link: https://hub.docker.com/r/bitnami/mongodb -source_image_readme: https://github.com/bitnami/containers/blob/main/bitnami/mongodb/README.md -rf_docker_link: rapidfort/mongodb -image_workflow_name: mongodb_bitnami -github_location: mongodb/bitnami -report_url: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fmongodb -usage_instructions: | - $ helm repo add bitnami https://charts.bitnami.com/bitnami - - # install mongodb, just replace repository with RapidFort registry - $ helm install my-mongodb bitnami/mongodb --set image.repository=rapidfort/mongodb -what_is_text: | - MongoDB® is a free and open-source cross-platform document-oriented database program. Classified as a NoSQL database program, MongoDB uses JSON-like documents with schemata. MongoDB is developed by MongoDB Inc., and is published under a combination of the Server Side Public License and the Apache License. -disclaimer: | - Disclaimer: The respective trademarks mentioned in the offering are owned by the respective companies. We do not provide a commercial license for any of these products. This listing has an open-source license. MongoDB(R) is run and maintained by MongoDB, which is a completely separate project from RapidFort. -input_registry: - registry: docker.io - account: bitnami -repo_sets: - - mongodb: - input_base_tag: "7.0.2-debian-11-r" - - mongodb: - input_base_tag: "6.0.11-debian-11-r" - - mongodb: - input_base_tag: "5.0.21-debian-11-r" -runtimes: - - type: k8s - script: k8s_coverage.sh - helm: - repo: bitnami - repo_url: https://charts.bitnami.com/bitnami - chart: mongodb - image_keys: - mongodb: - repository: "image.repository" - tag: "image.tag" - override_file: "overrides.yml" - - type: docker_compose - script: dc_coverage.sh - compose_file: docker-compose.yml - image_keys: - mongodb: - repository: "MONGODB_IMAGE_REPOSITORY" - tag: "MONGODB_IMAGE_TAG" - - type: docker - script: docker_coverage.sh - mongodb: - environment: - MONGODB_ROOT_PASSWORD: password123 diff --git a/community_images/mongodb/bitnami/k8s_coverage.sh b/community_images/mongodb/bitnami/k8s_coverage.sh deleted file mode 100755 index 8cfb8050e4..0000000000 --- a/community_images/mongodb/bitnami/k8s_coverage.sh +++ /dev/null @@ -1,56 +0,0 @@ -#!/bin/bash - -set -x -set -e - -# shellcheck disable=SC1091 -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -# shellcheck disable=SC1091 -. "${SCRIPTPATH}"/mongo_helpers.sh - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for k8s coverage = $JSON" - -NAMESPACE=$(jq -r '.namespace_name' < "$JSON_PARAMS") -RELEASE_NAME=$(jq -r '.release_name' < "$JSON_PARAMS") -IMAGE_REPOSITORY=$(jq -r '.image_tag_details.mongodb.repo_path' < "$JSON_PARAMS") -TAG=$(jq -r '.image_tag_details.mongodb.tag' < "$JSON_PARAMS") - -# get pod name -POD_NAME=$(kubectl -n "${NAMESPACE}" get pods -l app.kubernetes.io/name=mongodb -o jsonpath="{.items[0].metadata.name}") -# copy mongodb_coverage.sh into container -kubectl -n "${NAMESPACE}" cp "${SCRIPTPATH}"/../../common/tests/mongodb_coverage.sh "${POD_NAME}":/tmp/mongodb_coverage.sh - -# run mongodb_coverage on cluster -kubectl -n "${NAMESPACE}" exec -i "${POD_NAME}" -- /bin/bash -c "/tmp/mongodb_coverage.sh" - -# get mongodb password -MONGODB_ROOT_PASSWORD=$(kubectl get secret --namespace "${NAMESPACE}" "${RELEASE_NAME}" -o jsonpath="{.data.mongodb-root-password}" | base64 --decode) -# create MongoDB client -MONGODB_ROOT_PASSWORD="${MONGODB_ROOT_PASSWORD}" \ - IMAGE_REPOSITORY="${IMAGE_REPOSITORY}" \ - TAG="${TAG}" envsubst < "${SCRIPTPATH}"/client.yml.base | kubectl -n "${NAMESPACE}" apply -f - - -# wait for mongodb client to be ready -kubectl wait pods mongodb-release-client -n "${NAMESPACE}" --for=condition=ready --timeout=10m - -# copy test.mongo into container -kubectl -n "${NAMESPACE}" cp "${SCRIPTPATH}"/../../common/tests/test.mongo mongodb-release-client:/tmp/test.mongo - -# run script -kubectl -n "${NAMESPACE}" exec -i mongodb-release-client \ - -- /bin/bash -c "mongosh admin --host ${RELEASE_NAME} \ - --authenticationDatabase admin -u root -p ${MONGODB_ROOT_PASSWORD} --file /tmp/test.mongo" - -# delete client container -kubectl -n "${NAMESPACE}" delete pod mongodb-release-client - -# run MongoDB tests -k8s_perf_runner "${NAMESPACE}" INSERT "${RELEASE_NAME}" "${MONGODB_ROOT_PASSWORD}" -k8s_perf_runner "${NAMESPACE}" UPDATE_MANY "${RELEASE_NAME}" "${MONGODB_ROOT_PASSWORD}" -k8s_perf_runner "${NAMESPACE}" ITERATE_MANY "${RELEASE_NAME}" "${MONGODB_ROOT_PASSWORD}" -k8s_perf_runner "${NAMESPACE}" DELETE_MANY "${RELEASE_NAME}" "${MONGODB_ROOT_PASSWORD}" diff --git a/community_images/mongodb/bitnami/mongo_helpers.sh b/community_images/mongodb/bitnami/mongo_helpers.sh deleted file mode 100644 index 2ae3684ae9..0000000000 --- a/community_images/mongodb/bitnami/mongo_helpers.sh +++ /dev/null @@ -1,45 +0,0 @@ -#!/bin/bash - -set -x -set -e - -k8s_perf_runner() -{ - NAMESPACE=$1 - OPERATION=$2 - HELM_RELEASE=$3 - MONGODB_ROOT_PASSWORD=$4 - - kubectl run -n "${NAMESPACE}" mongodb-perf \ - --rm -i --restart='Never' \ - --env="MONGODB_OPERATION=${OPERATION}" \ - --env="MONGODB_HOST=${HELM_RELEASE}" \ - --env="MONGODB_ROOT_PASSWORD=${MONGODB_ROOT_PASSWORD}" \ - --image rapidfort/mongodb-perfomance-test:latest -} - -run_mongodb_test_op() -{ - MONGODB_HOST=$1 - MONGODB_ROOT_PASSWORD=$2 - DOCKER_NETWORK=$3 - OPERATION=$4 - - docker run --rm -i --network="${DOCKER_NETWORK}" \ - -e "MONGODB_OPERATION=${OPERATION}" \ - -e "MONGODB_HOST=${MONGODB_HOST}" \ - -e "MONGODB_ROOT_PASSWORD=${MONGODB_ROOT_PASSWORD}" \ - rapidfort/mongodb-perfomance-test:latest -} - -run_mongodb_test() -{ - MONGODB_HOST=$1 - MONGODB_ROOT_PASSWORD=$2 - DOCKER_NETWORK=$3 - - run_mongodb_test_op "${MONGODB_HOST}" "${MONGODB_ROOT_PASSWORD}" "${DOCKER_NETWORK}" INSERT - run_mongodb_test_op "${MONGODB_HOST}" "${MONGODB_ROOT_PASSWORD}" "${DOCKER_NETWORK}" UPDATE_MANY - run_mongodb_test_op "${MONGODB_HOST}" "${MONGODB_ROOT_PASSWORD}" "${DOCKER_NETWORK}" ITERATE_MANY - run_mongodb_test_op "${MONGODB_HOST}" "${MONGODB_ROOT_PASSWORD}" "${DOCKER_NETWORK}" DELETE_MANY -} \ No newline at end of file diff --git a/community_images/mongodb/bitnami/overrides.yml b/community_images/mongodb/bitnami/overrides.yml deleted file mode 100644 index be3de698d5..0000000000 --- a/community_images/mongodb/bitnami/overrides.yml +++ /dev/null @@ -1,38 +0,0 @@ -image: - pullSecrets: ["rf-regcred"] - pullPolicy: Always -containerSecurityContext: - enabled: true - runAsUser: 1001 - allowPrivilegeEscalation: true - capabilities: - add: ["SYS_PTRACE"] -extraEnvVars: - - name: "RF_VERBOSE" - value: "0" -arbiter: - containerSecurityContext: - enabled: true - runAsUser: 1001 - allowPrivilegeEscalation: true - capabilities: - add: ["SYS_PTRACE"] - extraEnvVars: - - name: "RF_VERBOSE" - value: "0" -hidden: - containerSecurityContext: - enabled: true - runAsUser: 1001 - allowPrivilegeEscalation: true - capabilities: - add: ["SYS_PTRACE"] - extraEnvVars: - - name: "RF_VERBOSE" - value: "0" -livenessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 -readinessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 \ No newline at end of file diff --git a/community_images/mongodb/bitnami/perf_test/Dockerfile b/community_images/mongodb/bitnami/perf_test/Dockerfile deleted file mode 100644 index 384186980b..0000000000 --- a/community_images/mongodb/bitnami/perf_test/Dockerfile +++ /dev/null @@ -1,9 +0,0 @@ -FROM openjdk:11 - -RUN git clone https://github.com/idealo/mongodb-performance-test.git - -WORKDIR /mongodb-performance-test/latest-version - -ADD ./entrypoint.sh /entrypoint.sh - -CMD ["/entrypoint.sh"] \ No newline at end of file diff --git a/community_images/mongodb/bitnami/perf_test/build_docker.sh b/community_images/mongodb/bitnami/perf_test/build_docker.sh deleted file mode 100755 index 849b3690a6..0000000000 --- a/community_images/mongodb/bitnami/perf_test/build_docker.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash - -set -x -set -e - -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" -RAPIDFORT_ACCOUNT="${RAPIDFORT_ACCOUNT:-rapidfort}" - -TAG=$(git ls-remote https://github.com/idealo/mongodb-performance-test.git HEAD | awk '{ print $1}') - -IMAGE_TAG="$RAPIDFORT_ACCOUNT"/mongodb-perfomance-test:"${TAG}" - -docker build -t "${IMAGE_TAG}" "${SCRIPTPATH}" -docker push "${IMAGE_TAG}" -docker tag "${IMAGE_TAG}" "$RAPIDFORT_ACCOUNT"/mongodb-perfomance-test:latest -docker push "$RAPIDFORT_ACCOUNT"/mongodb-perfomance-test:latest diff --git a/community_images/mongodb/bitnami/perf_test/entrypoint.sh b/community_images/mongodb/bitnami/perf_test/entrypoint.sh deleted file mode 100755 index ef890ee7d3..0000000000 --- a/community_images/mongodb/bitnami/perf_test/entrypoint.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/bash - -set -x -set -e - -if [[ -z "$MONGODB_HOST" ]]; then - echo "Must provide MONGODB_HOST in environment" 1>&2 - exit 1 -fi - -if [[ -z "$MONGODB_ROOT_PASSWORD" ]]; then - echo "Must provide MONGODB_ROOT_PASSWORD in environment" 1>&2 - exit 1 -fi - -MONGODB_OPERATION="${MONGODB_OPERATION:-INSERT}" -MONGODB_PORT="${MONGODB_PORT:-27017}" -MONGODB_USER="${MONGODB_USER:-root}" -MONGODB_AUTHDB="${MONGODB_AUTHDB:-admin}" -DURATION="${DURATION:-30}" - -java -jar /mongodb-performance-test/latest-version/mongodb-performance-test.jar \ - -m "${MONGODB_OPERATION}" -o 1000000 -t 100 -db test -c perf -port "${MONGODB_PORT}" \ - -h "${MONGODB_HOST}" -u "${MONGODB_USER}" -p "${MONGODB_ROOT_PASSWORD}" -adb "${MONGODB_AUTHDB}" -d "${DURATION}" diff --git a/community_images/mongodb/ironbank/README.md b/community_images/mongodb/ironbank/README.md deleted file mode 100644 index 6084d27ef0..0000000000 --- a/community_images/mongodb/ironbank/README.md +++ /dev/null @@ -1,138 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for MongoDB® IronBank - -RapidFort’s container optimization process hardened this MongoDB® IronBank container. This container is free to use and has no license limitations. - -It is the same as the [Platform One MongoDB® IronBank][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is MongoDB® IronBank? - -> MongoDB® is a free and open-source cross-platform document-oriented database program. Classified as a NoSQL database program, MongoDB uses JSON-like documents with schemata. MongoDB is developed by MongoDB Inc., and is published under a combination of the Server Side Public License and the Apache License. - - -[Overview of MongoDB® IronBank](https://www.mongodb.com/) - -Disclaimer: The respective trademarks mentioned in the offering are owned by the respective companies. We do not provide a commercial license for any of these products. This listing has an open-source license. MongoDB(R) is run and maintained by MongoDB, which is a completely separate project from RapidFort. - - -## How do I use this hardened MongoDB® IronBank image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -$ docker run --name some-mongodb -d rapidfort/mongodb-ib:latest - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [Platform One MongoDB® IronBank][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [Platform One MongoDB® IronBank][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/mongodb-ib][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=mongodb-ib&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fmongodb%2Fmongodb?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=mongodb-ib&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fmongodb%2Fmongodb?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=mongodb-ib&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fmongodb%2Fmongodb?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=mongodb-ib&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fmongodb%2Fmongodb?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=mongodb-ib&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fmongodb%2Fmongodb?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=mongodb-ib&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/mongodb-ib?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/mongodb-ib?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/mongodb/ironbank/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/mongodb/ironbank/assets/cve_reduction.webp - -[source-image-repo-link]: https://registry1.dso.mil/harbor/projects/3/repositories/opensource%2Fmongodb%2Fmongodb -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/mongodb-ib diff --git a/community_images/mongodb/ironbank/assets/cve_reduction.webp b/community_images/mongodb/ironbank/assets/cve_reduction.webp deleted file mode 100644 index f148825754..0000000000 Binary files a/community_images/mongodb/ironbank/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/mongodb/ironbank/assets/metrics.webp b/community_images/mongodb/ironbank/assets/metrics.webp deleted file mode 100644 index 4033336a02..0000000000 Binary files a/community_images/mongodb/ironbank/assets/metrics.webp and /dev/null differ diff --git a/community_images/mongodb/ironbank/dc_coverage.sh b/community_images/mongodb/ironbank/dc_coverage.sh deleted file mode 100755 index f89417f18e..0000000000 --- a/community_images/mongodb/ironbank/dc_coverage.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash - -set -x -set -e - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" - -PROJECT_NAME=$(jq -r '.project_name' < "$JSON_PARAMS") -CONTAINER="${PROJECT_NAME}"-mongodb-1 -# Run common mongo commands -docker exec -i "${CONTAINER}" bash -c "/tmp/mongodb_coverage.sh" -# Use MongoDB -docker exec -i "${CONTAINER}" bash -c "mongosh -u root -p rootpassword < /tmp/use_mongodb.js || mongo -u root -p rootpassword < /tmp/use_mongodb.js" - diff --git a/community_images/mongodb/ironbank/docker-compose.yml b/community_images/mongodb/ironbank/docker-compose.yml deleted file mode 100644 index 7d3e28bcf6..0000000000 --- a/community_images/mongodb/ironbank/docker-compose.yml +++ /dev/null @@ -1,19 +0,0 @@ -version: '3' - -services: - mongodb: - image: ${MONGODB_IMAGE_REPOSITORY}:${MONGODB_IMAGE_TAG} - environment: - MONGO_INITDB_ROOT_USERNAME: root - MONGO_INITDB_ROOT_PASSWORD: rootpassword - ports: - - '::27017' - volumes: - - 'mongodb_data_container:/official/mongodb' - - '../../common/tests/mongodb_coverage.sh:/tmp/mongodb_coverage.sh' - - './use_mongodb.js:/tmp/use_mongodb.js' - cap_add: - - SYS_PTRACE -volumes: - mongodb_data_container: - driver: local diff --git a/community_images/mongodb/ironbank/image.yml b/community_images/mongodb/ironbank/image.yml deleted file mode 100644 index 8c42cf02b3..0000000000 --- a/community_images/mongodb/ironbank/image.yml +++ /dev/null @@ -1,38 +0,0 @@ -name: mongodb-ib -official_name: MongoDB® IronBank -official_website: https://www.mongodb.com/ -source_image_provider: Platform One -source_image_repo: registry1.dso.mil/ironbank/opensource/mongodb/mongodb -source_image_repo_link: https://registry1.dso.mil/harbor/projects/3/repositories/opensource%2Fmongodb%2Fmongodb -source_image_readme: https://repo1.dso.mil/dsop/opensource/mongodb/mongodb/-/blob/development/README.md -rf_docker_link: rapidfort/mongodb-ib -image_workflow_name: mongodb_ironbank -github_location: mongodb/ironbank -report_url: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fmongodb%2Fmongodb -usage_instructions: | - $ docker run --name some-mongodb -d rapidfort/mongodb-ib:latest -what_is_text: | - MongoDB® is a free and open-source cross-platform document-oriented database program. Classified as a NoSQL database program, MongoDB uses JSON-like documents with schemata. MongoDB is developed by MongoDB Inc., and is published under a combination of the Server Side Public License and the Apache License. -disclaimer: | - Disclaimer: The respective trademarks mentioned in the offering are owned by the respective companies. We do not provide a commercial license for any of these products. This listing has an open-source license. MongoDB(R) is run and maintained by MongoDB, which is a completely separate project from RapidFort. -input_registry: - registry: registry1.dso.mil - account: ironbank -repo_sets: - - opensource/mongodb/mongodb: - input_base_tag: "6." - output_repo: mongodb-ib - - opensource/mongodb/mongodb: - input_base_tag: "5." - output_repo: mongodb-ib - - opensource/mongodb/mongodb: - input_base_tag: "4." - output_repo: mongodb-ib -runtimes: - - type: docker_compose - script: dc_coverage.sh - compose_file: docker-compose.yml - image_keys: - mongodb-ib: - repository: "MONGODB_IMAGE_REPOSITORY" - tag: "MONGODB_IMAGE_TAG" diff --git a/community_images/mongodb/ironbank/use_mongodb.js b/community_images/mongodb/ironbank/use_mongodb.js deleted file mode 100755 index b2fd4d1b1c..0000000000 --- a/community_images/mongodb/ironbank/use_mongodb.js +++ /dev/null @@ -1,9 +0,0 @@ - -show dbs -show collections -db.version() -use rapidfort -db.createCollection("community") -db.community.insertMany([ {name: "Dave", origin: "Ireland", skill: "noob"}, {name: "Anmol", origin: "India", skill: "ninja"}, {name: "Ankit", origin: "India", skill: "wizard"}, {name: "Vinod", origin: "India", skill: "wizard", compensation: "astronomical"}, {name: "Reuben", origin: "USA", skill: "noob", passion: "whiskey"} ]) -db.community.find().pretty() - diff --git a/community_images/mongodb/official/README.md b/community_images/mongodb/official/README.md deleted file mode 100644 index edd9b18d06..0000000000 --- a/community_images/mongodb/official/README.md +++ /dev/null @@ -1,142 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for MongoDB® Official - -RapidFort’s container optimization process hardened this MongoDB® Official container. This container is free to use and has no license limitations. - -It is the same as the [MongoDB MongoDB® Official][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is MongoDB® Official? - -> MongoDB® is a free and open-source cross-platform document-oriented database program. Classified as a NoSQL database program, MongoDB uses JSON-like documents with schemata. MongoDB is developed by MongoDB Inc., and is published under a combination of the Server Side Public License and the Apache License. - - -[Overview of MongoDB® Official](https://www.mongodb.com/) - -Disclaimer: The respective trademarks mentioned in the offering are owned by the respective companies. We do not provide a commercial license for any of these products. This listing has an open-source license. MongoDB(R) is run and maintained by MongoDB, which is a completely separate project from RapidFort. - - -## How do I use this hardened MongoDB® Official image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [MongoDB MongoDB® Official][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [MongoDB MongoDB® Official][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/mongodb-official][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links -* [`6.0.2-focal`, `6.0-focal`, `6-focal`, `focal` (Dockerfile)](https://github.com/docker-library/mongo/blob/d68a62060cd2261be2196f9c796a770efb9df8fd/6.0/Dockerfile) -* [`5.0.13-focal`, `5.0-focal`, `5-focal` (Dockerfile)](https://github.com/docker-library/mongo/blob/b20fe71024b06ccaf366ef4c01161627114ce688/5.0/Dockerfile) -* [`4.4.18-focal`, `4.4-focal`, `4-focal` (Dockerfile)](https://github.com/docker-library/mongo/blob/37cfb713ddf069510524aebb03b82f385e891f7d/4.4/Dockerfile) -* [`4.2.23-bionic`, `4.2-bionic` (Dockerfile)](https://github.com/docker-library/mongo/blob/c830e47022955d24bad50f1237ef7b713792bf9e/4.2/Dockerfile) -* [`4.0.28-xenial`, `4.0-xenial` (Dockerfile)](https://github.com/docker-library/mongo/blob/9631e54a2885018f440e8da2840c21793c156f94/4.0/Dockerfile) - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=mongodb-official&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fmongo?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=mongodb-official&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fmongo?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=mongodb-official&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fmongo?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=mongodb-official&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fmongo?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=mongodb-official&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fmongo?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=mongodb-official&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/mongodb-official?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/mongodb-official?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/mongodb/official/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/mongodb/official/assets/cve_reduction.webp - -[source-image-repo-link]: https://hub.docker.com/_/mongo -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/mongodb-official diff --git a/community_images/mongodb/official/assets/cve_reduction.webp b/community_images/mongodb/official/assets/cve_reduction.webp deleted file mode 100644 index 7037543399..0000000000 Binary files a/community_images/mongodb/official/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/mongodb/official/assets/metrics.webp b/community_images/mongodb/official/assets/metrics.webp deleted file mode 100644 index eceda0748c..0000000000 Binary files a/community_images/mongodb/official/assets/metrics.webp and /dev/null differ diff --git a/community_images/mongodb/official/dc_coverage.sh b/community_images/mongodb/official/dc_coverage.sh deleted file mode 100755 index f89417f18e..0000000000 --- a/community_images/mongodb/official/dc_coverage.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash - -set -x -set -e - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" - -PROJECT_NAME=$(jq -r '.project_name' < "$JSON_PARAMS") -CONTAINER="${PROJECT_NAME}"-mongodb-1 -# Run common mongo commands -docker exec -i "${CONTAINER}" bash -c "/tmp/mongodb_coverage.sh" -# Use MongoDB -docker exec -i "${CONTAINER}" bash -c "mongosh -u root -p rootpassword < /tmp/use_mongodb.js || mongo -u root -p rootpassword < /tmp/use_mongodb.js" - diff --git a/community_images/mongodb/official/docker-compose.yml b/community_images/mongodb/official/docker-compose.yml deleted file mode 100644 index 7d3e28bcf6..0000000000 --- a/community_images/mongodb/official/docker-compose.yml +++ /dev/null @@ -1,19 +0,0 @@ -version: '3' - -services: - mongodb: - image: ${MONGODB_IMAGE_REPOSITORY}:${MONGODB_IMAGE_TAG} - environment: - MONGO_INITDB_ROOT_USERNAME: root - MONGO_INITDB_ROOT_PASSWORD: rootpassword - ports: - - '::27017' - volumes: - - 'mongodb_data_container:/official/mongodb' - - '../../common/tests/mongodb_coverage.sh:/tmp/mongodb_coverage.sh' - - './use_mongodb.js:/tmp/use_mongodb.js' - cap_add: - - SYS_PTRACE -volumes: - mongodb_data_container: - driver: local diff --git a/community_images/mongodb/official/image.yml b/community_images/mongodb/official/image.yml deleted file mode 100644 index 8f141d3336..0000000000 --- a/community_images/mongodb/official/image.yml +++ /dev/null @@ -1,55 +0,0 @@ -name: mongodb-official -official_name: MongoDB® Official -official_website: https://www.mongodb.com/ -source_image_provider: MongoDB -source_image_repo: docker.io/library/mongo -source_image_repo_link: https://hub.docker.com/_/mongo -source_image_readme: https://github.com/docker-library/docs/blob/master/mongo/README.md -rf_docker_link: rapidfort/mongodb-official -image_workflow_name: mongodb_official -github_location: mongodb/official -report_url: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fmongo -usage_instructions: | -what_is_text: | - MongoDB® is a free and open-source cross-platform document-oriented database program. Classified as a NoSQL database program, MongoDB uses JSON-like documents with schemata. MongoDB is developed by MongoDB Inc., and is published under a combination of the Server Side Public License and the Apache License. -disclaimer: | - Disclaimer: The respective trademarks mentioned in the offering are owned by the respective companies. We do not provide a commercial license for any of these products. This listing has an open-source license. MongoDB(R) is run and maintained by MongoDB, which is a completely separate project from RapidFort. - -docker_links: - - "[`6.0.2-focal`, `6.0-focal`, `6-focal`, `focal` (Dockerfile)](https://github.com/docker-library/mongo/blob/d68a62060cd2261be2196f9c796a770efb9df8fd/6.0/Dockerfile)" - - "[`5.0.13-focal`, `5.0-focal`, `5-focal` (Dockerfile)](https://github.com/docker-library/mongo/blob/b20fe71024b06ccaf366ef4c01161627114ce688/5.0/Dockerfile)" - - "[`4.4.18-focal`, `4.4-focal`, `4-focal` (Dockerfile)](https://github.com/docker-library/mongo/blob/37cfb713ddf069510524aebb03b82f385e891f7d/4.4/Dockerfile)" - - "[`4.2.23-bionic`, `4.2-bionic` (Dockerfile)](https://github.com/docker-library/mongo/blob/c830e47022955d24bad50f1237ef7b713792bf9e/4.2/Dockerfile)" - - "[`4.0.28-xenial`, `4.0-xenial` (Dockerfile)](https://github.com/docker-library/mongo/blob/9631e54a2885018f440e8da2840c21793c156f94/4.0/Dockerfile)" -input_registry: - registry: docker.io - account: library -repo_sets: - - mongo: - input_base_tag: "6.*focal" - output_repo: mongodb-official - - mongo: - input_base_tag: "5.*focal" - output_repo: mongodb-official - - mongo: - input_base_tag: "4.*focal" - output_repo: mongodb-official - - mongo: - input_base_tag: "4.*bionic" - output_repo: mongodb-official - - mongo: - input_base_tag: "4.*xenial" - output_repo: mongodb-official -runtimes: - - type: docker_compose - script: dc_coverage.sh - compose_file: docker-compose.yml - image_keys: - mongodb-official: - repository: "MONGODB_IMAGE_REPOSITORY" - tag: "MONGODB_IMAGE_TAG" - - type: docker - script: docker_coverage.sh - mongodb: - environment: - MONGODB_ROOT_PASSWORD: password123 diff --git a/community_images/mongodb/official/use_mongodb.js b/community_images/mongodb/official/use_mongodb.js deleted file mode 100755 index b2fd4d1b1c..0000000000 --- a/community_images/mongodb/official/use_mongodb.js +++ /dev/null @@ -1,9 +0,0 @@ - -show dbs -show collections -db.version() -use rapidfort -db.createCollection("community") -db.community.insertMany([ {name: "Dave", origin: "Ireland", skill: "noob"}, {name: "Anmol", origin: "India", skill: "ninja"}, {name: "Ankit", origin: "India", skill: "wizard"}, {name: "Vinod", origin: "India", skill: "wizard", compensation: "astronomical"}, {name: "Reuben", origin: "USA", skill: "noob", passion: "whiskey"} ]) -db.community.find().pretty() - diff --git a/community_images/mysql/bitnami/.rfignore b/community_images/mysql/bitnami/.rfignore deleted file mode 100644 index 5f9a52b536..0000000000 --- a/community_images/mysql/bitnami/.rfignore +++ /dev/null @@ -1,4 +0,0 @@ -opt/bitnami/common/licenses -opt/bitnami/licenses -opt/bitnami/mysql/licenses -usr/share/common-licenses diff --git a/community_images/mysql/bitnami/README.md b/community_images/mysql/bitnami/README.md deleted file mode 100644 index 79c7aef4ff..0000000000 --- a/community_images/mysql/bitnami/README.md +++ /dev/null @@ -1,143 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for MySQL - -RapidFort’s container optimization process hardened this MySQL container. This container is free to use and has no license limitations. - -It is the same as the [Bitnami MySQL][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is MySQL? - -> MySQL is the world's most popular open source database. With its proven performance, reliability and ease-of-use, MySQL has become the leading database choice for web-based applications, covering the entire range from personal projects and websites, via e-commerce and information services, all the way to high profile web properties including Facebook, Twitter, YouTube, Yahoo! and many more. - - -[Overview of MySQL](https://www.mysql.com/) - -Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - - -## How do I use this hardened MySQL image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -$ helm repo add bitnami https://charts.bitnami.com/bitnami - -# install mysql, just replace repository with RapidFort registry -$ helm install my-mysql bitnami/mysql --set image.repository=rapidfort/mysql - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [Bitnami MySQL][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [Bitnami MySQL][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/mysql][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links -* [`8.2`, `8.2-debian-11`, `8.2.0`, `8.2.0-debian-11-r` (8.2/debian-11/Dockerfile)](https://github.com/bitnami/containers/tree/main/bitnami/mysql/8.2/debian-11/Dockerfile) -* [`8.0`, `8.0-debian-11`, `8.0.35`, `8.0.35-debian-11-r` (8.0/debian-11/Dockerfile)](https://github.com/bitnami/containers/tree/main/bitnami/mysql/8.0/debian-11/Dockerfile) - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=mysql&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fmysql?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=mysql&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fmysql?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=mysql&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fmysql?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=mysql&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fmysql?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=mysql&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fmysql?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=mysql&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/mysql?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/mysql?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/mysql/bitnami/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/mysql/bitnami/assets/cve_reduction.webp - -[source-image-repo-link]: https://hub.docker.com/r/bitnami/mysql -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/mysql diff --git a/community_images/mysql/bitnami/assets/cve_reduction.webp b/community_images/mysql/bitnami/assets/cve_reduction.webp deleted file mode 100644 index 2824f34b2a..0000000000 Binary files a/community_images/mysql/bitnami/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/mysql/bitnami/assets/metrics.webp b/community_images/mysql/bitnami/assets/metrics.webp deleted file mode 100644 index 69268fdcc8..0000000000 Binary files a/community_images/mysql/bitnami/assets/metrics.webp and /dev/null differ diff --git a/community_images/mysql/bitnami/docker-compose.yml b/community_images/mysql/bitnami/docker-compose.yml deleted file mode 100644 index 5076023912..0000000000 --- a/community_images/mysql/bitnami/docker-compose.yml +++ /dev/null @@ -1,54 +0,0 @@ -version: '2.1' - -services: - mysql-master: - image: ${MYSQL_IMAGE_REPOSITORY}:${MYSQL_IMAGE_TAG} - ports: - - '3306' - volumes: - - 'mysql_master_data:/bitnami/mysql/data' - environment: - - RF_VERBOSE=1 - - MYSQL_REPLICATION_MODE=master - - MYSQL_REPLICATION_USER=repl_user - - MYSQL_USER=my_user - - MYSQL_DATABASE=my_database - # ALLOW_EMPTY_PASSWORD is recommended only for development. - - ALLOW_EMPTY_PASSWORD=yes - - MYSQL_ROOT_PASSWORD=my_root_password - cap_add: - - SYS_PTRACE - healthcheck: - test: ['CMD', '/opt/bitnami/scripts/mysql/healthcheck.sh'] - interval: 15s - timeout: 5s - retries: 6 - - mysql-slave: - image: ${MYSQL_IMAGE_REPOSITORY}:${MYSQL_IMAGE_TAG} - ports: - - '3306' - depends_on: - - mysql-master - environment: - - RF_VERBOSE=1 - - MYSQL_REPLICATION_MODE=slave - - MYSQL_REPLICATION_USER=repl_user - - MYSQL_USER=my_user - - MYSQL_DATABASE=my_database - - MYSQL_MASTER_HOST=mysql-master - - MYSQL_MASTER_PORT_NUMBER=3306 - - MYSQL_MASTER_ROOT_PASSWORD=my_root_password - # ALLOW_EMPTY_PASSWORD is recommended only for development. - - ALLOW_EMPTY_PASSWORD=yes - cap_add: - - SYS_PTRACE - healthcheck: - test: ['CMD', '/opt/bitnami/scripts/mysql/healthcheck.sh'] - interval: 15s - timeout: 5s - retries: 6 - -volumes: - mysql_master_data: - driver: local diff --git a/community_images/mysql/bitnami/image.yml b/community_images/mysql/bitnami/image.yml deleted file mode 100644 index 3cfe129167..0000000000 --- a/community_images/mysql/bitnami/image.yml +++ /dev/null @@ -1,53 +0,0 @@ -name: mysql -official_name: MySQL -official_website: https://www.mysql.com/ -source_image_provider: Bitnami -source_image_repo: docker.io/bitnami/mysql -source_image_repo_link: https://hub.docker.com/r/bitnami/mysql -source_image_readme: https://github.com/bitnami/containers/blob/main/bitnami/mysql/README.md -rf_docker_link: rapidfort/mysql -image_workflow_name: mysql_bitnami -github_location: mysql/bitnami -report_url: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fmysql -usage_instructions: | - $ helm repo add bitnami https://charts.bitnami.com/bitnami - - # install mysql, just replace repository with RapidFort registry - $ helm install my-mysql bitnami/mysql --set image.repository=rapidfort/mysql -what_is_text: | - MySQL is the world's most popular open source database. With its proven performance, reliability and ease-of-use, MySQL has become the leading database choice for web-based applications, covering the entire range from personal projects and websites, via e-commerce and information services, all the way to high profile web properties including Facebook, Twitter, YouTube, Yahoo! and many more. -disclaimer: | - Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. -input_registry: - registry: docker.io - account: bitnami -repo_sets: - - mysql: - input_base_tag: "8.1.0-debian-11-r" - - mysql: - input_base_tag: "8.0.34-debian-11-r" - - mysql: - input_base_tag: "5.7.43-debian-11-r" -runtimes: - - type: k8s - script: k8s_coverage.sh - helm: - repo: bitnami - repo_url: https://charts.bitnami.com/bitnami - chart: mysql - wait_time_sec: 120 - image_keys: - mysql: - repository: "image.repository" - tag: "image.tag" - override_file: "overrides.yml" - - type: docker_compose - compose_file: docker-compose.yml - image_keys: - mysql: - repository: "MYSQL_IMAGE_REPOSITORY" - tag: "MYSQL_IMAGE_TAG" - - type: docker - mysql: - environment: - MYSQL_ROOT_PASSWORD: my_root_password diff --git a/community_images/mysql/bitnami/k8s_coverage.sh b/community_images/mysql/bitnami/k8s_coverage.sh deleted file mode 100755 index f2806ade64..0000000000 --- a/community_images/mysql/bitnami/k8s_coverage.sh +++ /dev/null @@ -1,86 +0,0 @@ -#!/bin/bash - -set -x -set -e - -# shellcheck disable=SC1091 -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -# shellcheck disable=SC1091 -. "${SCRIPTPATH}"/../../common/tests/sysbench_tests.sh - -# shellcheck disable=SC1091 -. "${SCRIPTPATH}"/../../common/scripts/bash_helper.sh - -JSON_PARAMS="$1" - -NAMESPACE=$(jq -r '.namespace_name' < "$JSON_PARAMS") -RELEASE_NAME=$(jq -r '.release_name' < "$JSON_PARAMS") - -# get mysql password -MYSQL_ROOT_PASSWORD=$(kubectl get secret --namespace "${NAMESPACE}" "${RELEASE_NAME}" -o jsonpath="{.data.mysql-root-password}" | base64 --decode) - -# copy test.sql into container -kubectl -n "${NAMESPACE}" cp "${SCRIPTPATH}"/../../common/tests/test.my_sql "${RELEASE_NAME}"-0:/tmp/test.my_sql - -# run script -with_backoff kubectl -n "${NAMESPACE}" exec -i "${RELEASE_NAME}"-0 -- /bin/bash -c "mysql -h localhost -uroot -p\"$MYSQL_ROOT_PASSWORD\" mysql < /tmp/test.my_sql" - -# copy mysql_coverage.sh into container -kubectl -n "${NAMESPACE}" cp "${SCRIPTPATH}"/../../common/tests/mysql_coverage.sh "${RELEASE_NAME}"-0:/tmp/mysql_coverage.sh - -# run mysql_coverage on cluster -kubectl -n "${NAMESPACE}" exec -i "${RELEASE_NAME}"-0 -- /bin/bash -c "/tmp/mysql_coverage.sh" - -# create sbtest schema -with_backoff kubectl -n "${NAMESPACE}" exec -i "${RELEASE_NAME}"-0 \ - -- /bin/bash -c \ - "mysql -h localhost -uroot -p\"$MYSQL_ROOT_PASSWORD\" -e \"CREATE SCHEMA sbtest;\"" - -# prepare benchmark -kubectl run -n "${NAMESPACE}" sb-prepare \ - --rm -i --restart='Never' \ - --image severalnines/sysbench \ - --command -- sysbench \ - --db-driver=mysql \ - --oltp-table-size=100000 \ - --oltp-tables-count=24 \ - --threads=1 \ - --mysql-host="${RELEASE_NAME}" \ - --mysql-port=3306 \ - --mysql-user=root \ - --mysql-password="${MYSQL_ROOT_PASSWORD}" \ - --mysql-debug=on \ - /usr/share/sysbench/tests/include/oltp_legacy/parallel_prepare.lua \ - run - -# execute test -kubectl run -n "${NAMESPACE}" sb-run \ - --rm -i --restart='Never' \ - --image severalnines/sysbench \ - --command -- sysbench \ - --db-driver=mysql \ - --report-interval=2 \ - --mysql-table-engine=innodb \ - --oltp-table-size=100000 \ - --oltp-tables-count=24 \ - --threads=4 \ - --time=45 \ - --mysql-host="${RELEASE_NAME}" \ - --mysql-port=3306 \ - --mysql-user=root \ - --mysql-password="${MYSQL_ROOT_PASSWORD}" \ - /usr/share/sysbench/tests/include/oltp_legacy/oltp.lua \ - run - -# run mysql_coverage on cluster -kubectl -n "${NAMESPACE}" delete pod "${RELEASE_NAME}"-0 - -# wait for pod to be available again -kubectl -n "${NAMESPACE}" wait pod "${RELEASE_NAME}"-0 --for=condition=ready --timeout=5m - -# copy test.sql into container -kubectl -n "${NAMESPACE}" cp "${SCRIPTPATH}"/../../common/tests/test.my_sql "${RELEASE_NAME}"-0:/tmp/test.my_sql - -# run script -kubectl -n "${NAMESPACE}" exec -i "${RELEASE_NAME}"-0 -- /bin/bash -c "mysql -h localhost -uroot -p\"$MYSQL_ROOT_PASSWORD\" mysql < /tmp/test.my_sql" diff --git a/community_images/mysql/bitnami/overrides.yml b/community_images/mysql/bitnami/overrides.yml deleted file mode 100644 index 8b521fe90c..0000000000 --- a/community_images/mysql/bitnami/overrides.yml +++ /dev/null @@ -1,35 +0,0 @@ -image: - pullSecrets: ["rf-regcred"] - pullPolicy: Always -primary: - containerSecurityContext: - enabled: true - runAsUser: 1001 - allowPrivilegeEscalation: true - capabilities: - add: ["SYS_PTRACE"] - extraEnvVars: - - name: "RF_VERBOSE" - value: "0" - livenessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 - readinessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 -secondary: - containerSecurityContext: - enabled: true - runAsUser: 1001 - allowPrivilegeEscalation: true - capabilities: - add: ["SYS_PTRACE"] - extraEnvVars: - - name: "RF_VERBOSE" - value: "0" - livenessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 - readinessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 \ No newline at end of file diff --git a/community_images/mysql/ironbank/.rfignore b/community_images/mysql/ironbank/.rfignore deleted file mode 100644 index bd036ec246..0000000000 --- a/community_images/mysql/ironbank/.rfignore +++ /dev/null @@ -1 +0,0 @@ -usr/share/licenses diff --git a/community_images/mysql/ironbank/README.md b/community_images/mysql/ironbank/README.md deleted file mode 100644 index 4d40cb7445..0000000000 --- a/community_images/mysql/ironbank/README.md +++ /dev/null @@ -1,139 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for MySQL IronBank - -RapidFort’s container optimization process hardened this MySQL IronBank container. This container is free to use and has no license limitations. - -It is the same as the [Platform One MySQL IronBank][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is MySQL IronBank? - -> MySQL is the world's most popular open source database. With its proven performance, reliability and ease-of-use, MySQL has become the leading database choice for web-based applications, covering the entire range from personal projects and websites, via e-commerce and information services, all the way to high profile web properties including Facebook, Twitter, YouTube, Yahoo! and many more. - - -[Overview of MySQL IronBank](https://www.mysql.com/) - -Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - - -## How do I use this hardened MySQL IronBank image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -$ docker run --name some-mysql -e MYSQL_ROOT_PASSWORD=my-secret-pw -d rapidfort/mysql8-ib:latest - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [Platform One MySQL IronBank][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [Platform One MySQL IronBank][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/mysql8-ib][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links -* [`latest` (Dockerfile)](https://repo1.dso.mil/dsop/opensource/mysql/mysql8/-/blob/development/Dockerfile) - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=mysql-ib&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fmysql%2Fmysql8?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=mysql-ib&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fmysql%2Fmysql8?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=mysql-ib&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fmysql%2Fmysql8?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=mysql-ib&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fmysql%2Fmysql8?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=mysql-ib&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fmysql%2Fmysql8?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=mysql-ib&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/mysql8-ib?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/mysql8-ib?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/mysql/ironbank/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/mysql/ironbank/assets/cve_reduction.webp - -[source-image-repo-link]: https://registry1.dso.mil/harbor/projects/3/repositories/opensource%2Fmysql%2Fmysql8 -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/mysql8-ib diff --git a/community_images/mysql/ironbank/assets/cve_reduction.webp b/community_images/mysql/ironbank/assets/cve_reduction.webp deleted file mode 100644 index 9e9f525b36..0000000000 Binary files a/community_images/mysql/ironbank/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/mysql/ironbank/assets/metrics.webp b/community_images/mysql/ironbank/assets/metrics.webp deleted file mode 100644 index 21f0d35141..0000000000 Binary files a/community_images/mysql/ironbank/assets/metrics.webp and /dev/null differ diff --git a/community_images/mysql/ironbank/docker_coverage.sh b/community_images/mysql/ironbank/docker_coverage.sh deleted file mode 100755 index f751aca935..0000000000 --- a/community_images/mysql/ironbank/docker_coverage.sh +++ /dev/null @@ -1,77 +0,0 @@ -#!/bin/bash - -set -x -set -e - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker coverage = $JSON" - -CONTAINER_NAME=$(jq -r '.container_details."mysql8-ib".name' < "$JSON_PARAMS") -NETWORK_NAME=$(jq -r '.network_name' < "$JSON_PARAMS") -MYSQL_HOST=$(jq -r '.container_details."mysql8-ib".ip_address' < "$JSON_PARAMS") - -SCRIPTPATH=$(jq -r '.image_script_dir' < "$JSON_PARAMS") - - -# shellcheck disable=SC1091 -. "${SCRIPTPATH}"/../../common/tests/sysbench_tests.sh - -# get mysql password -MYSQL_ROOT_PASSWORD=my_root_password - -# copy test.sql into container -docker cp "${SCRIPTPATH}"/../../common/tests/test.my_sql "${CONTAINER_NAME}":/tmp/test.my_sql - -# run script -docker exec -i "${CONTAINER_NAME}" \ - /bin/bash -c "mysql -h localhost -uroot -p\"$MYSQL_ROOT_PASSWORD\" mysql < /tmp/test.my_sql" - -# copy mysql_coverage.sh into container -docker cp "${SCRIPTPATH}"/../../common/tests/mysql_coverage.sh "${CONTAINER_NAME}":/tmp/mysql_coverage.sh - -# run mysql_coverage on cluster -docker exec -i "${CONTAINER_NAME}" /bin/bash -c "/tmp/mysql_coverage.sh" - -# create sbtest schema -docker exec -i "${CONTAINER_NAME}" \ - /bin/bash -c \ - "mysql -h localhost -uroot -p\"$MYSQL_ROOT_PASSWORD\" -e \"CREATE SCHEMA sbtest;\"" - -# prepare benchmark -docker run --network="${NETWORK_NAME}" \ - --name sb-prepare --rm -i \ - severalnines/sysbench \ - sysbench \ - --db-driver=mysql \ - --oltp-table-size=100000 \ - --oltp-tables-count=24 \ - --threads=1 \ - --mysql-host="${MYSQL_HOST}" \ - --mysql-port=3306 \ - --mysql-user=root \ - --mysql-password="${MYSQL_ROOT_PASSWORD}" \ - --mysql-debug=on \ - /usr/share/sysbench/tests/include/oltp_legacy/parallel_prepare.lua \ - run - -# execute test -docker run --network="${NETWORK_NAME}" \ - --name sb-run --rm -i \ - severalnines/sysbench \ - sysbench \ - --db-driver=mysql \ - --report-interval=2 \ - --mysql-table-engine=innodb \ - --oltp-table-size=100000 \ - --oltp-tables-count=24 \ - --threads=4 \ - --time=45 \ - --mysql-host="${MYSQL_HOST}" \ - --mysql-port=3306 \ - --mysql-user=root \ - --mysql-password="${MYSQL_ROOT_PASSWORD}" \ - /usr/share/sysbench/tests/include/oltp_legacy/oltp.lua \ - run diff --git a/community_images/mysql/ironbank/image.yml b/community_images/mysql/ironbank/image.yml deleted file mode 100644 index 8825efac69..0000000000 --- a/community_images/mysql/ironbank/image.yml +++ /dev/null @@ -1,35 +0,0 @@ -name: mysql-ib -official_name: MySQL IronBank -official_website: https://www.mysql.com/ -source_image_provider: Platform One -source_image_repo: registry1.dso.mil/ironbank/opensource/mysql/mysql8 -source_image_repo_link: https://registry1.dso.mil/harbor/projects/3/repositories/opensource%2Fmysql%2Fmysql8 -source_image_readme: https://repo1.dso.mil/dsop/opensource/mysql/mysql8/-/blob/development/README.md -rf_docker_link: rapidfort/mysql8-ib -image_workflow_name: mysql_ironbank -github_location: mysql/ironbank -report_url: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fmysql%2Fmysql8 -usage_instructions: | - $ docker run --name some-mysql -e MYSQL_ROOT_PASSWORD=my-secret-pw -d rapidfort/mysql8-ib:latest -what_is_text: | - MySQL is the world's most popular open source database. With its proven performance, reliability and ease-of-use, MySQL has become the leading database choice for web-based applications, covering the entire range from personal projects and websites, via e-commerce and information services, all the way to high profile web properties including Facebook, Twitter, YouTube, Yahoo! and many more. -disclaimer: | - Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. -docker_links: - - "[`latest` (Dockerfile)](https://repo1.dso.mil/dsop/opensource/mysql/mysql8/-/blob/development/Dockerfile)" -input_registry: - registry: registry1.dso.mil - account: ironbank -repo_sets: - - opensource/mysql/mysql8: - input_base_tag: "8." - output_repo: mysql8-ib -runtimes: - - type: docker - script: docker_coverage.sh - wait_time_sec: 60 - mysql8-ib: - exec_command: --default-authentication-plugin=mysql_native_password - environment: - MYSQL_ROOT_PASSWORD: my_root_password - MYSQL_ROOT_HOST: "%" diff --git a/community_images/mysql/official/.rfignore b/community_images/mysql/official/.rfignore deleted file mode 100644 index bd036ec246..0000000000 --- a/community_images/mysql/official/.rfignore +++ /dev/null @@ -1 +0,0 @@ -usr/share/licenses diff --git a/community_images/mysql/official/README.md b/community_images/mysql/official/README.md deleted file mode 100644 index dbce5370e4..0000000000 --- a/community_images/mysql/official/README.md +++ /dev/null @@ -1,140 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for MySQL Official - -RapidFort’s container optimization process hardened this MySQL Official container. This container is free to use and has no license limitations. - -It is the same as the [The Docker Community MySQL Official][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is MySQL Official? - -> MySQL is the world's most popular open source database. With its proven performance, reliability and ease-of-use, MySQL has become the leading database choice for web-based applications, covering the entire range from personal projects and websites, via e-commerce and information services, all the way to high profile web properties including Facebook, Twitter, YouTube, Yahoo! and many more. - - -[Overview of MySQL Official](https://www.mysql.com/) - -Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - - -## How do I use this hardened MySQL Official image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -$ docker run --name some-mysql -e MYSQL_ROOT_PASSWORD=my-secret-pw -d rapidfort/mysql-official:latest - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [The Docker Community MySQL Official][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [The Docker Community MySQL Official][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/mysql-official][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links -* [`8.0-debian`, `8-debian` (Dockerfile)](https://github.com/docker-library/mysql/blob/master/8.0/Dockerfile.debian) -* [`5.7-debian`, `5-debian` (Dockerfile)](https://github.com/docker-library/mysql/blob/master/5.7/Dockerfile.debian) - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=mysql-official&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fmysql?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=mysql-official&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fmysql?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=mysql-official&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fmysql?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=mysql-official&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fmysql?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=mysql-official&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fmysql?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=mysql-official&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/mysql-official?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/mysql-official?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/mysql/official/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/mysql/official/assets/cve_reduction.webp - -[source-image-repo-link]: https://hub.docker.com/_/mysql -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/mysql-official diff --git a/community_images/mysql/official/assets/cve_reduction.webp b/community_images/mysql/official/assets/cve_reduction.webp deleted file mode 100644 index fbffa383e6..0000000000 Binary files a/community_images/mysql/official/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/mysql/official/assets/metrics.webp b/community_images/mysql/official/assets/metrics.webp deleted file mode 100644 index a712807da1..0000000000 Binary files a/community_images/mysql/official/assets/metrics.webp and /dev/null differ diff --git a/community_images/mysql/official/docker_coverage.sh b/community_images/mysql/official/docker_coverage.sh deleted file mode 100755 index 5f3d1598e7..0000000000 --- a/community_images/mysql/official/docker_coverage.sh +++ /dev/null @@ -1,77 +0,0 @@ -#!/bin/bash - -set -x -set -e - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker coverage = $JSON" - -CONTAINER_NAME=$(jq -r '.container_details."mysql-official".name' < "$JSON_PARAMS") -NETWORK_NAME=$(jq -r '.network_name' < "$JSON_PARAMS") -MYSQL_HOST=$(jq -r '.container_details."mysql-official".ip_address' < "$JSON_PARAMS") - -SCRIPTPATH=$(jq -r '.image_script_dir' < "$JSON_PARAMS") - - -# shellcheck disable=SC1091 -. "${SCRIPTPATH}"/../../common/tests/sysbench_tests.sh - -# get mysql password -MYSQL_ROOT_PASSWORD=my_root_password - -# copy test.sql into container -docker cp "${SCRIPTPATH}"/../../common/tests/test.my_sql "${CONTAINER_NAME}":/tmp/test.my_sql - -# run script -docker exec -i "${CONTAINER_NAME}" \ - /bin/bash -c "mysql -h localhost -uroot -p\"$MYSQL_ROOT_PASSWORD\" mysql < /tmp/test.my_sql" - -# copy mysql_coverage.sh into container -docker cp "${SCRIPTPATH}"/../../common/tests/mysql_coverage.sh "${CONTAINER_NAME}":/tmp/mysql_coverage.sh - -# run mysql_coverage on cluster -docker exec -i "${CONTAINER_NAME}" /bin/bash -c "/tmp/mysql_coverage.sh" - -# create sbtest schema -docker exec -i "${CONTAINER_NAME}" \ - /bin/bash -c \ - "mysql -h localhost -uroot -p\"$MYSQL_ROOT_PASSWORD\" -e \"CREATE SCHEMA sbtest;\"" - -# prepare benchmark -docker run --network="${NETWORK_NAME}" \ - --name sb-prepare --rm -i \ - severalnines/sysbench \ - sysbench \ - --db-driver=mysql \ - --oltp-table-size=100000 \ - --oltp-tables-count=24 \ - --threads=1 \ - --mysql-host="${MYSQL_HOST}" \ - --mysql-port=3306 \ - --mysql-user=root \ - --mysql-password="${MYSQL_ROOT_PASSWORD}" \ - --mysql-debug=on \ - /usr/share/sysbench/tests/include/oltp_legacy/parallel_prepare.lua \ - run - -# execute test -docker run --network="${NETWORK_NAME}" \ - --name sb-run --rm -i \ - severalnines/sysbench \ - sysbench \ - --db-driver=mysql \ - --report-interval=2 \ - --mysql-table-engine=innodb \ - --oltp-table-size=100000 \ - --oltp-tables-count=24 \ - --threads=4 \ - --time=45 \ - --mysql-host="${MYSQL_HOST}" \ - --mysql-port=3306 \ - --mysql-user=root \ - --mysql-password="${MYSQL_ROOT_PASSWORD}" \ - /usr/share/sysbench/tests/include/oltp_legacy/oltp.lua \ - run diff --git a/community_images/mysql/official/image.yml b/community_images/mysql/official/image.yml deleted file mode 100644 index dfc80fb7b1..0000000000 --- a/community_images/mysql/official/image.yml +++ /dev/null @@ -1,39 +0,0 @@ -name: mysql-official -official_name: MySQL Official -official_website: https://www.mysql.com/ -source_image_provider: The Docker Community -source_image_repo: docker.io/library/mysql -source_image_repo_link: https://hub.docker.com/_/mysql -source_image_readme: https://github.com/docker-library/docs/blob/master/mysql/README.md -rf_docker_link: rapidfort/mysql-official -image_workflow_name: mysql_official -github_location: mysql/official -report_url: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fmysql -usage_instructions: | - $ docker run --name some-mysql -e MYSQL_ROOT_PASSWORD=my-secret-pw -d rapidfort/mysql-official:latest -what_is_text: | - MySQL is the world's most popular open source database. With its proven performance, reliability and ease-of-use, MySQL has become the leading database choice for web-based applications, covering the entire range from personal projects and websites, via e-commerce and information services, all the way to high profile web properties including Facebook, Twitter, YouTube, Yahoo! and many more. -disclaimer: | - Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. -docker_links: - - "[`8.0-debian`, `8-debian` (Dockerfile)](https://github.com/docker-library/mysql/blob/master/8.0/Dockerfile.debian)" - - "[`5.7-debian`, `5-debian` (Dockerfile)](https://github.com/docker-library/mysql/blob/master/5.7/Dockerfile.debian)" -input_registry: - registry: docker.io - account: library -repo_sets: - - mysql: - input_base_tag: "8.0.*-debian" - output_repo: mysql-official - - mysql: - input_base_tag: "5.7.*-debian" - output_repo: mysql-official -runtimes: - - type: docker - script: docker_coverage.sh - wait_time_sec: 60 - mysql-official: - exec_command: --default-authentication-plugin=mysql_native_password - environment: - MYSQL_ROOT_PASSWORD: my_root_password - MYSQL_ROOT_HOST: "%" diff --git a/community_images/nats/bitnami/.rfignore b/community_images/nats/bitnami/.rfignore deleted file mode 100644 index 260875870b..0000000000 --- a/community_images/nats/bitnami/.rfignore +++ /dev/null @@ -1,7 +0,0 @@ -usr/lib/x86_64-linux-gnu/gconv -opt/bitnami/scripts/postunpack.sh -opt/bitnami/nats -opt/bitnami/common/licenses -opt/bitnami/licenses -opt/bitnami/nats/licenses -usr/share/common-licenses diff --git a/community_images/nats/bitnami/README.md b/community_images/nats/bitnami/README.md deleted file mode 100644 index cb0dfc5302..0000000000 --- a/community_images/nats/bitnami/README.md +++ /dev/null @@ -1,142 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for NATS - -RapidFort’s container optimization process hardened this NATS container. This container is free to use and has no license limitations. - -It is the same as the [Bitnami NATS][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is NATS? - -> NATS is a connective technology built for the ever increasingly hyper-connected world. It is a single technology that enables applications to securely communicate across any combination of cloud vendors, on-premise, edge, web and mobile, and devices. NATS consists of a family of open source products that are tightly integrated but can be deployed easily and independently. NATS is being used globally by thousands of companies, spanning use-cases including microservices, edge computing, mobile, IoT and can be used to augment or replace traditional messaging - - -[Overview of NATS](https://nats.io) - -Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - - -## How do I use this hardened NATS image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -$ helm repo add bitnami https://charts.bitnami.com/bitnami - -# install nats, just replace repository with RapidFort registry -$ helm install my-nats bitnami/nats --set image.repository=rapidfort/nats - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [Bitnami NATS][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [Bitnami NATS][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/nats][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links -* [`2`, `2-debian-11`, `2.10.7`, `2.10.7-debian-11-r` (2/debian-11/Dockerfile)](https://github.com/bitnami/containers/tree/main/bitnami/nats/2/debian-11/Dockerfile) - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=nats&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fnats?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=nats&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fnats?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=nats&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fnats?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=nats&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fnats?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=nats&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fnats?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=nats&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/nats?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/nats?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/nats/bitnami/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/nats/bitnami/assets/cve_reduction.webp - -[source-image-repo-link]: https://hub.docker.com/r/bitnami/nats -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/nats diff --git a/community_images/nats/bitnami/assets/cve_reduction.webp b/community_images/nats/bitnami/assets/cve_reduction.webp deleted file mode 100644 index a25a38285f..0000000000 Binary files a/community_images/nats/bitnami/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/nats/bitnami/assets/metrics.webp b/community_images/nats/bitnami/assets/metrics.webp deleted file mode 100644 index 6c9b7f8734..0000000000 Binary files a/community_images/nats/bitnami/assets/metrics.webp and /dev/null differ diff --git a/community_images/nats/bitnami/coverage.sh b/community_images/nats/bitnami/coverage.sh deleted file mode 100644 index 437df86633..0000000000 --- a/community_images/nats/bitnami/coverage.sh +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/bash - -set -e -set -x - -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -function test_nats() { - local NAMESPACE=$1 - local HELM_RELEASE=$2 - - NATS_USER=$(kubectl get secret --namespace "${NAMESPACE}" "${HELM_RELEASE}" -o jsonpath='{.data.*}' | base64 -d | grep -m 1 user | awk '{print $2}' | tr -d '"') - NATS_PASS=$(kubectl get secret --namespace "${NAMESPACE}" "${HELM_RELEASE}" -o jsonpath='{.data.*}' | base64 -d | grep -m 1 password | awk '{print $2}' | tr -d '"') - echo -e "Client credentials:\n\tUser: $NATS_USER\n\tPassword: $NATS_PASS" - - # clean up the pod with name nats-release-client first if present already - kubectl delete pod nats-release-client --namespace "${NAMESPACE}" --ignore-not-found=true - kubectl run nats-release-client --restart='Never' --env="NATS_USER=$NATS_USER" --env="NATS_PASS=$NATS_PASS" --image docker.io/bitnami/golang --namespace "${NAMESPACE}" --command -- sleep infinity - # wait for nats client to come up - kubectl wait pods nats-release-client -n "${NAMESPACE}" --for=condition=ready --timeout=10m - echo "#!/bin/bash - GO111MODULE=off go get github.com/nats-io/nats.go - cd \"\$GOPATH\"/src/github.com/nats-io/nats.go/examples/nats-pub && go install && cd || exit - cd \"\$GOPATH\"/src/github.com/nats-io/nats.go/examples/nats-echo && go install && cd || exit - nats-echo -s nats://$NATS_USER:$NATS_PASS@${HELM_RELEASE}.${NAMESPACE}.svc.cluster.local:4222 SomeSubject & - nats-pub -s nats://$NATS_USER:$NATS_PASS@${HELM_RELEASE}.${NAMESPACE}.svc.cluster.local:4222 -reply Hi SomeSubject 'Hi everyone'" > "$SCRIPTPATH"/commands.sh - - chmod +x "$SCRIPTPATH"/commands.sh - POD_NAME="nats-release-client" - kubectl -n "${NAMESPACE}" cp "${SCRIPTPATH}"/commands.sh "${POD_NAME}":/tmp/common_commands.sh - - kubectl -n "${NAMESPACE}" exec -i "${POD_NAME}" -- bash -c "/tmp/common_commands.sh" - - # delete the generated commands.sh - rm "$SCRIPTPATH"/commands.sh -} diff --git a/community_images/nats/bitnami/dc_coverage.sh b/community_images/nats/bitnami/dc_coverage.sh deleted file mode 100755 index f1e9de1475..0000000000 --- a/community_images/nats/bitnami/dc_coverage.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -set -x -set -e - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" diff --git a/community_images/nats/bitnami/docker-compose.yml b/community_images/nats/bitnami/docker-compose.yml deleted file mode 100644 index 00f446899b..0000000000 --- a/community_images/nats/bitnami/docker-compose.yml +++ /dev/null @@ -1,11 +0,0 @@ -version: '2' - -services: - nats1: - image: ${NATS_IMAGE_REPOSITORY}:${NATS_IMAGE_TAG} - cap_add: - - SYS_PTRACE - ports: - - '4222:4222' - - '6222:6222' - - '8222:8222' diff --git a/community_images/nats/bitnami/docker_coverage.sh b/community_images/nats/bitnami/docker_coverage.sh deleted file mode 100755 index f1e9de1475..0000000000 --- a/community_images/nats/bitnami/docker_coverage.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -set -x -set -e - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" diff --git a/community_images/nats/bitnami/image.yml b/community_images/nats/bitnami/image.yml deleted file mode 100644 index 349e8693ae..0000000000 --- a/community_images/nats/bitnami/image.yml +++ /dev/null @@ -1,47 +0,0 @@ -name: nats -official_name: NATS -official_website: https://nats.io -source_image_provider: Bitnami -source_image_repo: docker.io/bitnami/nats -source_image_repo_link: https://hub.docker.com/r/bitnami/nats -source_image_readme: https://github.com/bitnami/containers/blob/main/bitnami/nats/README.md -rf_docker_link: rapidfort/nats -image_workflow_name: nats_bitnami -github_location: nats/bitnami -report_url: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fnats -usage_instructions: | - $ helm repo add bitnami https://charts.bitnami.com/bitnami - - # install nats, just replace repository with RapidFort registry - $ helm install my-nats bitnami/nats --set image.repository=rapidfort/nats -what_is_text: | - NATS is a connective technology built for the ever increasingly hyper-connected world. It is a single technology that enables applications to securely communicate across any combination of cloud vendors, on-premise, edge, web and mobile, and devices. NATS consists of a family of open source products that are tightly integrated but can be deployed easily and independently. NATS is being used globally by thousands of companies, spanning use-cases including microservices, edge computing, mobile, IoT and can be used to augment or replace traditional messaging -disclaimer: | - Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. -input_registry: - registry: docker.io - account: bitnami -repo_sets: - - nats: - input_base_tag: "2.10.2-debian-11-r" -runtimes: - - type: k8s - script: k8s_coverage.sh - helm: - repo: bitnami - repo_url: https://charts.bitnami.com/bitnami - chart: nats - image_keys: - nats: - repository: "image.repository" - tag: "image.tag" - override_file: "overrides.yml" - - type: docker_compose - script: dc_coverage.sh - compose_file: docker-compose.yml - image_keys: - nats: - repository: "NATS_IMAGE_REPOSITORY" - tag: "NATS_IMAGE_TAG" - - type: docker - script: docker_coverage.sh diff --git a/community_images/nats/bitnami/k8s_coverage.sh b/community_images/nats/bitnami/k8s_coverage.sh deleted file mode 100755 index 4b8ea90e2b..0000000000 --- a/community_images/nats/bitnami/k8s_coverage.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash - -set -x -set -e - -# shellcheck disable=SC1091 -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -# shellcheck disable=SC1091 -. "${SCRIPTPATH}"/coverage.sh - -JSON_PARAMS="$1" - -NAMESPACE=$(jq -r '.namespace_name' < "$JSON_PARAMS") -RELEASE_NAME=$(jq -r '.release_name' < "$JSON_PARAMS") - -test_nats "${NAMESPACE}" "${RELEASE_NAME}" diff --git a/community_images/nats/bitnami/overrides.yml b/community_images/nats/bitnami/overrides.yml deleted file mode 100644 index 6584d81765..0000000000 --- a/community_images/nats/bitnami/overrides.yml +++ /dev/null @@ -1,20 +0,0 @@ -image: - pullSecrets: ["rf-regcred"] - pullPolicy: Always -containerSecurityContext: - enabled: true - runAsUser: 1001 - allowPrivilegeEscalation: true - capabilities: - add: ["SYS_PTRACE"] -resourceType: deployment -replicaCount: 1 -extraEnvVars: - - name: "RF_VERBOSE" - value: "0" -livenessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 -readinessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 diff --git a/community_images/nats/ironbank/README.md b/community_images/nats/ironbank/README.md deleted file mode 100644 index 85b2686800..0000000000 --- a/community_images/nats/ironbank/README.md +++ /dev/null @@ -1,139 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for NATS Ironbank - -RapidFort’s container optimization process hardened this NATS Ironbank container. This container is free to use and has no license limitations. - -It is the same as the [Platform One NATS Ironbank][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is NATS Ironbank? - -> NATS is a connective technology built for the ever increasingly hyper-connected world. It is a single technology that enables applications to securely communicate across any combination of cloud vendors, on-premise, edge, web and mobile, and devices. NATS consists of a family of open source products that are tightly integrated but can be deployed easily and independently. NATS is being used globally by thousands of companies, spanning use-cases including microservices, edge computing, mobile, IoT and can be used to augment or replace traditional messaging - - -[Overview of NATS Ironbank](https://nats.io) - -Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - - -## How do I use this hardened NATS Ironbank image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -# Run NATS server using docker run -$ docker run -d --name nats-main -p 4222:4222 -p 6222:6222 -p 8222:8222 rapidfort/nats-ib - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [Platform One NATS Ironbank][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [Platform One NATS Ironbank][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/nats-ib][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=nats-ib&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fsynadia%2Fnats-server?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=nats-ib&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fsynadia%2Fnats-server?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=nats-ib&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fsynadia%2Fnats-server?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=nats-ib&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fsynadia%2Fnats-server?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=nats-ib&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fsynadia%2Fnats-server?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=nats-ib&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/nats-ib?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/nats-ib?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/nats/ironbank/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/nats/ironbank/assets/cve_reduction.webp - -[source-image-repo-link]: https://registry1.dso.mil/harbor/projects/3/repositories/opensource%2Fsynadia%2Fnats-server -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/nats-ib diff --git a/community_images/nats/ironbank/assets/cve_reduction.webp b/community_images/nats/ironbank/assets/cve_reduction.webp deleted file mode 100644 index a73cd971d9..0000000000 Binary files a/community_images/nats/ironbank/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/nats/ironbank/assets/metrics.webp b/community_images/nats/ironbank/assets/metrics.webp deleted file mode 100644 index 8dcc372ef4..0000000000 Binary files a/community_images/nats/ironbank/assets/metrics.webp and /dev/null differ diff --git a/community_images/nats/ironbank/coverage.sh b/community_images/nats/ironbank/coverage.sh deleted file mode 100644 index 11962ee789..0000000000 --- a/community_images/nats/ironbank/coverage.sh +++ /dev/null @@ -1,45 +0,0 @@ -#!/bin/bash - -set -e -set -x - -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -function test_nats() { - local NAMESPACE=$1 - local RELEASE_NAME=$2 - - NATS_SERVER=$(kubectl get pod "${RELEASE_NAME}" -n "${NAMESPACE}" --template '{{.status.podIP}}') - - # NATS_USER=$(kubectl get secret --namespace "${NAMESPACE}" "${RELEASE_NAME}" -o jsonpath='{.data.*}' | base64 -d | grep -m 1 user | awk '{print $2}' | tr -d '"') - # NATS_PASS=$(kubectl get secret --namespace "${NAMESPACE}" "${RELEASE_NAME}" -o jsonpath='{.data.*}' | base64 -d | grep -m 1 password | awk '{print $2}' | tr -d '"') - NATS_USER=ruser - NATS_PASS=T0pS3cr3t - - echo -e "Client credentials:\n\tUser: $NATS_USER\n\tPassword: $NATS_PASS" - - # clean up the pod with name nats-release-client first if present already - kubectl delete pod nats-release-client --namespace "${NAMESPACE}" --ignore-not-found=true - kubectl run nats-release-client --restart='Never' --env="NATS_USER=$NATS_USER" --env="NATS_PASS=$NATS_PASS" --image docker.io/bitnami/golang --namespace "${NAMESPACE}" --command -- sleep infinity - # wait for nats client to come up - kubectl wait pods nats-release-client -n "${NAMESPACE}" --for=condition=ready --timeout=10m - echo "#!/bin/bash - set -x - set -e - GO111MODULE=off go get github.com/nats-io/nats.go - cd \"\$GOPATH\"/src/github.com/nats-io/nats.go/examples/nats-pub && go install && cd || exit - cd \"\$GOPATH\"/src/github.com/nats-io/nats.go/examples/nats-echo && go install && cd || exit - nats-echo -s nats://$NATS_USER:$NATS_PASS@${NATS_SERVER}:4222 SomeSubject & - nats-pub -s nats://$NATS_USER:$NATS_PASS@${NATS_SERVER}:4222 -reply Hi SomeSubject 'Hi everyone'" > "$SCRIPTPATH"/commands.sh - # nats-echo -s nats://$NATS_USER:$NATS_PASS@${RELEASE_NAME}.${NAMESPACE}.svc.cluster.local:4222 SomeSubject & - # nats-pub -s nats://$NATS_USER:$NATS_PASS@${RELEASE_NAME}.${NAMESPACE}.svc.cluster.local:4222 -reply Hi SomeSubject 'Hi everyone'" > "$SCRIPTPATH"/commands.sh - - chmod +x "$SCRIPTPATH"/commands.sh - POD_NAME="nats-release-client" - kubectl -n "${NAMESPACE}" cp "${SCRIPTPATH}"/commands.sh "${POD_NAME}":/tmp/common_commands.sh - - kubectl -n "${NAMESPACE}" exec -i "${POD_NAME}" -- bash -c "/tmp/common_commands.sh" - - # delete the generated commands.sh - rm "$SCRIPTPATH"/commands.sh -} diff --git a/community_images/nats/ironbank/image.yml b/community_images/nats/ironbank/image.yml deleted file mode 100644 index c3f1d61121..0000000000 --- a/community_images/nats/ironbank/image.yml +++ /dev/null @@ -1,36 +0,0 @@ -name: nats-ib -official_name: NATS Ironbank -official_website: https://nats.io -source_image_provider: Platform One -source_image_repo: registry1.dso.mil/ironbank/opensource/synadia/nats-server -source_image_repo_link: https://registry1.dso.mil/harbor/projects/3/repositories/opensource%2Fsynadia%2Fnats-server -source_image_readme: https://repo1.dso.mil/dsop/opensource/synadia/nats-server/-/blob/development/README.md -rf_docker_link: rapidfort/nats-ib -image_workflow_name: nats_ironbank -github_location: nats/ironbank -report_url: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fsynadia%2Fnats-server -usage_instructions: | - # Run NATS server using docker run - $ docker run -d --name nats-main -p 4222:4222 -p 6222:6222 -p 8222:8222 rapidfort/nats-ib -what_is_text: | - NATS is a connective technology built for the ever increasingly hyper-connected world. It is a single technology that enables applications to securely communicate across any combination of cloud vendors, on-premise, edge, web and mobile, and devices. NATS consists of a family of open source products that are tightly integrated but can be deployed easily and independently. NATS is being used globally by thousands of companies, spanning use-cases including microservices, edge computing, mobile, IoT and can be used to augment or replace traditional messaging -disclaimer: | - Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. -input_registry: - registry: registry1.dso.mil - account: ironbank -repo_sets: - - opensource/synadia/nats-server: - input_base_tag: "2.9." - output_repo: nats-ib -runtimes: - - type: k8s - script: k8s_coverage.sh - use_helm: False - image_keys: - nats-ib: - repository: "image.repository" - tag: "image.tag" - override_file: "overrides.yml" - readiness_wait_pod_name_suffix: - - "" diff --git a/community_images/nats/ironbank/k8s_coverage.sh b/community_images/nats/ironbank/k8s_coverage.sh deleted file mode 100755 index 4b8ea90e2b..0000000000 --- a/community_images/nats/ironbank/k8s_coverage.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash - -set -x -set -e - -# shellcheck disable=SC1091 -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -# shellcheck disable=SC1091 -. "${SCRIPTPATH}"/coverage.sh - -JSON_PARAMS="$1" - -NAMESPACE=$(jq -r '.namespace_name' < "$JSON_PARAMS") -RELEASE_NAME=$(jq -r '.release_name' < "$JSON_PARAMS") - -test_nats "${NAMESPACE}" "${RELEASE_NAME}" diff --git a/community_images/nats/ironbank/overrides.yml b/community_images/nats/ironbank/overrides.yml deleted file mode 100644 index 6584d81765..0000000000 --- a/community_images/nats/ironbank/overrides.yml +++ /dev/null @@ -1,20 +0,0 @@ -image: - pullSecrets: ["rf-regcred"] - pullPolicy: Always -containerSecurityContext: - enabled: true - runAsUser: 1001 - allowPrivilegeEscalation: true - capabilities: - add: ["SYS_PTRACE"] -resourceType: deployment -replicaCount: 1 -extraEnvVars: - - name: "RF_VERBOSE" - value: "0" -livenessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 -readinessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 diff --git a/community_images/nats/official/README.md b/community_images/nats/official/README.md deleted file mode 100644 index e6cf521ab1..0000000000 --- a/community_images/nats/official/README.md +++ /dev/null @@ -1,141 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for NATS Official - -RapidFort’s container optimization process hardened this NATS Official container. This container is free to use and has no license limitations. - -It is the same as the [NATS NATS Official][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is NATS Official? - -> NATS is a connective technology built for the ever increasingly hyper-connected world. It is a single technology that enables applications to securely communicate across any combination of cloud vendors, on-premise, edge, web and mobile, and devices. NATS consists of a family of open source products that are tightly integrated but can be deployed easily and independently. NATS is being used globally by thousands of companies, spanning use-cases including microservices, edge computing, mobile, IoT and can be used to augment or replace traditional messaging - - -[Overview of NATS Official](https://nats.io) - -Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - - -## How do I use this hardened NATS Official image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -$ helm repo add nats https://nats-io.github.io/k8s/helm/charts/ - -# install nats, just replace repository with RapidFort registry -$ helm install my-nats nats/nats --set image.repository=rapidfort/nats-official - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [NATS NATS Official][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [NATS NATS Official][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/nats-official][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=nats-official&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fnats?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=nats-official&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fnats?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=nats-official&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fnats?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=nats-official&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fnats?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=nats-official&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fnats?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=nats-official&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/nats-official?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/nats-official?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/nats/official/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/nats/official/assets/cve_reduction.webp - -[source-image-repo-link]: https://hub.docker.com/_/nats -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/nats-official diff --git a/community_images/nats/official/assets/cve_reduction.webp b/community_images/nats/official/assets/cve_reduction.webp deleted file mode 100644 index 369cbb0b8b..0000000000 Binary files a/community_images/nats/official/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/nats/official/assets/metrics.webp b/community_images/nats/official/assets/metrics.webp deleted file mode 100644 index f88caa555a..0000000000 Binary files a/community_images/nats/official/assets/metrics.webp and /dev/null differ diff --git a/community_images/nats/official/coverage.sh b/community_images/nats/official/coverage.sh deleted file mode 100644 index db14e799b4..0000000000 --- a/community_images/nats/official/coverage.sh +++ /dev/null @@ -1,38 +0,0 @@ -#!/bin/bash - -set -e -set -x - -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -function test_nats() { - local NAMESPACE=$1 - local HELM_RELEASE=$2 - - # NATS_USER=$(kubectl get secret --namespace "${NAMESPACE}" "${HELM_RELEASE}" -o jsonpath='{.data.*}' | base64 -d | grep -m 1 user | awk '{print $2}' | tr -d '"') - # NATS_PASS=$(kubectl get secret --namespace "${NAMESPACE}" "${HELM_RELEASE}" -o jsonpath='{.data.*}' | base64 -d | grep -m 1 password | awk '{print $2}' | tr -d '"') - NATS_USER="testuser" - NATS_PASS="testpass" - echo -e "Client credentials:\n\tUser: $NATS_USER\n\tPassword: $NATS_PASS" - - # clean up the pod with name nats-release-client first if present already - kubectl delete pod nats-release-client --namespace "${NAMESPACE}" --ignore-not-found=true - kubectl run nats-release-client --restart='Never' --env="NATS_USER=$NATS_USER" --env="NATS_PASS=$NATS_PASS" --image docker.io/bitnami/golang --namespace "${NAMESPACE}" --command -- sleep infinity - # wait for nats client to come up - kubectl wait pods nats-release-client -n "${NAMESPACE}" --for=condition=ready --timeout=10m - echo "#!/bin/bash - GO111MODULE=off go get github.com/nats-io/nats.go - cd \"\$GOPATH\"/src/github.com/nats-io/nats.go/examples/nats-pub && go install && cd || exit - cd \"\$GOPATH\"/src/github.com/nats-io/nats.go/examples/nats-echo && go install && cd || exit - nats-echo -s nats://$NATS_USER:$NATS_PASS@${HELM_RELEASE}.${NAMESPACE}.svc.cluster.local:4222 SomeSubject & - nats-pub -s nats://$NATS_USER:$NATS_PASS@${HELM_RELEASE}.${NAMESPACE}.svc.cluster.local:4222 -reply Hi SomeSubject 'Hi everyone'" > "$SCRIPTPATH"/commands.sh - - chmod +x "$SCRIPTPATH"/commands.sh - POD_NAME="nats-release-client" - kubectl -n "${NAMESPACE}" cp "${SCRIPTPATH}"/commands.sh "${POD_NAME}":/tmp/common_commands.sh - - kubectl -n "${NAMESPACE}" exec -i "${POD_NAME}" -- bash -c "/tmp/common_commands.sh" - - # delete the generated commands.sh - rm "$SCRIPTPATH"/commands.sh -} diff --git a/community_images/nats/official/dc_coverage.sh b/community_images/nats/official/dc_coverage.sh deleted file mode 100755 index f1e9de1475..0000000000 --- a/community_images/nats/official/dc_coverage.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -set -x -set -e - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" diff --git a/community_images/nats/official/docker-compose.yml b/community_images/nats/official/docker-compose.yml deleted file mode 100644 index 00f446899b..0000000000 --- a/community_images/nats/official/docker-compose.yml +++ /dev/null @@ -1,11 +0,0 @@ -version: '2' - -services: - nats1: - image: ${NATS_IMAGE_REPOSITORY}:${NATS_IMAGE_TAG} - cap_add: - - SYS_PTRACE - ports: - - '4222:4222' - - '6222:6222' - - '8222:8222' diff --git a/community_images/nats/official/docker_coverage.sh b/community_images/nats/official/docker_coverage.sh deleted file mode 100755 index f1e9de1475..0000000000 --- a/community_images/nats/official/docker_coverage.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -set -x -set -e - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" diff --git a/community_images/nats/official/image.yml b/community_images/nats/official/image.yml deleted file mode 100644 index 05793a7a17..0000000000 --- a/community_images/nats/official/image.yml +++ /dev/null @@ -1,55 +0,0 @@ -name: nats-official -official_name: NATS Official -official_website: https://nats.io -source_image_provider: NATS -source_image_repo: docker.io/library/nats -source_image_repo_link: https://hub.docker.com/_/nats -source_image_readme: https://github.com/nats-io/nats-docker/blob/main/README.md -rf_docker_link: rapidfort/nats-official -image_workflow_name: nats_official -github_location: nats/official -report_url: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fnats -usage_instructions: | - $ helm repo add nats https://nats-io.github.io/k8s/helm/charts/ - - # install nats, just replace repository with RapidFort registry - $ helm install my-nats nats/nats --set image.repository=rapidfort/nats-official -what_is_text: | - NATS is a connective technology built for the ever increasingly hyper-connected world. It is a single technology that enables applications to securely communicate across any combination of cloud vendors, on-premise, edge, web and mobile, and devices. NATS consists of a family of open source products that are tightly integrated but can be deployed easily and independently. NATS is being used globally by thousands of companies, spanning use-cases including microservices, edge computing, mobile, IoT and can be used to augment or replace traditional messaging -disclaimer: | - Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. -input_registry: - registry: docker.io - account: library -repo_sets: - - nats: - input_base_tag: "2.9.*" - output_repo: nats-official -needs_common_commands: False -runtimes: - - type: k8s - script: k8s_coverage.sh - helm: - repo: nats - repo_url: https://nats-io.github.io/k8s/helm/charts/ - chart: nats - image_keys: - nats-official: - repository: "image.repository" - tag: "image.tag" - override_file: "overrides.yml" - helm_additional_params: - auth.enabled: true - auth.user: "testuser" - auth.password: "testpass" - auth.token: "" - auth.timeout: 1 - auth.usersCredentials: [] - auth.noAuthUser: "" - - type: docker_compose - script: dc_coverage.sh - compose_file: docker-compose.yml - image_keys: - nats-official: - repository: "NATS_IMAGE_REPOSITORY" - tag: "NATS_IMAGE_TAG" diff --git a/community_images/nats/official/k8s_coverage.sh b/community_images/nats/official/k8s_coverage.sh deleted file mode 100755 index 4b8ea90e2b..0000000000 --- a/community_images/nats/official/k8s_coverage.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash - -set -x -set -e - -# shellcheck disable=SC1091 -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -# shellcheck disable=SC1091 -. "${SCRIPTPATH}"/coverage.sh - -JSON_PARAMS="$1" - -NAMESPACE=$(jq -r '.namespace_name' < "$JSON_PARAMS") -RELEASE_NAME=$(jq -r '.release_name' < "$JSON_PARAMS") - -test_nats "${NAMESPACE}" "${RELEASE_NAME}" diff --git a/community_images/nats/official/overrides.yml b/community_images/nats/official/overrides.yml deleted file mode 100644 index 6584d81765..0000000000 --- a/community_images/nats/official/overrides.yml +++ /dev/null @@ -1,20 +0,0 @@ -image: - pullSecrets: ["rf-regcred"] - pullPolicy: Always -containerSecurityContext: - enabled: true - runAsUser: 1001 - allowPrivilegeEscalation: true - capabilities: - add: ["SYS_PTRACE"] -resourceType: deployment -replicaCount: 1 -extraEnvVars: - - name: "RF_VERBOSE" - value: "0" -livenessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 -readinessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 diff --git a/community_images/nginx/bitnami/.rfignore b/community_images/nginx/bitnami/.rfignore deleted file mode 100644 index 65f311e731..0000000000 --- a/community_images/nginx/bitnami/.rfignore +++ /dev/null @@ -1,6 +0,0 @@ -opt/bitnami/nginx/conf -opt/bitnami/scripts -opt/bitnami/common/licenses -opt/bitnami/licenses -opt/bitnami/nginx/licenses -usr/share/common-licenses diff --git a/community_images/nginx/bitnami/README.md b/community_images/nginx/bitnami/README.md deleted file mode 100644 index 4358c439e0..0000000000 --- a/community_images/nginx/bitnami/README.md +++ /dev/null @@ -1,143 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for NGINX - -RapidFort’s container optimization process hardened this NGINX container. This container is free to use and has no license limitations. - -It is the same as the [Bitnami NGINX][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is NGINX? - -> Nginx (pronounced "engine-x") is an open source reverse proxy server for HTTP, HTTPS, SMTP, POP3, and IMAP protocols, as well as a load balancer, HTTP cache, and a web server (origin server). The nginx project started with a strong focus on high concurrency, high performance and low memory usage. It is licensed under the 2-clause BSD-like license and it runs on Linux, BSD variants, Mac OS X, Solaris, AIX, HP-UX, as well as on other *nix flavors. It also has a proof of concept port for Microsoft Windows. - - -[Overview of NGINX](http://nginx.org/) - -Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - - -## How do I use this hardened NGINX image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -$ helm repo add bitnami https://charts.bitnami.com/bitnami - -# install nginx, just replace repository with RapidFort registry -$ helm install my-nginx bitnami/nginx --set image.repository=rapidfort/nginx - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [Bitnami NGINX][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [Bitnami NGINX][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/nginx][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links -* [`1.25`, `1.25-debian-11`, `1.25.3`, `1.25.3-debian-11-r` (1.25/debian-11/Dockerfile)](https://github.com/bitnami/containers/tree/main/bitnami/nginx/1.25/debian-11/Dockerfile) -* [`1.24`, `1.24-debian-11`, `1.24.0`, `1.24.0-debian-11-r` (1.24/debian-11/Dockerfile)](https://github.com/bitnami/containers/tree/main/bitnami/nginx/1.24/debian-11/Dockerfile) - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=nginx&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fnginx?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=nginx&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fnginx?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=nginx&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fnginx?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=nginx&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fnginx?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=nginx&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fnginx?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=nginx&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/nginx?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/nginx?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/nginx/bitnami/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/nginx/bitnami/assets/cve_reduction.webp - -[source-image-repo-link]: https://hub.docker.com/r/bitnami/nginx -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/nginx diff --git a/community_images/nginx/bitnami/assets/cve_reduction.webp b/community_images/nginx/bitnami/assets/cve_reduction.webp deleted file mode 100644 index 928b4a9e4e..0000000000 Binary files a/community_images/nginx/bitnami/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/nginx/bitnami/assets/metrics.webp b/community_images/nginx/bitnami/assets/metrics.webp deleted file mode 100644 index a19f36fe57..0000000000 Binary files a/community_images/nginx/bitnami/assets/metrics.webp and /dev/null differ diff --git a/community_images/nginx/bitnami/configs/server_block_backends.conf b/community_images/nginx/bitnami/configs/server_block_backends.conf deleted file mode 100644 index fbdfb561be..0000000000 --- a/community_images/nginx/bitnami/configs/server_block_backends.conf +++ /dev/null @@ -1,9 +0,0 @@ -upstream backend_a { - server backend1a; - server backend2a; -} - -upstream backend_b { - server backend1b; - server backend2b; -} \ No newline at end of file diff --git a/community_images/nginx/bitnami/configs/server_include_backends.conf b/community_images/nginx/bitnami/configs/server_include_backends.conf deleted file mode 100644 index d607e1f009..0000000000 --- a/community_images/nginx/bitnami/configs/server_include_backends.conf +++ /dev/null @@ -1,27 +0,0 @@ -listen 8443 ssl; - -ssl_certificate bitnami/certs/server.crt; -ssl_certificate_key bitnami/certs/server.key; -ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; -ssl_session_cache shared:SSL:1m; -ssl_session_timeout 5m; - -ssl_ciphers HIGH:!aNULL:!MD5; -ssl_prefer_server_ciphers on; - -location /a { - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header HOST $http_host; - proxy_set_header X-NginX-Proxy true; - - proxy_pass http://backend_a; -} - -location /b { - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header HOST $http_host; - proxy_set_header X-NginX-Proxy true; - - proxy_pass http://backend_b; - proxy_redirect off; -} diff --git a/community_images/nginx/bitnami/coverage_script.sh b/community_images/nginx/bitnami/coverage_script.sh deleted file mode 100755 index 3bff5c9f3c..0000000000 --- a/community_images/nginx/bitnami/coverage_script.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash - -set -x -set -e - -declare -a MODULE_ARRAY=("ngx_http_brotli_static_module" "ngx_stream_geoip2_module" "ngx_http_brotli_filter_module" "ngx_http_geoip2_module"); -for module in "${MODULE_ARRAY[@]}" -do - echo "load_module modules/${module}.so;" | cat - /opt/bitnami/nginx/conf/nginx.conf > /tmp/nginx.conf && \ - cp /tmp/nginx.conf /opt/bitnami/nginx/conf/nginx.conf -done - -/opt/bitnami/scripts/nginx/reload.sh - -/opt/bitnami/scripts/nginx/status.sh - diff --git a/community_images/nginx/bitnami/dc_coverage.sh b/community_images/nginx/bitnami/dc_coverage.sh deleted file mode 100755 index c9911edae9..0000000000 --- a/community_images/nginx/bitnami/dc_coverage.sh +++ /dev/null @@ -1,40 +0,0 @@ -#!/bin/bash - -set -x -set -e - -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -# shellcheck disable=SC1091 -. "${SCRIPTPATH}"/../../common/scripts/bash_helper.sh - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" - -PROJECT_NAME=$(jq -r '.project_name' < "$JSON_PARAMS") -CONTAINER_NAME="${PROJECT_NAME}"-nginx-1 - -# exec into container and run coverage script -docker exec -i "${CONTAINER_NAME}" bash -c /opt/bitnami/scripts/coverage_script.sh - -# log for debugging -docker inspect "${CONTAINER_NAME}" - -# find non-tls and tls port -docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"8080/tcp\"[0].HostPort" -docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"8443/tcp\"[0].HostPort" -NON_TLS_PORT=$(docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"8080/tcp\"[0].HostPort") -TLS_PORT=$(docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"8443/tcp\"[0].HostPort") - -# run curl in loop for different endpoints -for i in {1..20}; -do - echo "Attempt $i" - curl http://localhost:"${NON_TLS_PORT}"/a - curl http://localhost:"${NON_TLS_PORT}"/b - with_backoff curl https://localhost:"${TLS_PORT}"/a -k -v - with_backoff curl https://localhost:"${TLS_PORT}"/b -k -v -done \ No newline at end of file diff --git a/community_images/nginx/bitnami/docker-compose.yml b/community_images/nginx/bitnami/docker-compose.yml deleted file mode 100644 index 1226cebaae..0000000000 --- a/community_images/nginx/bitnami/docker-compose.yml +++ /dev/null @@ -1,39 +0,0 @@ -version: '2' - -services: - nginx: - image: ${NGINX_IMAGE_REPOSITORY}:${NGINX_IMAGE_TAG} - user: root - cap_add: - - SYS_PTRACE - ports: - - '0.0.0.0::8080' - - '0.0.0.0::8443' - volumes: - - ./configs/server_block_backends.conf:/opt/bitnami/nginx/conf/server_blocks/server_block_backends.conf:ro - - ./configs/server_include_backends.conf:/opt/bitnami/nginx/conf/bitnami/server_include_backends.conf:ro - - ./coverage_script.sh:/opt/bitnami/scripts/coverage_script.sh - backend1a: - image: nginxdemos/hello:plain-text - cap_add: - - SYS_PTRACE - ports: - - '80' - backend1b: - image: nginxdemos/hello:plain-text - cap_add: - - SYS_PTRACE - ports: - - '80' - backend2a: - image: nginxdemos/hello:plain-text - cap_add: - - SYS_PTRACE - ports: - - '80' - backend2b: - image: nginxdemos/hello:plain-text - cap_add: - - SYS_PTRACE - ports: - - '80' diff --git a/community_images/nginx/bitnami/image.yml b/community_images/nginx/bitnami/image.yml deleted file mode 100644 index b8483ad8d8..0000000000 --- a/community_images/nginx/bitnami/image.yml +++ /dev/null @@ -1,54 +0,0 @@ -name: nginx -official_name: NGINX -official_website: http://nginx.org/ -source_image_provider: Bitnami -source_image_repo: docker.io/bitnami/nginx -source_image_repo_link: https://hub.docker.com/r/bitnami/nginx -source_image_readme: https://github.com/bitnami/containers/blob/main/bitnami/nginx/README.md -rf_docker_link: rapidfort/nginx -image_workflow_name: nginx_bitnami -github_location: nginx/bitnami -report_url: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fnginx -usage_instructions: | - $ helm repo add bitnami https://charts.bitnami.com/bitnami - - # install nginx, just replace repository with RapidFort registry - $ helm install my-nginx bitnami/nginx --set image.repository=rapidfort/nginx -what_is_text: | - Nginx (pronounced "engine-x") is an open source reverse proxy server for HTTP, HTTPS, SMTP, POP3, and IMAP protocols, as well as a load balancer, HTTP cache, and a web server (origin server). The nginx project started with a strong focus on high concurrency, high performance and low memory usage. It is licensed under the 2-clause BSD-like license and it runs on Linux, BSD variants, Mac OS X, Solaris, AIX, HP-UX, as well as on other *nix flavors. It also has a proof of concept port for Microsoft Windows. -disclaimer: | - Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. -input_registry: - registry: docker.io - account: bitnami -repo_sets: - - nginx: - input_base_tag: "1.25.2-debian-11-r" - - nginx: - input_base_tag: "1.24.0-debian-11-r" -runtimes: - - type: k8s - script: k8s_coverage.sh - helm: - repo: bitnami - repo_url: https://charts.bitnami.com/bitnami - chart: nginx - tls_certs: - generate: true - secret_name: localhost-server-tls - common_name: localhost - image_keys: - nginx: - repository: "image.repository" - tag: "image.tag" - override_file: "overrides.yml" - - type: docker_compose - script: dc_coverage.sh - compose_file: docker-compose.yml - tls_certs: - generate: true - out_dir: certs - image_keys: - nginx: - repository: "NGINX_IMAGE_REPOSITORY" - tag: "NGINX_IMAGE_TAG" diff --git a/community_images/nginx/bitnami/k8s_coverage.sh b/community_images/nginx/bitnami/k8s_coverage.sh deleted file mode 100755 index 7e810330e4..0000000000 --- a/community_images/nginx/bitnami/k8s_coverage.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/bash - -set -x -set -e - -JSON_PARAMS="$1" - -NAMESPACE=$(jq -r '.namespace_name' < "$JSON_PARAMS") -RELEASE_NAME=$(jq -r '.release_name' < "$JSON_PARAMS") - -# fetch service url and store the urls in URLS file -rm -f URLS -URL=$(minikube service "${RELEASE_NAME}" -n "${NAMESPACE}" --url) - -# sleep 5 after minikube service (Required) -sleep 5 - -# curl to http url -curl "${URL}" - -# fetch minikube ip -MINIKUBE_IP=$(minikube ip) - -# curl to https url -curl http://"${MINIKUBE_IP}" -k \ No newline at end of file diff --git a/community_images/nginx/bitnami/overrides.yml b/community_images/nginx/bitnami/overrides.yml deleted file mode 100644 index d10e24319d..0000000000 --- a/community_images/nginx/bitnami/overrides.yml +++ /dev/null @@ -1,23 +0,0 @@ -image: - pullSecrets: ["rf-regcred"] - pullPolicy: Always -containerSecurityContext: - enabled: true - runAsUser: 0 - runAsNonRoot: false - allowPrivilegeEscalation: true - capabilities: - add: ["SYS_PTRACE"] -extraEnvVars: - - name: "RF_VERBOSE" - value: "0" -livenessProbe: - enabled: false -readinessProbe: - enabled: false -cloneStaticSiteFromGit: - enabled: true - repository: https://github.com/mdn/beginner-html-site-styled.git - branch: master -ingress: - enabled: true diff --git a/community_images/nginx/ironbank/.rfignore b/community_images/nginx/ironbank/.rfignore deleted file mode 100644 index aed237496c..0000000000 --- a/community_images/nginx/ironbank/.rfignore +++ /dev/null @@ -1,6 +0,0 @@ -usr/share/nginx -usr/libexec/initscripts/legacy-actions/nginx -etc/nginx -usr/lib/systemd/system/nginx* -usr/lib64/nginx/modules -usr/share/licenses diff --git a/community_images/nginx/ironbank/README.md b/community_images/nginx/ironbank/README.md deleted file mode 100644 index 590328f528..0000000000 --- a/community_images/nginx/ironbank/README.md +++ /dev/null @@ -1,139 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for NGINX IronBank - -RapidFort’s container optimization process hardened this NGINX IronBank container. This container is free to use and has no license limitations. - -It is the same as the [Platform One NGINX IronBank][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is NGINX IronBank? - -> Nginx (pronounced "engine-x") is an open source reverse proxy server for HTTP, HTTPS, SMTP, POP3, and IMAP protocols, as well as a load balancer, HTTP cache, and a web server (origin server). The nginx project started with a strong focus on high concurrency, high performance and low memory usage. It is licensed under the 2-clause BSD-like license and it runs on Linux, BSD variants, Mac OS X, Solaris, AIX, HP-UX, as well as on other *nix flavors. It also has a proof of concept port for Microsoft Windows. - - -[Overview of NGINX IronBank](http://nginx.org/) - -Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - - -## How do I use this hardened NGINX IronBank image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -$ docker run -v /some/content:/usr/share/nginx/html:ro -d rapidfort/nginx-ib:latest - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [Platform One NGINX IronBank][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [Platform One NGINX IronBank][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/nginx-ib][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links -* [`latest` (Dockerfile)](https://repo1.dso.mil/dsop/opensource/nginx/nginx/-/blob/development/Dockerfile) - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=nginx-ib&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fnginx%2Fnginx?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=nginx-ib&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fnginx%2Fnginx?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=nginx-ib&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fnginx%2Fnginx?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=nginx-ib&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fnginx%2Fnginx?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=nginx-ib&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fnginx%2Fnginx?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=nginx-ib&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/nginx-ib?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/nginx-ib?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/nginx/ironbank/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/nginx/ironbank/assets/cve_reduction.webp - -[source-image-repo-link]: https://registry1.dso.mil/harbor/projects/3/repositories/opensource%2Fnginx%2Fnginx -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/nginx-ib diff --git a/community_images/nginx/ironbank/assets/cve_reduction.webp b/community_images/nginx/ironbank/assets/cve_reduction.webp deleted file mode 100644 index 5566ca708f..0000000000 Binary files a/community_images/nginx/ironbank/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/nginx/ironbank/assets/metrics.webp b/community_images/nginx/ironbank/assets/metrics.webp deleted file mode 100644 index 5b5245c77b..0000000000 Binary files a/community_images/nginx/ironbank/assets/metrics.webp and /dev/null differ diff --git a/community_images/nginx/ironbank/dc_coverage.sh b/community_images/nginx/ironbank/dc_coverage.sh deleted file mode 100755 index 80f65e1d29..0000000000 --- a/community_images/nginx/ironbank/dc_coverage.sh +++ /dev/null @@ -1,45 +0,0 @@ -#!/bin/bash - -set -x -set -e - -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -# shellcheck disable=SC1091 -. "${SCRIPTPATH}"/../../common/scripts/bash_helper.sh - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" - -PROJECT_NAME=$(jq -r '.project_name' < "$JSON_PARAMS") -CONTAINER_NAME="${PROJECT_NAME}"-nginx-1 - -# reloading nginx -docker exec -i "${CONTAINER_NAME}" nginx -s reload -sleep 10 -docker exec -i "${CONTAINER_NAME}" nginx -t - -# Condition to handle distroless container -TAG_NAME=$(jq -r '.runtime_props.image_keys.nginx-ib.tag' < "$JSON_PARAMS") -if [[ "$TAG_NAME" != *distroless* ]]; then - docker exec -i "${CONTAINER_NAME}" /tmp/common_commands.sh -fi - -# find non-tls and tls port -docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"8080/tcp\"[0].HostPort" -docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"8443/tcp\"[0].HostPort" -NON_TLS_PORT=$(docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"8080/tcp\"[0].HostPort") -TLS_PORT=$(docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"8443/tcp\"[0].HostPort") - -# run curl in loop for different endpoints -for i in {1..20}; -do - echo "Attempt $i" - curl http://localhost:"${NON_TLS_PORT}"/a - curl http://localhost:"${NON_TLS_PORT}"/b - with_backoff curl https://localhost:"${TLS_PORT}"/a -k -v - with_backoff curl https://localhost:"${TLS_PORT}"/b -k -v -done diff --git a/community_images/nginx/ironbank/docker-compose.yml b/community_images/nginx/ironbank/docker-compose.yml deleted file mode 100644 index 5fa555a91e..0000000000 --- a/community_images/nginx/ironbank/docker-compose.yml +++ /dev/null @@ -1,39 +0,0 @@ -version: '2' - -services: - nginx: - image: ${NGINX_IMAGE_REPOSITORY}:${NGINX_IMAGE_TAG} - user: root - cap_add: - - SYS_PTRACE - ports: - - '0.0.0.0::8080' - - '0.0.0.0::8443' - volumes: - - ./certs:/certs - - ./nginx.conf:/etc/nginx/nginx.conf:ro - - ./../../common/tests/common_commands.sh:/tmp/common_commands.sh - backend1a: - image: nginxdemos/hello:plain-text - cap_add: - - SYS_PTRACE - ports: - - '80' - backend1b: - image: nginxdemos/hello:plain-text - cap_add: - - SYS_PTRACE - ports: - - '80' - backend2a: - image: nginxdemos/hello:plain-text - cap_add: - - SYS_PTRACE - ports: - - '80' - backend2b: - image: nginxdemos/hello:plain-text - cap_add: - - SYS_PTRACE - ports: - - '80' \ No newline at end of file diff --git a/community_images/nginx/ironbank/image.yml b/community_images/nginx/ironbank/image.yml deleted file mode 100644 index 7fe9ebabd3..0000000000 --- a/community_images/nginx/ironbank/image.yml +++ /dev/null @@ -1,38 +0,0 @@ -name: nginx-ib -official_name: NGINX IronBank -official_website: http://nginx.org/ -source_image_provider: Platform One -source_image_repo: registry1.dso.mil/ironbank/opensource/nginx/nginx -source_image_repo_link: https://registry1.dso.mil/harbor/projects/3/repositories/opensource%2Fnginx%2Fnginx -source_image_readme: https://repo1.dso.mil/dsop/opensource/nginx/nginx/-/blob/development/README.md -rf_docker_link: rapidfort/nginx-ib -image_workflow_name: nginx_ironbank -github_location: nginx/ironbank -report_url: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fnginx%2Fnginx -usage_instructions: | - $ docker run -v /some/content:/usr/share/nginx/html:ro -d rapidfort/nginx-ib:latest -what_is_text: | - Nginx (pronounced "engine-x") is an open source reverse proxy server for HTTP, HTTPS, SMTP, POP3, and IMAP protocols, as well as a load balancer, HTTP cache, and a web server (origin server). The nginx project started with a strong focus on high concurrency, high performance and low memory usage. It is licensed under the 2-clause BSD-like license and it runs on Linux, BSD variants, Mac OS X, Solaris, AIX, HP-UX, as well as on other *nix flavors. It also has a proof of concept port for Microsoft Windows. -disclaimer: | - Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. -docker_links: - - "[`latest` (Dockerfile)](https://repo1.dso.mil/dsop/opensource/nginx/nginx/-/blob/development/Dockerfile)" -input_registry: - registry: registry1.dso.mil - account: ironbank -repo_sets: - - opensource/nginx/nginx: - input_base_tag: "1." - output_repo: nginx-ib -needs_common_commands: False -runtimes: - - type: docker_compose - script: dc_coverage.sh - compose_file: docker-compose.yml - tls_certs: - generate: true - out_dir: certs - image_keys: - nginx-ib: - repository: "NGINX_IMAGE_REPOSITORY" - tag: "NGINX_IMAGE_TAG" diff --git a/community_images/nginx/ironbank/nginx.conf b/community_images/nginx/ironbank/nginx.conf deleted file mode 100644 index 441113ffa8..0000000000 --- a/community_images/nginx/ironbank/nginx.conf +++ /dev/null @@ -1,108 +0,0 @@ -# The user directive is ignored because the container -# is run by user `nginx` and is unprivileged. This -# prevents nginx from switching users. Enabling this -# directive will simply cause nginx to ignore and -# proceed with the default `nginx` user. -user nginx; -worker_processes auto; - -#error_log logs/error.log; -error_log /var/log/nginx/error.log notice; -#error_log logs/error.log info; - - -pid /var/cache/nginx/nginx.pid; - -events { - worker_connections 1024; -} - - -http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log main; - sendfile on; - #tcp_nopush on; - - keepalive_timeout 65; - - #gzip on; - - include /etc/nginx/conf.d/*.conf; - - upstream backend_a { - server backend1a; - server backend2a; - } - - upstream backend_b { - server backend1b; - server backend2b; - } - - - - server { - # Port to listen on, can also be set in IP:PORT format - listen 8080; - - listen 8443 ssl; - server_name localhost; - - ssl_certificate /certs/server.crt; - ssl_certificate_key /certs/server.key; - ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; - ssl_session_cache shared:SSL:1m; - ssl_session_timeout 5m; - - ssl_ciphers HIGH:!aNULL:!MD5; - ssl_prefer_server_ciphers on; - - location /a { - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header HOST $http_host; - proxy_set_header X-NginX-Proxy true; - - proxy_pass http://backend_a; - } - - location /b { - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header HOST $http_host; - proxy_set_header X-NginX-Proxy true; - proxy_pass http://backend_b; - proxy_redirect off; - } - - location /status { - stub_status on; - access_log off; - allow 127.0.0.1; - deny all; - } - - #charset koi8-r; - - #access_log logs/host.access.log main; - - location / { - root html; - index index.html index.htm; - } - - #error_page 404 /404.html; - - # redirect server error pages to the static page /50x.html - # - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root html; - } - } -} \ No newline at end of file diff --git a/community_images/nginx/official/.rfignore b/community_images/nginx/official/.rfignore deleted file mode 100644 index 1c799e0088..0000000000 --- a/community_images/nginx/official/.rfignore +++ /dev/null @@ -1 +0,0 @@ -usr/share/common-licenses \ No newline at end of file diff --git a/community_images/nginx/official/README.md b/community_images/nginx/official/README.md deleted file mode 100644 index 66e235c8f1..0000000000 --- a/community_images/nginx/official/README.md +++ /dev/null @@ -1,144 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for NGINX Official - -RapidFort’s container optimization process hardened this NGINX Official container. This container is free to use and has no license limitations. - -It is the same as the [The NGINX Docker Maintainers NGINX Official][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is NGINX Official? - -> Nginx (pronounced "engine-x") is an open source reverse proxy server for HTTP, HTTPS, SMTP, POP3, and IMAP protocols, as well as a load balancer, HTTP cache, and a web server (origin server). The nginx project started with a strong focus on high concurrency, high performance and low memory usage. It is licensed under the 2-clause BSD-like license and it runs on Linux, BSD variants, Mac OS X, Solaris, AIX, HP-UX, as well as on other *nix flavors. It also has a proof of concept port for Microsoft Windows. - - -[Overview of NGINX Official](http://nginx.org/) - -Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - - -## How do I use this hardened NGINX Official image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -$ Using docker run: -$ docker run --name my-nginx-app -p 8080:80 -v /some/content:/usr/share/nginx/html:ro -d rapidfort/nginx-official - -# If you wish to change the default configuration: -$ docker run --name my-nginx-app -p 8080:80 -v /host/path/nginx.conf:/etc/nginx/nginx.conf:ro -d rapidfort/nginx-official - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [The NGINX Docker Maintainers NGINX Official][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [The NGINX Docker Maintainers NGINX Official][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/nginx-official][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links -* [`1.23.2-perl`, `mainline-perl`, `1-perl`, `1.23-perl`, `perl`](https://github.com/nginxinc/docker-nginx/blob/fef51235521d1cdf8b05d8cb1378a526d2abf421/mainline/debian-perl/Dockerfile) -* [`1.22.1-perl`, `stable-perl`, `1.22-perl`](https://github.com/nginxinc/docker-nginx/blob/fef51235521d1cdf8b05d8cb1378a526d2abf421/stable/debian-perl/Dockerfile) - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=nginx-official&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fnginx?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=nginx-official&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fnginx?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=nginx-official&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fnginx?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=nginx-official&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fnginx?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=nginx-official&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fnginx?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=nginx-official&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/nginx-official?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/nginx-official?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/nginx/official/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/nginx/official/assets/cve_reduction.webp - -[source-image-repo-link]: https://hub.docker.com/_/nginx -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/nginx-official diff --git a/community_images/nginx/official/assets/cve_reduction.webp b/community_images/nginx/official/assets/cve_reduction.webp deleted file mode 100644 index 0b44780f81..0000000000 Binary files a/community_images/nginx/official/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/nginx/official/assets/metrics.webp b/community_images/nginx/official/assets/metrics.webp deleted file mode 100644 index 9465bc1c5e..0000000000 Binary files a/community_images/nginx/official/assets/metrics.webp and /dev/null differ diff --git a/community_images/nginx/official/configs/nginx.conf b/community_images/nginx/official/configs/nginx.conf deleted file mode 100644 index 9291ea5f6b..0000000000 --- a/community_images/nginx/official/configs/nginx.conf +++ /dev/null @@ -1,122 +0,0 @@ -# The user directive is ignored because the container -# is run by user `nginx` and is unprivileged. This -# prevents nginx from switching users. Enabling this -# directive will simply cause nginx to ignore and -# proceed with the default `nginx` user. -user nginx; -worker_processes auto; - -#error_log logs/error.log; -error_log /var/log/nginx/error.log notice; -#error_log logs/error.log info; - -load_module "modules/ngx_http_geoip_module-debug.so"; -#load_module "modules/ngx_http_image_filter_module.so"; -load_module "modules/ngx_http_xslt_filter_module-debug.so"; -#load_module "modules/ngx_stream_geoip_module.so"; -#load_module "modules/ngx_http_geoip_module.so"; -load_module "modules/ngx_http_js_module-debug.so"; -#load_module "modules/ngx_http_xslt_filter_module.so"; -load_module "modules/ngx_stream_js_module-debug.so"; -load_module "modules/ngx_http_image_filter_module-debug.so"; -#load_module "modules/ngx_http_js_module.so"; -load_module "modules/ngx_stream_geoip_module-debug.so"; -#load_module "modules/ngx_stream_js_module.so"; - -pid /var/cache/nginx/nginx.pid; - -events { - worker_connections 1024; -} - - -http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log main; - - sendfile on; - #tcp_nopush on; - - keepalive_timeout 65; - - #gzip on; - - include /etc/nginx/conf.d/*.conf; - - upstream backend_a { - server backend1a; - server backend2a; - } - - upstream backend_b { - server backend1b; - server backend2b; - } - - - - server { - # Port to listen on, can also be set in IP:PORT format - listen 8080; - - listen 8443 ssl; - server_name localhost; - - ssl_certificate /certs/server.crt; - ssl_certificate_key /certs/server.key; - ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; - ssl_session_cache shared:SSL:1m; - ssl_session_timeout 5m; - - ssl_ciphers HIGH:!aNULL:!MD5; - ssl_prefer_server_ciphers on; - - location /a { - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header HOST $http_host; - proxy_set_header X-NginX-Proxy true; - - proxy_pass http://backend_a; - } - - location /b { - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header HOST $http_host; - proxy_set_header X-NginX-Proxy true; - - proxy_pass http://backend_b; - proxy_redirect off; - } - - location /status { - stub_status on; - access_log off; - allow 127.0.0.1; - deny all; - } - - #charset koi8-r; - - #access_log logs/host.access.log main; - - location / { - root html; - index index.html index.htm; - } - - #error_page 404 /404.html; - - # redirect server error pages to the static page /50x.html - # - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root html; - } - } -} diff --git a/community_images/nginx/official/dc_coverage.sh b/community_images/nginx/official/dc_coverage.sh deleted file mode 100755 index 9b600eb056..0000000000 --- a/community_images/nginx/official/dc_coverage.sh +++ /dev/null @@ -1,40 +0,0 @@ -#!/bin/bash - -set -x -set -e - -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -# shellcheck disable=SC1091 -. "${SCRIPTPATH}"/../../common/scripts/bash_helper.sh - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" - -PROJECT_NAME=$(jq -r '.project_name' < "$JSON_PARAMS") -CONTAINER_NAME="${PROJECT_NAME}"-nginx-1 - -# reloading nginx -docker exec -i "${CONTAINER_NAME}" nginx -s reload - -# log for debugging -docker inspect "${CONTAINER_NAME}" - -# find non-tls and tls port -docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"8080/tcp\"[0].HostPort" -docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"8443/tcp\"[0].HostPort" -NON_TLS_PORT=$(docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"8080/tcp\"[0].HostPort") -TLS_PORT=$(docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"8443/tcp\"[0].HostPort") - -# run curl in loop for different endpoints -for i in {1..20}; -do - echo "Attempt $i" - curl http://localhost:"${NON_TLS_PORT}"/a - curl http://localhost:"${NON_TLS_PORT}"/b - with_backoff curl https://localhost:"${TLS_PORT}"/a -k -v - with_backoff curl https://localhost:"${TLS_PORT}"/b -k -v -done diff --git a/community_images/nginx/official/docker-compose.yml b/community_images/nginx/official/docker-compose.yml deleted file mode 100755 index 3f01840d6f..0000000000 --- a/community_images/nginx/official/docker-compose.yml +++ /dev/null @@ -1,39 +0,0 @@ -version: '2' - -services: - nginx: - image: ${NGINX_OFFICIAL_IMAGE_REPOSITORY}:${NGINX_OFFICIAL_IMAGE_TAG} - user: root - cap_add: - - SYS_PTRACE - ports: - - '0.0.0.0::8080' - - '0.0.0.0::8443' - volumes: - - ./configs/nginx.conf:/etc/nginx/nginx.conf - - ./coverage_script.sh:/opt/scripts/coverage_script.sh - - ./certs:/certs - backend1a: - image: nginxdemos/hello:plain-text - cap_add: - - SYS_PTRACE - ports: - - '80' - backend1b: - image: nginxdemos/hello:plain-text - cap_add: - - SYS_PTRACE - ports: - - '80' - backend2a: - image: nginxdemos/hello:plain-text - cap_add: - - SYS_PTRACE - ports: - - '80' - backend2b: - image: nginxdemos/hello:plain-text - cap_add: - - SYS_PTRACE - ports: - - '80' diff --git a/community_images/nginx/official/image.yml b/community_images/nginx/official/image.yml deleted file mode 100644 index dade5dbf53..0000000000 --- a/community_images/nginx/official/image.yml +++ /dev/null @@ -1,45 +0,0 @@ -name: nginx-official -official_name: NGINX Official -official_website: http://nginx.org/ -source_image_provider: The NGINX Docker Maintainers -source_image_repo: docker.io/library/nginx -source_image_repo_link: https://hub.docker.com/_/nginx -source_image_readme: https://github.com/docker-library/docs/blob/master/nginx/README.md -rf_docker_link: rapidfort/nginx-official -image_workflow_name: nginx_official -github_location: nginx/official -report_url: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fnginx -usage_instructions: | - $ Using docker run: - $ docker run --name my-nginx-app -p 8080:80 -v /some/content:/usr/share/nginx/html:ro -d rapidfort/nginx-official - - # If you wish to change the default configuration: - $ docker run --name my-nginx-app -p 8080:80 -v /host/path/nginx.conf:/etc/nginx/nginx.conf:ro -d rapidfort/nginx-official -what_is_text: | - Nginx (pronounced "engine-x") is an open source reverse proxy server for HTTP, HTTPS, SMTP, POP3, and IMAP protocols, as well as a load balancer, HTTP cache, and a web server (origin server). The nginx project started with a strong focus on high concurrency, high performance and low memory usage. It is licensed under the 2-clause BSD-like license and it runs on Linux, BSD variants, Mac OS X, Solaris, AIX, HP-UX, as well as on other *nix flavors. It also has a proof of concept port for Microsoft Windows. -disclaimer: | - Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. -docker_links: - - "[`1.23.2-perl`, `mainline-perl`, `1-perl`, `1.23-perl`, `perl`](https://github.com/nginxinc/docker-nginx/blob/fef51235521d1cdf8b05d8cb1378a526d2abf421/mainline/debian-perl/Dockerfile)" - - "[`1.22.1-perl`, `stable-perl`, `1.22-perl`](https://github.com/nginxinc/docker-nginx/blob/fef51235521d1cdf8b05d8cb1378a526d2abf421/stable/debian-perl/Dockerfile)" -input_registry: - registry: docker.io - account: library -repo_sets: - - nginx: - input_base_tag: "1.23.*-perl" - output_repo: nginx-official - - nginx: - input_base_tag: "1.22.*-perl" - output_repo: nginx-official -runtimes: - - type: docker_compose - script: dc_coverage.sh - compose_file: docker-compose.yml - tls_certs: - generate: true - out_dir: certs - image_keys: - nginx-official: - repository: "NGINX_OFFICIAL_IMAGE_REPOSITORY" - tag: "NGINX_OFFICIAL_IMAGE_TAG" diff --git a/community_images/nginx/official/overrides.yml b/community_images/nginx/official/overrides.yml deleted file mode 100644 index d10e24319d..0000000000 --- a/community_images/nginx/official/overrides.yml +++ /dev/null @@ -1,23 +0,0 @@ -image: - pullSecrets: ["rf-regcred"] - pullPolicy: Always -containerSecurityContext: - enabled: true - runAsUser: 0 - runAsNonRoot: false - allowPrivilegeEscalation: true - capabilities: - add: ["SYS_PTRACE"] -extraEnvVars: - - name: "RF_VERBOSE" - value: "0" -livenessProbe: - enabled: false -readinessProbe: - enabled: false -cloneStaticSiteFromGit: - enabled: true - repository: https://github.com/mdn/beginner-html-site-styled.git - branch: master -ingress: - enabled: true diff --git a/community_images/oncall/grafana/.env_hobby b/community_images/oncall/grafana/.env_hobby deleted file mode 100644 index 1addd06cfc..0000000000 --- a/community_images/oncall/grafana/.env_hobby +++ /dev/null @@ -1,7 +0,0 @@ -DOMAIN=http://localhost:8080 -SECRET_KEY=my_random_secret_must_be_more_than_32_characters_long -RABBITMQ_PASSWORD=rabbitmq_secret_pw -MYSQL_PASSWORD=mysql_secret_pw -COMPOSE_PROFILES=with_grafana -GRAFANA_USER=admin -GRAFANA_PASSWORD=admin diff --git a/community_images/oncall/grafana/.rfignore b/community_images/oncall/grafana/.rfignore deleted file mode 100644 index 655232a74f..0000000000 --- a/community_images/oncall/grafana/.rfignore +++ /dev/null @@ -1,8 +0,0 @@ -etc/app -LICENSE -LICENSE.txt -LICENSE.md -LICENSE.rst -LICENSE.BSD -LICENSE.APACHE -LICENSE-SELECT2.md \ No newline at end of file diff --git a/community_images/oncall/grafana/README.md b/community_images/oncall/grafana/README.md deleted file mode 100644 index d808fcecce..0000000000 --- a/community_images/oncall/grafana/README.md +++ /dev/null @@ -1,163 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for Grafana Oncall - -RapidFort’s container optimization process hardened this Grafana Oncall container. This container is free to use and has no license limitations. - -It is the same as the [Grafana Grafana Oncall][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is Grafana Oncall? - -> Developer-friendly incident response with brilliant Slack integration. - - -[Overview of Grafana Oncall](https://grafana.com/products/oncall) - -Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - - -## How do I use this hardened Grafana Oncall image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -#1. Download docker-compose.yaml: -curl -fsSL https://raw.githubusercontent.com/grafana/oncall/dev/docker-compose.yml -o docker-compose.yml - -#2. Set variables: -echo "DOMAIN=http://localhost:8080 -SECRET_KEY=my_random_secret_must_be_more_than_32_characters_long -RABBITMQ_PASSWORD=rabbitmq_secret_pw -MYSQL_PASSWORD=mysql_secret_pw -COMPOSE_PROFILES=with_grafana # Remove this line if you want to use existing grafana -GRAFANA_USER=admin -GRAFANA_PASSWORD=admin" > .env_hobby - -#3. Launch services: -docker-compose --env-file .env_hobby -f docker-compose.yml up --build -d - -#4. Issue one-time invite token: -docker-compose --env-file .env_hobby -f docker-compose.yml run engine python manage.py issue_invite_for_the_frontend --override - -#5. Go to [OnCall Plugin Configuration](http://localhost:3000/plugins/grafana-oncall-app), using log in credentials as defined above: `admin`/`admin` (or find OnCall plugin in configuration->plugins) and connect OnCall _plugin_ with OnCall _backend_: - -Invite token: ^^^ from the previous step. -OnCall backend URL: http://engine:8080 -Grafana Url: http://grafana:3000 - -#6. Enjoy! Check our [OSS docs](https://grafana.com/docs/grafana-cloud/oncall/open-source/) if you want to set up Slack, Telegram, Twilio or SMS/calls through Grafana Cloud. - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [Grafana Grafana Oncall][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [Grafana Grafana Oncall][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/oncall][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links -* [`v1.0.0`, `latest` (engine/Dockerfile)](https://github.com/grafana/oncall/blob/dev/engine/Dockerfile) - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=oncall&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fgrafana%2Foncall?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=oncall&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fgrafana%2Foncall?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=oncall&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fgrafana%2Foncall?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=oncall&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fgrafana%2Foncall?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=oncall&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fgrafana%2Foncall?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=oncall&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/oncall?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/oncall?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/oncall/grafana/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/oncall/grafana/assets/cve_reduction.webp - -[source-image-repo-link]: https://hub.docker.com/r/grafana/oncall -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/oncall diff --git a/community_images/oncall/grafana/assets/cve_reduction.webp b/community_images/oncall/grafana/assets/cve_reduction.webp deleted file mode 100644 index 141ea2e0e1..0000000000 Binary files a/community_images/oncall/grafana/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/oncall/grafana/assets/metrics.webp b/community_images/oncall/grafana/assets/metrics.webp deleted file mode 100644 index dfbb60e46a..0000000000 Binary files a/community_images/oncall/grafana/assets/metrics.webp and /dev/null differ diff --git a/community_images/oncall/grafana/dc_coverage.sh b/community_images/oncall/grafana/dc_coverage.sh deleted file mode 100755 index 2489691c52..0000000000 --- a/community_images/oncall/grafana/dc_coverage.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/bash - -set -x -set -e - -# shellcheck disable=SC1091 -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" - -NAMESPACE=$(jq -r '.namespace_name' < "$JSON_PARAMS") - -# run pytest -set +e #ignore test failures -docker-compose --env-file "${SCRIPTPATH}"/.env_hobby.temp -f "${SCRIPTPATH}"/docker-compose.yml -p "${NAMESPACE}" run engine python -m pytest -set -e - -# issue token -docker-compose --env-file "${SCRIPTPATH}"/.env_hobby.temp -f "${SCRIPTPATH}"/docker-compose.yml -p "${NAMESPACE}" run engine python manage.py issue_invite_for_the_frontend --override \ No newline at end of file diff --git a/community_images/oncall/grafana/docker-compose.yml b/community_images/oncall/grafana/docker-compose.yml deleted file mode 100644 index 6a84aadf34..0000000000 --- a/community_images/oncall/grafana/docker-compose.yml +++ /dev/null @@ -1,187 +0,0 @@ -services: - engine: - image: ${ONCALL_IMAGE_REPOSITORY}:${ONCALL_IMAGE_TAG} - cap_add: - - SYS_PTRACE - restart: always - ports: - - "8080" - command: > - sh -c "uwsgi --ini uwsgi.ini" - environment: - BASE_URL: $DOMAIN - SECRET_KEY: $SECRET_KEY - RABBITMQ_USERNAME: "rabbitmq" - RABBITMQ_PASSWORD: $RABBITMQ_PASSWORD - RABBITMQ_HOST: "rabbitmq" - RABBITMQ_PORT: "5672" - RABBITMQ_DEFAULT_VHOST: "/" - MYSQL_PASSWORD: $MYSQL_PASSWORD - MYSQL_DB_NAME: oncall_hobby - MYSQL_USER: ${MYSQL_USER:-root} - MYSQL_HOST: ${MYSQL_HOST:-mysql} - MYSQL_PORT: 3306 - REDIS_URI: redis://redis:6379/0 - DJANGO_SETTINGS_MODULE: settings.hobby - OSS: "True" - CELERY_WORKER_QUEUE: "default,critical,long,slack,telegram,webhook,retry,celery" - depends_on: - mysql: - condition: service_healthy - oncall_db_migration: - condition: service_completed_successfully - rabbitmq: - condition: service_healthy - redis: - condition: service_started - - celery: - image: ${ONCALL_IMAGE_REPOSITORY}:${ONCALL_IMAGE_TAG} - cap_add: - - SYS_PTRACE - restart: always - command: sh -c "./celery_with_exporter.sh" - environment: - BASE_URL: $DOMAIN - SECRET_KEY: $SECRET_KEY - RABBITMQ_USERNAME: "rabbitmq" - RABBITMQ_PASSWORD: $RABBITMQ_PASSWORD - RABBITMQ_HOST: "rabbitmq" - RABBITMQ_PORT: "5672" - RABBITMQ_DEFAULT_VHOST: "/" - MYSQL_PASSWORD: $MYSQL_PASSWORD - MYSQL_DB_NAME: oncall_hobby - MYSQL_USER: ${MYSQL_USER:-root} - MYSQL_HOST: ${MYSQL_HOST:-mysql} - MYSQL_PORT: 3306 - REDIS_URI: redis://redis:6379/0 - DJANGO_SETTINGS_MODULE: settings.hobby - OSS: "True" - CELERY_WORKER_QUEUE: "default,critical,long,slack,telegram,webhook,retry,celery" - CELERY_WORKER_CONCURRENCY: "1" - CELERY_WORKER_MAX_TASKS_PER_CHILD: "100" - CELERY_WORKER_SHUTDOWN_INTERVAL: "65m" - CELERY_WORKER_BEAT_ENABLED: "True" - depends_on: - mysql: - condition: service_healthy - oncall_db_migration: - condition: service_completed_successfully - rabbitmq: - condition: service_healthy - redis: - condition: service_started - - oncall_db_migration: - image: ${ONCALL_IMAGE_REPOSITORY}:${ONCALL_IMAGE_TAG} - cap_add: - - SYS_PTRACE - command: python manage.py migrate --noinput - environment: - BASE_URL: $DOMAIN - SECRET_KEY: $SECRET_KEY - RABBITMQ_USERNAME: "rabbitmq" - RABBITMQ_PASSWORD: $RABBITMQ_PASSWORD - RABBITMQ_HOST: "rabbitmq" - RABBITMQ_PORT: "5672" - RABBITMQ_DEFAULT_VHOST: "/" - MYSQL_PASSWORD: $MYSQL_PASSWORD - MYSQL_DB_NAME: oncall_hobby - MYSQL_USER: ${MYSQL_USER:-root} - MYSQL_HOST: ${MYSQL_HOST:-mysql} - MYSQL_PORT: 3306 - REDIS_URI: redis://redis:6379/0 - DJANGO_SETTINGS_MODULE: settings.hobby - OSS: "True" - CELERY_WORKER_QUEUE: "default,critical,long,slack,telegram,webhook,retry,celery" - depends_on: - mysql: - condition: service_healthy - rabbitmq: - condition: service_healthy - - mysql: - image: mysql:5.7 - platform: linux/x86_64 - mem_limit: 500m - cpus: 0.5 - command: --default-authentication-plugin=mysql_native_password --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci - restart: always - expose: - - 3306 - volumes: - - dbdata:/var/lib/mysql - environment: - MYSQL_ROOT_PASSWORD: $MYSQL_PASSWORD - MYSQL_DATABASE: oncall_hobby - healthcheck: - test: "mysql -uroot -p$MYSQL_PASSWORD oncall_hobby -e 'select 1'" - timeout: 20s - retries: 10 - - redis: - image: redis - mem_limit: 100m - cpus: 0.1 - restart: always - expose: - - 6379 - - rabbitmq: - image: "rabbitmq:3.7.15-management" - restart: always - hostname: rabbitmq - mem_limit: 1000m - cpus: 0.5 - volumes: - - rabbitmqdata:/var/lib/rabbitmq - environment: - RABBITMQ_DEFAULT_USER: "rabbitmq" - RABBITMQ_DEFAULT_PASS: $RABBITMQ_PASSWORD - RABBITMQ_DEFAULT_VHOST: "/" - healthcheck: - test: rabbitmq-diagnostics -q ping - interval: 30s - timeout: 30s - retries: 3 - - mysql_to_create_grafana_db: - image: mysql:5.7 - platform: linux/x86_64 - command: bash -c "mysql -h ${MYSQL_HOST:-mysql} -uroot -p${MYSQL_PASSWORD} -e 'CREATE DATABASE IF NOT EXISTS grafana CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;'" - environment: - MYSQL_HOST: ${MYSQL_HOST:-mysql} - MYSQL_PASSWORD: $MYSQL_PASSWORD - depends_on: - mysql: - condition: service_healthy - profiles: - - with_grafana - - grafana: - image: "grafana/grafana:9.0.0-beta3" - restart: always - mem_limit: 500m - ports: - - "3000" - cpus: 0.5 - environment: - GF_DATABASE_TYPE: mysql - GF_DATABASE_HOST: ${MYSQL_HOST:-mysql} - GF_DATABASE_USER: ${MYSQL_USER:-root} - GF_DATABASE_PASSWORD: ${MYSQL_PASSWORD:?err} - GF_SECURITY_ADMIN_USER: ${GRAFANA_USER:-admin} - GF_SECURITY_ADMIN_PASSWORD: ${GRAFANA_PASSWORD:?err} - GF_PLUGINS_ALLOW_LOADING_UNSIGNED_PLUGINS: grafana-oncall-app - GF_INSTALL_PLUGINS: grafana-oncall-app - depends_on: - mysql_to_create_grafana_db: - condition: service_completed_successfully - mysql: - condition: service_healthy - profiles: - - with_grafana - -volumes: - dbdata: - rabbitmqdata: diff --git a/community_images/oncall/grafana/image.yml b/community_images/oncall/grafana/image.yml deleted file mode 100644 index 9fc4530b9e..0000000000 --- a/community_images/oncall/grafana/image.yml +++ /dev/null @@ -1,58 +0,0 @@ -name: oncall -official_name: Grafana Oncall -official_website: https://grafana.com/products/oncall -source_image_provider: Grafana -source_image_repo: docker.io/grafana/oncall -source_image_repo_link: https://hub.docker.com/r/grafana/oncall -source_image_readme: https://github.com/grafana/oncall/blob/dev/README.md -rf_docker_link: rapidfort/oncall -image_workflow_name: oncall_grafana -github_location: oncall/grafana -report_url: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fgrafana%2Foncall -usage_instructions: | - #1. Download docker-compose.yaml: - curl -fsSL https://raw.githubusercontent.com/grafana/oncall/dev/docker-compose.yml -o docker-compose.yml - - #2. Set variables: - echo "DOMAIN=http://localhost:8080 - SECRET_KEY=my_random_secret_must_be_more_than_32_characters_long - RABBITMQ_PASSWORD=rabbitmq_secret_pw - MYSQL_PASSWORD=mysql_secret_pw - COMPOSE_PROFILES=with_grafana # Remove this line if you want to use existing grafana - GRAFANA_USER=admin - GRAFANA_PASSWORD=admin" > .env_hobby - - #3. Launch services: - docker-compose --env-file .env_hobby -f docker-compose.yml up --build -d - - #4. Issue one-time invite token: - docker-compose --env-file .env_hobby -f docker-compose.yml run engine python manage.py issue_invite_for_the_frontend --override - - #5. Go to [OnCall Plugin Configuration](http://localhost:3000/plugins/grafana-oncall-app), using log in credentials as defined above: `admin`/`admin` (or find OnCall plugin in configuration->plugins) and connect OnCall _plugin_ with OnCall _backend_: - - Invite token: ^^^ from the previous step. - OnCall backend URL: http://engine:8080 - Grafana Url: http://grafana:3000 - - #6. Enjoy! Check our [OSS docs](https://grafana.com/docs/grafana-cloud/oncall/open-source/) if you want to set up Slack, Telegram, Twilio or SMS/calls through Grafana Cloud. -what_is_text: | - Developer-friendly incident response with brilliant Slack integration. -disclaimer: | - Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. -docker_links: - - "[`v1.0.0`, `latest` (engine/Dockerfile)](https://github.com/grafana/oncall/blob/dev/engine/Dockerfile)" -input_registry: - registry: docker.io - account: grafana -repo_sets: - - oncall: - input_base_tag: "v1.0." -runtimes: - - type: docker_compose - script: dc_coverage.sh - env_file: .env_hobby - compose_file: docker-compose.yml - image_keys: - oncall: - repository: "ONCALL_IMAGE_REPOSITORY" - tag: "ONCALL_IMAGE_TAG" diff --git a/community_images/oncall/grafana/overrides.yml b/community_images/oncall/grafana/overrides.yml deleted file mode 100644 index f201e68505..0000000000 --- a/community_images/oncall/grafana/overrides.yml +++ /dev/null @@ -1,18 +0,0 @@ -image: - pullSecrets: ["rf-regcred"] - pullPolicy: Always -containerSecurityContext: - enabled: true - runAsUser: 1001 - allowPrivilegeEscalation: true - capabilities: - add: ["SYS_PTRACE"] -extraEnvVars: - - name: "RF_VERBOSE" - value: "0" -livenessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 -readinessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 diff --git a/community_images/postgresql/bitnami/.rfignore b/community_images/postgresql/bitnami/.rfignore deleted file mode 100644 index b0dbbed88a..0000000000 --- a/community_images/postgresql/bitnami/.rfignore +++ /dev/null @@ -1,8 +0,0 @@ -opt/bitnami/common/licenses -opt/bitnami/licenses -opt/bitnami/postgresql/licenses -usr/share/common-licenses -opt/bitnami/postgresql/share/timezone -opt/bitnami/postgresql/share/timezonesets -opt/bitnami/postgresql/share/extension -opt/bitnami/postgresql/lib \ No newline at end of file diff --git a/community_images/postgresql/bitnami/README.md b/community_images/postgresql/bitnami/README.md deleted file mode 100644 index bb815efba2..0000000000 --- a/community_images/postgresql/bitnami/README.md +++ /dev/null @@ -1,146 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for PostgreSQL - -RapidFort’s container optimization process hardened this PostgreSQL container. This container is free to use and has no license limitations. - -It is the same as the [Bitnami PostgreSQL][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is PostgreSQL? - -> PostgreSQL, often simply "Postgres", is an object-relational database management system (ORDBMS) with an emphasis on extensibility and standards-compliance. As a database server, its primary function is to store data, securely and supporting best practices, and retrieve it later, as requested by other software applications, be it those on the same computer or those running on another computer across a network (including the Internet). It can handle workloads ranging from small single-machine applications to large Internet-facing applications with many concurrent users. Recent versions also provide replication of the database itself for security and scalability. - - -[Overview of PostgreSQL](https://www.postgresql.com/) - -Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - - -## How do I use this hardened PostgreSQL image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -$ helm repo add bitnami https://charts.bitnami.com/bitnami - -# install postgresql, just replace repository with RapidFort registry -$ helm install my-postgresql bitnami/postgresql --set image.repository=rapidfort/postgresql - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [Bitnami PostgreSQL][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [Bitnami PostgreSQL][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/postgresql][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links -* [`16`, `16-debian-11`, `16.1.0`, `16.1.0-debian-11-r` (16/debian-11/Dockerfile)](https://github.com/bitnami/containers/tree/main/bitnami/postgresql/16/debian-11/Dockerfile) -* [`15`, `15-debian-11`, `15.5.0`, `15.5.0-debian-11-r` (15/debian-11/Dockerfile)](https://github.com/bitnami/containers/tree/main/bitnami/postgresql/15/debian-11/Dockerfile) -* [`14`, `14-debian-11`, `14.10.0`, `14.10.0-debian-11-r` (14/debian-11/Dockerfile)](https://github.com/bitnami/containers/tree/main/bitnami/postgresql/14/debian-11/Dockerfile) -* [`13`, `13-debian-11`, `13.13.0`, `13.13.0-debian-11-r` (13/debian-11/Dockerfile)](https://github.com/bitnami/containers/tree/main/bitnami/postgresql/13/debian-11/Dockerfile) -* [`12`, `12-debian-11`, `12.17.0`, `12.17.0-debian-11-r` (12/debian-11/Dockerfile)](https://github.com/bitnami/containers/tree/main/bitnami/postgresql/12/debian-11/Dockerfile) - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=postgresql&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fpostgresql?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=postgresql&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fpostgresql?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=postgresql&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fpostgresql?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=postgresql&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fpostgresql?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=postgresql&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fpostgresql?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=postgresql&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/postgresql?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/postgresql?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/postgresql/bitnami/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/postgresql/bitnami/assets/cve_reduction.webp - -[source-image-repo-link]: https://hub.docker.com/r/bitnami/postgresql -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/postgresql diff --git a/community_images/postgresql/bitnami/assets/cve_reduction.webp b/community_images/postgresql/bitnami/assets/cve_reduction.webp deleted file mode 100644 index d5b36b8be5..0000000000 Binary files a/community_images/postgresql/bitnami/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/postgresql/bitnami/assets/metrics.webp b/community_images/postgresql/bitnami/assets/metrics.webp deleted file mode 100644 index 2948b3d212..0000000000 Binary files a/community_images/postgresql/bitnami/assets/metrics.webp and /dev/null differ diff --git a/community_images/postgresql/bitnami/dc_coverage.sh b/community_images/postgresql/bitnami/dc_coverage.sh deleted file mode 100755 index 576d1aa11f..0000000000 --- a/community_images/postgresql/bitnami/dc_coverage.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash - -set -x -set -e - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" - -PROJECT_NAME=$(jq -r '.project_name' < "$JSON_PARAMS") - -# pg container -PG_CONTAINER="${PROJECT_NAME}"-postgresql-master-1 - -# Get Port -#PG_PORT=$(docker inspect "${PG_CONTAINER}" | jq -r ".[].NetworkSettings.Ports.\"5432/tcp\"[0].HostPort") - -# run pgbench test -docker exec -i "${PG_CONTAINER}" pgbench --host localhost -U postgres -d postgres -p 5432 -i -s 25 \ No newline at end of file diff --git a/community_images/postgresql/bitnami/docker-compose.yml b/community_images/postgresql/bitnami/docker-compose.yml deleted file mode 100644 index f278606925..0000000000 --- a/community_images/postgresql/bitnami/docker-compose.yml +++ /dev/null @@ -1,62 +0,0 @@ -version: '2' - -services: - postgresql-master: - image: ${PG_IMAGE_REPOSITORY}:${PG_IMAGE_TAG} - ports: - - '::5432' - volumes: - - 'postgresql_master_data:/bitnami/postgresql' - environment: - - POSTGRESQL_REPLICATION_MODE=master - - POSTGRESQL_REPLICATION_USER=repl_user - - POSTGRESQL_REPLICATION_PASSWORD=repl_password - - POSTGRESQL_USERNAME=postgres - - POSTGRESQL_PASSWORD=my_password - - POSTGRESQL_DATABASE=my_database - - ALLOW_EMPTY_PASSWORD=yes - - POSTGRESQL_TIMEZONE=UTC - - PGPASSWORD=my_password - - POSTGRESQL_SHARED_PRELOAD_LIBRARIES=pg_visibility,cube,fuzzystrmatch,pg_trgm,auto_explain,orafce,pgaudit,pg_stat_statements,pg_trgm,unaccent - cap_add: - - SYS_PTRACE - - postgresql-slave1: - image: ${PG_IMAGE_REPOSITORY}:${PG_IMAGE_TAG} - ports: - - '5432' - depends_on: - - postgresql-master - environment: - - POSTGRESQL_REPLICATION_MODE=slave - - POSTGRESQL_REPLICATION_USER=repl_user - - POSTGRESQL_REPLICATION_PASSWORD=repl_password - - POSTGRESQL_MASTER_HOST=postgresql-master - - POSTGRESQL_PASSWORD=my_password - - POSTGRESQL_MASTER_PORT_NUMBER=5432 - - ALLOW_EMPTY_PASSWORD=yes - - POSTGRESQL_TIMEZONE=Asia/Almaty - cap_add: - - SYS_PTRACE - - postgresql-slave2: - image: ${PG_IMAGE_REPOSITORY}:${PG_IMAGE_TAG} - ports: - - '5432' - depends_on: - - postgresql-master - environment: - - POSTGRESQL_REPLICATION_MODE=slave - - POSTGRESQL_REPLICATION_USER=repl_user - - POSTGRESQL_REPLICATION_PASSWORD=repl_password - - POSTGRESQL_MASTER_HOST=postgresql-master - - POSTGRESQL_PASSWORD=my_password - - POSTGRESQL_MASTER_PORT_NUMBER=5432 - - ALLOW_EMPTY_PASSWORD=yes - - POSTGRESQL_TIMEZONE=UTC+11:00 - cap_add: - - SYS_PTRACE - -volumes: - postgresql_master_data: - driver: local diff --git a/community_images/postgresql/bitnami/docker_coverage.sh b/community_images/postgresql/bitnami/docker_coverage.sh deleted file mode 100755 index e083ca606e..0000000000 --- a/community_images/postgresql/bitnami/docker_coverage.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash - -set -x -set -e - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker coverage = $JSON" - -NETWORK_NAME=$(jq -r '.network_name' < "$JSON_PARAMS") -PG_HOST=$(jq -r '.container_details.postgresql.ip_address' < "$JSON_PARAMS") - -# run test on docker container -docker run --rm --network="${NETWORK_NAME}" \ - -i --env="PGPASSWORD=PgPwd" rapidfort/postgresql:latest \ - -- pgbench --host "${PG_HOST}" -U postgres -d postgres -p 5432 -i -s 25 diff --git a/community_images/postgresql/bitnami/image.yml b/community_images/postgresql/bitnami/image.yml deleted file mode 100644 index 89b7e13723..0000000000 --- a/community_images/postgresql/bitnami/image.yml +++ /dev/null @@ -1,57 +0,0 @@ -name: postgresql -official_name: PostgreSQL -official_website: https://www.postgresql.com/ -source_image_provider: Bitnami -source_image_repo: docker.io/bitnami/postgresql -source_image_repo_link: https://hub.docker.com/r/bitnami/postgresql -source_image_readme: https://github.com/bitnami/containers/blob/main/bitnami/postgresql/README.md -rf_docker_link: rapidfort/postgresql -image_workflow_name: postgresql_bitnami -github_location: postgresql/bitnami -report_url: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fpostgresql -usage_instructions: | - $ helm repo add bitnami https://charts.bitnami.com/bitnami - - # install postgresql, just replace repository with RapidFort registry - $ helm install my-postgresql bitnami/postgresql --set image.repository=rapidfort/postgresql -what_is_text: | - PostgreSQL, often simply "Postgres", is an object-relational database management system (ORDBMS) with an emphasis on extensibility and standards-compliance. As a database server, its primary function is to store data, securely and supporting best practices, and retrieve it later, as requested by other software applications, be it those on the same computer or those running on another computer across a network (including the Internet). It can handle workloads ranging from small single-machine applications to large Internet-facing applications with many concurrent users. Recent versions also provide replication of the database itself for security and scalability. -disclaimer: | - Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. -input_registry: - registry: docker.io - account: bitnami -repo_sets: - - postgresql: - input_base_tag: "16.0.0-debian-11-r" - - postgresql: - input_base_tag: "15.4.0-debian-11-r" - - postgresql: - input_base_tag: "14.9.0-debian-11-r" - - postgresql: - input_base_tag: "13.12.0-debian-11-r" - - postgresql: - input_base_tag: "12.16.0-debian-11-r" - - postgresql: - input_base_tag: "11.21.0-debian-11-r" -runtimes: - - type: k8s - script: k8s_coverage.sh - helm: - repo: bitnami - repo_url: https://charts.bitnami.com/bitnami - chart: postgresql - image_keys: - postgresql: {} - override_file: "overrides.yml" - - type: docker_compose - script: dc_coverage.sh - compose_file: docker-compose.yml - image_keys: - postgresql: - repository: "PG_IMAGE_REPOSITORY" - tag: "PG_IMAGE_TAG" - - type: docker - postgresql: - environment: - POSTGRES_PASSWORD: PgPwd diff --git a/community_images/postgresql/bitnami/k8s_coverage.sh b/community_images/postgresql/bitnami/k8s_coverage.sh deleted file mode 100755 index 465f96b4e0..0000000000 --- a/community_images/postgresql/bitnami/k8s_coverage.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash - -set -x -set -e - -JSON_PARAMS="$1" - -SCRIPTPATH=$(jq -r '.image_script_dir' < "$JSON_PARAMS") -NAMESPACE=$(jq -r '.namespace_name' < "$JSON_PARAMS") -RELEASE_NAME=$(jq -r '.release_name' < "$JSON_PARAMS") - -# get postgresql passwordk -POSTGRES_PASSWORD=$(kubectl get secret --namespace "${NAMESPACE}" "${RELEASE_NAME}" -o jsonpath="{.data.postgres-password}" | base64 --decode) - -# copy test.psql into container -kubectl -n "${NAMESPACE}" cp "${SCRIPTPATH}"/../../common/tests/test.psql "${RELEASE_NAME}"-0:/tmp/test.psql - -# run script -kubectl -n "${NAMESPACE}" exec -i "${RELEASE_NAME}"-0 \ - -- /bin/bash -c "PGPASSWORD=${POSTGRES_PASSWORD} psql --host localhost -U postgres -d postgres -p 5432 -f /tmp/test.psql" - -# copy postgres_coverage.sh into container -kubectl -n "${NAMESPACE}" cp \ - "${SCRIPTPATH}"/../../common/tests/postgres_coverage.sh \ - "${RELEASE_NAME}"-0:/tmp/postgres_coverage.sh - -# run postgres_coverage on cluster -kubectl -n "${NAMESPACE}" exec -i "${RELEASE_NAME}"-0 \ - -- /bin/bash -c "/tmp/postgres_coverage.sh" diff --git a/community_images/postgresql/bitnami/overrides.yml b/community_images/postgresql/bitnami/overrides.yml deleted file mode 100644 index 68a7c413f6..0000000000 --- a/community_images/postgresql/bitnami/overrides.yml +++ /dev/null @@ -1,35 +0,0 @@ -image: - pullSecrets: ["rf-regcred"] - pullPolicy: Always -primary: - containerSecurityContext: - enabled: true - runAsUser: 1001 - allowPrivilegeEscalation: true - capabilities: - add: ["SYS_PTRACE"] - extraEnvVars: - - name: "RF_VERBOSE" - value: "0" - livenessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 - readinessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 -readReplicas: - containerSecurityContext: - enabled: true - runAsUser: 1001 - allowPrivilegeEscalation: true - capabilities: - add: ["SYS_PTRACE"] - extraEnvVars: - - name: "RF_VERBOSE" - value: "0" - livenessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 - readinessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 \ No newline at end of file diff --git a/community_images/postgresql/ironbank/.rfignore b/community_images/postgresql/ironbank/.rfignore deleted file mode 100644 index f53843b813..0000000000 --- a/community_images/postgresql/ironbank/.rfignore +++ /dev/null @@ -1,9 +0,0 @@ -usr/pgsql-12 -etc/ld.so.conf.d/postgresql-pgdg-libs.conf -etc/pam.d -usr/bin/postgresql-12-setup -usr/lib/systemd/system/postgresql-12.service -usr/lib64/security/pam_postgresok.so -usr/share/licenses -LICENSE.txt -LICENSE diff --git a/community_images/postgresql/ironbank/README.md b/community_images/postgresql/ironbank/README.md deleted file mode 100644 index 378c5600eb..0000000000 --- a/community_images/postgresql/ironbank/README.md +++ /dev/null @@ -1,139 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for PostgreSQL IronBank - -RapidFort’s container optimization process hardened this PostgreSQL IronBank container. This container is free to use and has no license limitations. - -It is the same as the [Platform One PostgreSQL IronBank][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is PostgreSQL IronBank? - -> PostgreSQL, often simply "Postgres", is an object-relational database management system (ORDBMS) with an emphasis on extensibility and standards-compliance. As a database server, its primary function is to store data, securely and supporting best practices, and retrieve it later, as requested by other software applications, be it those on the same computer or those running on another computer across a network (including the Internet). It can handle workloads ranging from small single-machine applications to large Internet-facing applications with many concurrent users. Recent versions also provide replication of the database itself for security and scalability. - - -[Overview of PostgreSQL IronBank](https://www.postgresql.com/) - -Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - - -## How do I use this hardened PostgreSQL IronBank image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -$ docker run -e POSTGRES_PASSWORD=mysecretpassword -d rapidfort/postgresql12-ib:latest - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [Platform One PostgreSQL IronBank][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [Platform One PostgreSQL IronBank][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/postgresql12-ib][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links -* [`latest` (Dockerfile)](https://repo1.dso.mil/dsop/opensource/postgres/postgresql12/-/blob/development/Dockerfile) - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=postgresql-ib&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fpostgres%2Fpostgresql12?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=postgresql-ib&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fpostgres%2Fpostgresql12?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=postgresql-ib&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fpostgres%2Fpostgresql12?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=postgresql-ib&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fpostgres%2Fpostgresql12?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=postgresql-ib&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fpostgres%2Fpostgresql12?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=postgresql-ib&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/postgresql12-ib?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/postgresql12-ib?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/postgresql/ironbank/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/postgresql/ironbank/assets/cve_reduction.webp - -[source-image-repo-link]: https://registry1.dso.mil/harbor/projects/3/repositories/opensource%2Fpostgres%2Fpostgresql12 -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/postgresql12-ib diff --git a/community_images/postgresql/ironbank/assets/cve_reduction.webp b/community_images/postgresql/ironbank/assets/cve_reduction.webp deleted file mode 100644 index 5abe1a898c..0000000000 Binary files a/community_images/postgresql/ironbank/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/postgresql/ironbank/assets/metrics.webp b/community_images/postgresql/ironbank/assets/metrics.webp deleted file mode 100644 index 76e358fc56..0000000000 Binary files a/community_images/postgresql/ironbank/assets/metrics.webp and /dev/null differ diff --git a/community_images/postgresql/ironbank/dc_coverage.sh b/community_images/postgresql/ironbank/dc_coverage.sh deleted file mode 100755 index 590d14ac0a..0000000000 --- a/community_images/postgresql/ironbank/dc_coverage.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -set -x -set -e - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" - -PROJECT_NAME=$(jq -r '.project_name' < "$JSON_PARAMS") - -# password -POSTGRESQL_PASSWORD=my_password - -# pg container -PG_CONTAINER="${PROJECT_NAME}"-postgresql-1 - -# run pg tests -docker exec -i "${PG_CONTAINER}" bash -c "PGPASSWORD=${POSTGRESQL_PASSWORD} psql --host localhost -U postgres -d postgres -p 5432 -f /tmp/test.psql" - -# run pg coverage -docker exec -i "${PG_CONTAINER}" bash -c "/tmp/postgres_coverage.sh" - -# run pgbench -docker exec -i "${PG_CONTAINER}" pgbench -i -s 50 diff --git a/community_images/postgresql/ironbank/docker-compose.yml b/community_images/postgresql/ironbank/docker-compose.yml deleted file mode 100644 index 315acadcef..0000000000 --- a/community_images/postgresql/ironbank/docker-compose.yml +++ /dev/null @@ -1,23 +0,0 @@ -version: '2' - -services: - postgresql: - image: ${PG_IMAGE_REPOSITORY}:${PG_IMAGE_TAG} - cap_add: - - SYS_PTRACE - ports: - - '5432:5432' - volumes: - - 'postgresql_data:/var/lib/postgresql/data' - - ../../common/tests/test.psql:/tmp/test.psql - - ../../common/tests/common_commands.sh:/tmp/common_commands.sh - - ../../common/tests/postgres_coverage.sh:/tmp/postgres_coverage.sh - environment: - - POSTGRES_USER=postgres - - POSTGRES_PASSWORD=my_password - - POSTGRES_DB=my_database - - PGDATA=/var/lib/postgresql/data - -volumes: - postgresql_data: - driver: local diff --git a/community_images/postgresql/ironbank/docker_coverage.sh b/community_images/postgresql/ironbank/docker_coverage.sh deleted file mode 100644 index 98a41c89ea..0000000000 --- a/community_images/postgresql/ironbank/docker_coverage.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/bash - -set -x -set -e - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker coverage = $JSON" - -PG_CONTAINER=$(jq -r '.container_details.postgresql12-ib.name' < "$JSON_PARAMS") - -# run pgbench -docker exec -i "${PG_CONTAINER}" pgbench -i -s 50 diff --git a/community_images/postgresql/ironbank/image.yml b/community_images/postgresql/ironbank/image.yml deleted file mode 100644 index 8ed82b0260..0000000000 --- a/community_images/postgresql/ironbank/image.yml +++ /dev/null @@ -1,38 +0,0 @@ -name: postgresql-ib -official_name: PostgreSQL IronBank -official_website: https://www.postgresql.com/ -source_image_provider: Platform One -source_image_repo: registry1.dso.mil/ironbank/opensource/postgres/postgresql12 -source_image_repo_link: https://registry1.dso.mil/harbor/projects/3/repositories/opensource%2Fpostgres%2Fpostgresql12 -source_image_readme: https://repo1.dso.mil/dsop/opensource/postgres/postgresql12/-/blob/development/README.md -rf_docker_link: rapidfort/postgresql12-ib -image_workflow_name: postgresql_ironbank -github_location: postgresql/ironbank -report_url: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fpostgres%2Fpostgresql12 -usage_instructions: | - $ docker run -e POSTGRES_PASSWORD=mysecretpassword -d rapidfort/postgresql12-ib:latest -what_is_text: | - PostgreSQL, often simply "Postgres", is an object-relational database management system (ORDBMS) with an emphasis on extensibility and standards-compliance. As a database server, its primary function is to store data, securely and supporting best practices, and retrieve it later, as requested by other software applications, be it those on the same computer or those running on another computer across a network (including the Internet). It can handle workloads ranging from small single-machine applications to large Internet-facing applications with many concurrent users. Recent versions also provide replication of the database itself for security and scalability. -disclaimer: | - Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. -docker_links: - - "[`latest` (Dockerfile)](https://repo1.dso.mil/dsop/opensource/postgres/postgresql12/-/blob/development/Dockerfile)" -input_registry: - registry: registry1.dso.mil - account: ironbank -repo_sets: - - opensource/postgres/postgresql12: - input_base_tag: "12." - output_repo: postgresql12-ib -runtimes: - - type: docker_compose - script: dc_coverage.sh - compose_file: docker-compose.yml - image_keys: - postgresql12-ib: - repository: "PG_IMAGE_REPOSITORY" - tag: "PG_IMAGE_TAG" - - type: docker - postgresql12-ib: - environment: - POSTGRES_PASSWORD: PgPwd diff --git a/community_images/postgresql/official/README.md b/community_images/postgresql/official/README.md deleted file mode 100644 index b551105d27..0000000000 --- a/community_images/postgresql/official/README.md +++ /dev/null @@ -1,145 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for PostgreSQL Official - -RapidFort’s container optimization process hardened this PostgreSQL Official container. This container is free to use and has no license limitations. - -It is the same as the [Postgres PostgreSQL Official][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is PostgreSQL Official? - -> PostgreSQL, often simply "Postgres", is an object-relational database management system (ORDBMS) with an emphasis on extensibility and standards-compliance. As a database server, its primary function is to store data, securely and supporting best practices, and retrieve it later, as requested by other software applications, be it those on the same computer or those running on another computer across a network (including the Internet). It can handle workloads ranging from small single-machine applications to large Internet-facing applications with many concurrent users. Recent versions also provide replication of the database itself for security and scalability. - - -[Overview of PostgreSQL Official](https://www.postgresql.org) - -Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - - -## How do I use this hardened PostgreSQL Official image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -1. Define your app's environment with a Dockerfile so it can be reproduced anywhere. -2. Define the services that make up your app in docker-compose.yml so they can be run together in an isolated environment. -3. Lastly, run docker compose up and Compose will start and run your entire app. - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [Postgres PostgreSQL Official][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [Postgres PostgreSQL Official][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/postgresql-official][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links -* [`15`, `15.0`, `latest`, `15.0-bullseye`, `15-bullseye`, `bullseye` (Dockerfile)](https://github.com/docker-library/postgres/blob/648e5c7dc31db0e34d8dc11891ccc50641ba6e42/15/bullseye/Dockerfile) -* ['14' '14.6', '14.6-bullseye', '14-bullseye' (Dockerfile)](https://github.com/docker-library/postgres/blob/e8ba287990e5e312278fc59131f8a796953dc6c4/14/bullseye/Dockerfile) -* [`13`, `13.9`, `13.9-bullseye`, `13-bullseye` (DockerFile)](https://github.com/docker-library/postgres/blob/883b1c3f7b485153ec5d841271801ee436ec3314/13/bullseye/Dockerfile) -* [`12`, `12.13`, `12.13-bullseye`, `12-bullseye` (DockerFile)](https://github.com/docker-library/postgres/blob/5ca94d535d75308b16125d132048bf93172521db/12/bullseye/Dockerfile) -* [`11.18-bullseye`, `11-bullseye` (DockerFile)](https://github.com/docker-library/postgres/blob/14022440352a9e24d86cae450600ea56969d234b/11/bullseye/Dockerfile) - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=postgresql-official&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fpostgres?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=postgresql-official&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fpostgres?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=postgresql-official&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fpostgres?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=postgresql-official&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fpostgres?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=postgresql-official&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fpostgres?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=postgresql-official&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/postgresql-official?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/postgresql-official?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/postgresql/official/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/postgresql/official/assets/cve_reduction.webp - -[source-image-repo-link]: https://hub.docker.com/_/postgres -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/postgresql-official diff --git a/community_images/postgresql/official/assets/cve_reduction.webp b/community_images/postgresql/official/assets/cve_reduction.webp deleted file mode 100644 index 12d73805be..0000000000 Binary files a/community_images/postgresql/official/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/postgresql/official/assets/metrics.webp b/community_images/postgresql/official/assets/metrics.webp deleted file mode 100644 index 8f063d552e..0000000000 Binary files a/community_images/postgresql/official/assets/metrics.webp and /dev/null differ diff --git a/community_images/postgresql/official/dc_coverage.sh b/community_images/postgresql/official/dc_coverage.sh deleted file mode 100755 index ad0189cfd1..0000000000 --- a/community_images/postgresql/official/dc_coverage.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash - -set -x -set -e - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" - -PROJECT_NAME=$(jq -r '.project_name' < "$JSON_PARAMS") - -# password -POSTGRESQL_PASSWORD=my_password - -# pg container -PG_CONTAINER="${PROJECT_NAME}"-postgresql-1 -# Get Port -#PG_PORT=$(docker inspect "${PG_CONTAINER}" | jq -r ".[].NetworkSettings.Ports.\"5432/tcp\"[0].HostPort") - -# run pg tests -docker exec -i "${PG_CONTAINER}" bash -c "PGPASSWORD=${POSTGRESQL_PASSWORD} psql --host localhost -U postgres -d postgres -p 5432 -f /tmp/test.psql" - -# run pg coverage -docker exec -i "${PG_CONTAINER}" bash -c "/tmp/postgres_coverage.sh" - -# run pgbench -docker exec -i "${PG_CONTAINER}" pgbench --host localhost -U postgres -d postgres -p 5432 -i -s 50 diff --git a/community_images/postgresql/official/docker-compose.yml b/community_images/postgresql/official/docker-compose.yml deleted file mode 100644 index ba828055f6..0000000000 --- a/community_images/postgresql/official/docker-compose.yml +++ /dev/null @@ -1,23 +0,0 @@ -version: '2' - -services: - postgresql: - image: ${PG_IMAGE_REPOSITORY}:${PG_IMAGE_TAG} - cap_add: - - SYS_PTRACE - ports: - - '::5432' - volumes: - - 'postgresql_data:/var/lib/postgresql/data' - - ../../common/tests/test.psql:/tmp/test.psql - - ../../common/tests/common_commands.sh:/tmp/common_commands.sh - - ../../common/tests/postgres_coverage.sh:/tmp/postgres_coverage.sh - environment: - - POSTGRES_USER=postgres - - POSTGRES_PASSWORD=my_password - - POSTGRES_DB=my_database - - PGDATA=/var/lib/postgresql/data - -volumes: - postgresql_data: - driver: local diff --git a/community_images/postgresql/official/image.yml b/community_images/postgresql/official/image.yml deleted file mode 100644 index 1a5b71cba3..0000000000 --- a/community_images/postgresql/official/image.yml +++ /dev/null @@ -1,57 +0,0 @@ -name: postgresql-official -official_name: PostgreSQL Official -official_website: https://www.postgresql.org -source_image_provider: Postgres -source_image_repo: docker.io/library/postgres -source_image_repo_link: https://hub.docker.com/_/postgres -source_image_readme: https://github.com/docker-library/postgres/blob/master/README.md -rf_docker_link: rapidfort/postgresql-official -image_workflow_name: postgresql_official -github_location: postgresql/official -report_url: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fpostgres -usage_instructions: | - 1. Define your app's environment with a Dockerfile so it can be reproduced anywhere. - 2. Define the services that make up your app in docker-compose.yml so they can be run together in an isolated environment. - 3. Lastly, run docker compose up and Compose will start and run your entire app. - -what_is_text: | - PostgreSQL, often simply "Postgres", is an object-relational database management system (ORDBMS) with an emphasis on extensibility and standards-compliance. As a database server, its primary function is to store data, securely and supporting best practices, and retrieve it later, as requested by other software applications, be it those on the same computer or those running on another computer across a network (including the Internet). It can handle workloads ranging from small single-machine applications to large Internet-facing applications with many concurrent users. Recent versions also provide replication of the database itself for security and scalability. -disclaimer: | - Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. -docker_links: - - "[`15`, `15.0`, `latest`, `15.0-bullseye`, `15-bullseye`, `bullseye` (Dockerfile)](https://github.com/docker-library/postgres/blob/648e5c7dc31db0e34d8dc11891ccc50641ba6e42/15/bullseye/Dockerfile)" - - "['14' '14.6', '14.6-bullseye', '14-bullseye' (Dockerfile)](https://github.com/docker-library/postgres/blob/e8ba287990e5e312278fc59131f8a796953dc6c4/14/bullseye/Dockerfile)" - - "[`13`, `13.9`, `13.9-bullseye`, `13-bullseye` (DockerFile)](https://github.com/docker-library/postgres/blob/883b1c3f7b485153ec5d841271801ee436ec3314/13/bullseye/Dockerfile)" - - "[`12`, `12.13`, `12.13-bullseye`, `12-bullseye` (DockerFile)](https://github.com/docker-library/postgres/blob/5ca94d535d75308b16125d132048bf93172521db/12/bullseye/Dockerfile)" - - "[`11.18-bullseye`, `11-bullseye` (DockerFile)](https://github.com/docker-library/postgres/blob/14022440352a9e24d86cae450600ea56969d234b/11/bullseye/Dockerfile)" -input_registry: - registry: docker.io - account: library -repo_sets: - - postgres: - input_base_tag: "15.*-bullseye" - output_repo: postgresql-official - - postgres: - input_base_tag: "14.*-bullseye" - output_repo: postgresql-official - - postgres: - input_base_tag: "13.*-bullseye" - output_repo: postgresql-official - - postgres: - input_base_tag: "12.*-bullseye" - output_repo: postgresql-official - - postgres: - input_base_tag: "11.*-bullseye" - output_repo: postgresql-official -runtimes: - - type: docker_compose - script: dc_coverage.sh - compose_file: docker-compose.yml - image_keys: - postgresql-official: - repository: "PG_IMAGE_REPOSITORY" - tag: "PG_IMAGE_TAG" - - type: docker - postgresql-official: - environment: - POSTGRES_PASSWORD: PgPwd diff --git a/community_images/prometheus/bitnami/.rfignore b/community_images/prometheus/bitnami/.rfignore deleted file mode 100644 index dadbf436a8..0000000000 --- a/community_images/prometheus/bitnami/.rfignore +++ /dev/null @@ -1,4 +0,0 @@ -opt/bitnami/prometheus -opt/bitnami/common/licenses -opt/bitnami/licenses -usr/share/common-licenses diff --git a/community_images/prometheus/bitnami/Dockerfile b/community_images/prometheus/bitnami/Dockerfile deleted file mode 100644 index 3bc0205538..0000000000 --- a/community_images/prometheus/bitnami/Dockerfile +++ /dev/null @@ -1,15 +0,0 @@ -FROM python:3.10.6-alpine3.15 -ADD . /application -WORKDIR /application -RUN set -e; \ - apk add --no-cache --virtual .build-deps \ - gcc \ - libc-dev \ - linux-headers \ - ; \ - pip install --upgrade pip; \ - pip install -r requirements.txt; \ - apk del .build-deps; -EXPOSE 5000 -VOLUME /application -CMD uwsgi --http :5000 --manage-script-name --mount /myapplication=flask_app:app --enable-threads --processes 5 diff --git a/community_images/prometheus/bitnami/README.md b/community_images/prometheus/bitnami/README.md deleted file mode 100644 index a6f41811cb..0000000000 --- a/community_images/prometheus/bitnami/README.md +++ /dev/null @@ -1,142 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for Prometheus - -RapidFort’s container optimization process hardened this Prometheus container. This container is free to use and has no license limitations. - -It is the same as the [Bitnami Prometheus][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is Prometheus? - -> Prometheus is a free software application used for event monitoring and alerting. - - -[Overview of Prometheus](https://prometheus.io/) - -Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - - -## How do I use this hardened Prometheus image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -$ helm repo add bitnami https://charts.bitnami.com/bitnami - -# install prometheus, just replace repository with RapidFort registry -$ helm install my-prometheus bitnami/prometheus --set image.repository=rapidfort/prometheus - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [Bitnami Prometheus][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [Bitnami Prometheus][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/prometheus][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links -* [`2`, `2-debian-11`, `2.48.0`, `2.48.0-debian-11-r` (2/debian-11/Dockerfile)](https://github.com/bitnami/containers/tree/main/bitnami/prometheus/2/debian-11/Dockerfile) - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=prometheus&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fprometheus?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=prometheus&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fprometheus?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=prometheus&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fprometheus?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=prometheus&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fprometheus?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=prometheus&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fprometheus?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=prometheus&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/prometheus?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/prometheus?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/prometheus/bitnami/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/prometheus/bitnami/assets/cve_reduction.webp - -[source-image-repo-link]: https://hub.docker.com/r/bitnami/prometheus -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/prometheus diff --git a/community_images/prometheus/bitnami/assets/cve_reduction.webp b/community_images/prometheus/bitnami/assets/cve_reduction.webp deleted file mode 100644 index fff7538e5b..0000000000 Binary files a/community_images/prometheus/bitnami/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/prometheus/bitnami/assets/metrics.webp b/community_images/prometheus/bitnami/assets/metrics.webp deleted file mode 100644 index d18be72cce..0000000000 Binary files a/community_images/prometheus/bitnami/assets/metrics.webp and /dev/null differ diff --git a/community_images/prometheus/bitnami/build_docker.sh b/community_images/prometheus/bitnami/build_docker.sh deleted file mode 100755 index 23bfdebfd7..0000000000 --- a/community_images/prometheus/bitnami/build_docker.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash - -set -x -set -e - -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -TAG="latest" - -IMAGE_TAG=rapidfort/flaskapp:"${TAG}" - -docker build -t "${IMAGE_TAG}" "${SCRIPTPATH}" -docker push "${IMAGE_TAG}" diff --git a/community_images/prometheus/bitnami/config/prometheus/prometheus.yml b/community_images/prometheus/bitnami/config/prometheus/prometheus.yml deleted file mode 100644 index 10b6400e4a..0000000000 --- a/community_images/prometheus/bitnami/config/prometheus/prometheus.yml +++ /dev/null @@ -1,33 +0,0 @@ -# my global config -global: - scrape_interval: 15s # By default, scrape targets every 15 seconds. - evaluation_interval: 15s # By default, scrape targets every 15 seconds. - # scrape_timeout is set to the global default (10s). - - # Attach these labels to any time series or alerts when communicating with - # external systems (federation, remote storage, Alertmanager). - external_labels: - monitor: 'my-project' - -# A scrape configuration containing exactly one endpoint to scrape: -# Here it's Prometheus itself. -scrape_configs: - # The job name is added as a label `job=` to any timeseries scraped from this config. - - - job_name: 'prometheus' - - # Override the global default and scrape targets from this job every 5 seconds. - scrape_interval: 15s - - static_configs: - - targets: ['localhost:9090'] - - - job_name: 'webapp' - - # Override the global default and scrape targets from this job every 5 seconds. - scrape_interval: 5s - - # metrics_path defaults to '/metrics' - # scheme defaults to 'http'. - static_configs: - - targets: ['webapp:5000'] diff --git a/community_images/prometheus/bitnami/coverage.sh b/community_images/prometheus/bitnami/coverage.sh deleted file mode 100755 index 12b147d8cc..0000000000 --- a/community_images/prometheus/bitnami/coverage.sh +++ /dev/null @@ -1,67 +0,0 @@ -#!/bin/bash - -set -e -set -x - -# shellcheck disable=SC1091 -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -# shellcheck disable=SC1091 -. "${SCRIPTPATH}"/../../common/scripts/bash_helper.sh - -function get_unused_port() { - netstat -aln | awk ' - $6 == "LISTEN" { - if ($4 ~ "[.:][0-9]+$") { - split($4, a, /[:.]/); - port = a[length(a)]; - p[port] = 1 - } - } - END { - for (i = 3000; i < 65000 && p[i]; i++){}; - if (i == 65000) {exit 1}; - print i - } - ' -} - -function test_prometheus() { - local NAMESPACE=$1 - local PROMETHEUS_SERVER=$2 - local PROMETHEUS_PORT=$3 - - FLASK_POD_NAME="flaskapp" - FLASK_LOCAL_PORT=$(get_unused_port) - - kubectl run "${FLASK_POD_NAME}" --restart='Never' --image rapidfort/flaskapp --namespace "${NAMESPACE}" - - # wait for flask app pod to come up - kubectl wait pods "${FLASK_POD_NAME}" -n "${NAMESPACE}" --for=condition=ready --timeout=10m - - # port forward the pod to the host machine - kubectl port-forward "${FLASK_POD_NAME}" "${FLASK_LOCAL_PORT}":5000 --namespace "${NAMESPACE}" & - PID_PF="$!" - - # hit the flaskapp endpoints so that prometheus metrics are published - for i in {1..10}; do - echo "attempt $i" - with_backoff curl -L http://localhost:"${FLASK_LOCAL_PORT}"/test - with_backoff curl -L http://localhost:"${FLASK_LOCAL_PORT}"/test1 - sleep 1 - done - - # wait for 10 secs for the metrics to be scraped and published - sleep 10 - - # run selenium tests - "${SCRIPTPATH}"/../../common/selenium_tests/runner.sh "${PROMETHEUS_SERVER}" "${PROMETHEUS_PORT}" "${SCRIPTPATH}"/selenium_tests "${NAMESPACE}" 2>&1 - - - # delete pod - kubectl delete pod "${FLASK_POD_NAME}" -n "${NAMESPACE}" - - # kill pid - kill -9 "$PID_PF" - -} diff --git a/community_images/prometheus/bitnami/dc_coverage.sh b/community_images/prometheus/bitnami/dc_coverage.sh deleted file mode 100755 index f7d879da68..0000000000 --- a/community_images/prometheus/bitnami/dc_coverage.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -set -x -set -e - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" \ No newline at end of file diff --git a/community_images/prometheus/bitnami/docker-compose.yml b/community_images/prometheus/bitnami/docker-compose.yml deleted file mode 100644 index 36d646a4e6..0000000000 --- a/community_images/prometheus/bitnami/docker-compose.yml +++ /dev/null @@ -1,9 +0,0 @@ -version: '2' - -services: - prometheus1: - image: ${PROMETHEUS_IMAGE_REPOSITORY}:${PROMETHEUS_IMAGE_TAG} - cap_add: - - SYS_PTRACE - ports: - - '9090:9090' diff --git a/community_images/prometheus/bitnami/docker_coverage.sh b/community_images/prometheus/bitnami/docker_coverage.sh deleted file mode 100755 index fcafaf9f02..0000000000 --- a/community_images/prometheus/bitnami/docker_coverage.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -set -x -set -e - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker coverage = $JSON" \ No newline at end of file diff --git a/community_images/prometheus/bitnami/flask_app.py b/community_images/prometheus/bitnami/flask_app.py deleted file mode 100644 index 288039cc2f..0000000000 --- a/community_images/prometheus/bitnami/flask_app.py +++ /dev/null @@ -1,43 +0,0 @@ -"""The flask application""" -#!/usr/bin/env python3 - -from flask import Flask, Response # pylint: disable=import-error -import prometheus_client # pylint: disable=import-error -from helpers.middleware import setup_metrics - -CONTENT_TYPE_LATEST = str('text/plain; version=0.0.4; charset=utf-8') - - -app = Flask(__name__) -setup_metrics(app) - - -@app.route('/test/') -def test(): - """The test endpoint""" - return 'rest' - - -@app.route('/test1/') -def test1(): - """The test1 endpoint""" - 1 / 0 # pylint: disable=pointless-statement - return 'rest' - - -@app.errorhandler(500) -def handle_500(error): - """The error handler""" - return str(error), 500 - - -@app.route('/metrics') -def metrics(): - """The metrics endpoint""" - return Response( - prometheus_client.generate_latest(), - mimetype=CONTENT_TYPE_LATEST) - - -if __name__ == '__main__': - app.run() diff --git a/community_images/prometheus/bitnami/helpers/middleware.py b/community_images/prometheus/bitnami/helpers/middleware.py deleted file mode 100644 index e23abde40c..0000000000 --- a/community_images/prometheus/bitnami/helpers/middleware.py +++ /dev/null @@ -1,41 +0,0 @@ -"""The middleware module""" -#!/usr/bin/env python3 - -import time -from flask import request # pylint: disable=import-error -from prometheus_client import Counter, Histogram # pylint: disable=import-error - -REQUEST_COUNT = Counter( - 'request_count', 'App Request Count', - ['app_name', 'method', 'endpoint', 'http_status'] -) -REQUEST_LATENCY = Histogram('request_latency_seconds', 'Request latency', - ['app_name', 'endpoint'] - ) - - -def start_timer(): - """The start timer function""" - request.start_time = time.time() - - -def stop_timer(response): - """The stop timer function""" - resp_time = time.time() - request.start_time - REQUEST_LATENCY.labels('webapp', request.path).observe(resp_time) - return response - - -def record_request_data(response): - """The method to record the request metadata""" - REQUEST_COUNT.labels('webapp', request.method, request.path, - response.status_code).inc() - return response - - -def setup_metrics(app): - """The method to setup the metrics""" - app.before_request(start_timer) - # we want stop_timer to execute first - app.after_request(record_request_data) - app.after_request(stop_timer) diff --git a/community_images/prometheus/bitnami/image.yml b/community_images/prometheus/bitnami/image.yml deleted file mode 100644 index 258573add9..0000000000 --- a/community_images/prometheus/bitnami/image.yml +++ /dev/null @@ -1,46 +0,0 @@ -name: prometheus -official_name: Prometheus -official_website: https://prometheus.io/ -source_image_provider: Bitnami -source_image_repo: docker.io/bitnami/prometheus -source_image_repo_link: https://hub.docker.com/r/bitnami/prometheus -source_image_readme: https://github.com/bitnami/containers/blob/main/bitnami/prometheus/README.md -rf_docker_link: rapidfort/prometheus -image_workflow_name: prometheus_bitnami -github_location: prometheus/bitnami -report_url: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fprometheus -usage_instructions: | - $ helm repo add bitnami https://charts.bitnami.com/bitnami - - # install prometheus, just replace repository with RapidFort registry - $ helm install my-prometheus bitnami/prometheus --set image.repository=rapidfort/prometheus -what_is_text: | - Prometheus is a free software application used for event monitoring and alerting. -disclaimer: | - Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. -input_registry: - registry: docker.io - account: bitnami -repo_sets: - - prometheus: - input_base_tag: "2.47.1-debian-11-r" -runtimes: - - type: k8s - script: k8s_coverage.sh - use_helm: False - image_keys: - prometheus: - repository: "image.repository" - tag: "image.tag" - override_file: "overrides.yml" - readiness_wait_pod_name_suffix: - - "" - - type: docker_compose - script: dc_coverage.sh - compose_file: docker-compose.yml - image_keys: - prometheus: - repository: "PROMETHEUS_IMAGE_REPOSITORY" - tag: "PROMETHEUS_IMAGE_TAG" - - type: docker - script: docker_coverage.sh diff --git a/community_images/prometheus/bitnami/k8s_coverage.sh b/community_images/prometheus/bitnami/k8s_coverage.sh deleted file mode 100755 index 461ca4e1d8..0000000000 --- a/community_images/prometheus/bitnami/k8s_coverage.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/bash - -set -x -set -e - -# shellcheck disable=SC1091 -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -# shellcheck disable=SC1091 -. "${SCRIPTPATH}"/coverage.sh - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for k8s coverage = $JSON" - -NAMESPACE=$(jq -r '.namespace_name' < "$JSON_PARAMS") -RELEASE_NAME=$(jq -r '.release_name' < "$JSON_PARAMS") - -# get pod name -PROMETHEUS_SERVER=$(kubectl get pod "${RELEASE_NAME}" -n "${NAMESPACE}" --template '{{.status.podIP}}') - -PROMETHEUS_PORT=9090 - -test_prometheus "${NAMESPACE}" "${PROMETHEUS_SERVER}" "${PROMETHEUS_PORT}" diff --git a/community_images/prometheus/bitnami/overrides.yml b/community_images/prometheus/bitnami/overrides.yml deleted file mode 100644 index 6584d81765..0000000000 --- a/community_images/prometheus/bitnami/overrides.yml +++ /dev/null @@ -1,20 +0,0 @@ -image: - pullSecrets: ["rf-regcred"] - pullPolicy: Always -containerSecurityContext: - enabled: true - runAsUser: 1001 - allowPrivilegeEscalation: true - capabilities: - add: ["SYS_PTRACE"] -resourceType: deployment -replicaCount: 1 -extraEnvVars: - - name: "RF_VERBOSE" - value: "0" -livenessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 -readinessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 diff --git a/community_images/prometheus/bitnami/requirements.txt b/community_images/prometheus/bitnami/requirements.txt deleted file mode 100644 index c73851dd5b..0000000000 --- a/community_images/prometheus/bitnami/requirements.txt +++ /dev/null @@ -1,8 +0,0 @@ -click==8.1.3 -Flask==2.3.2 -itsdangerous==2.1.2 -Jinja2==3.1.2 -MarkupSafe==2.1.1 -prometheus-client==0.14.1 -uWSGI==2.0.22 -Werkzeug==3.0.1 diff --git a/community_images/prometheus/bitnami/selenium_tests/__init__.py b/community_images/prometheus/bitnami/selenium_tests/__init__.py deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/community_images/prometheus/bitnami/selenium_tests/conftest.py b/community_images/prometheus/bitnami/selenium_tests/conftest.py deleted file mode 100644 index f30cea12f5..0000000000 --- a/community_images/prometheus/bitnami/selenium_tests/conftest.py +++ /dev/null @@ -1,23 +0,0 @@ -"""The conftest file for running selenium test.""" -# pylint: skip-file - -# conftest.py -import pytest # pylint: disable=import-error - - -def pytest_addoption(parser): - """The function to add options""" - parser.addoption("--server", action="store", help="prometheus server") - parser.addoption("--port", action="store", - help="port for prometheus container") - - -@pytest.fixture -def params(request): - """the params""" - config_params = {} - config_params['server'] = request.config.getoption('--server') - config_params['port'] = request.config.getoption('--port') - if config_params['server'] is None or config_params['port'] is None: - pytest.skip() - return config_params diff --git a/community_images/prometheus/bitnami/selenium_tests/prometheus_selenium_test.py b/community_images/prometheus/bitnami/selenium_tests/prometheus_selenium_test.py deleted file mode 100644 index c820e2c497..0000000000 --- a/community_images/prometheus/bitnami/selenium_tests/prometheus_selenium_test.py +++ /dev/null @@ -1,77 +0,0 @@ -"""The selenium test.""" -# pylint: skip-file - -# Generated by Selenium IDE -import json # pylint: disable=import-error disable=unused-import -import time # pylint: disable=import-error disable=unused-import -import pytest # pylint: disable=import-error disable=unused-import -from selenium import webdriver # pylint: disable=import-error -from selenium.webdriver.chrome.options import Options # pylint: disable=import-error -from selenium.webdriver.common.by import By # pylint: disable=import-error -from selenium.webdriver.common.action_chains import ActionChains # pylint: disable=import-error disable=unused-import -from selenium.webdriver.support import expected_conditions # pylint: disable=import-error disable=unused-import -from selenium.webdriver.support.wait import WebDriverWait # pylint: disable=import-error disable=unused-import -from selenium.webdriver.common.keys import Keys # pylint: disable=import-error disable=unused-import -from selenium.webdriver.common.desired_capabilities import DesiredCapabilities # pylint: disable=import-error disable=unused-import - - -class TestPrometheus(): - """The test word press class for testing wordpress image.""" - - def setup_method(self): - """setup method.""" - chrome_options = Options() - chrome_options.add_argument("--headless") - chrome_options.add_argument('--disable-dev-shm-usage') - chrome_options.add_argument("disable-infobars") - chrome_options.add_argument("--disable-extensions") - chrome_options.add_argument("--disable-gpu") - chrome_options.add_argument("--no-sandbox") - self.driver = webdriver.Chrome( - options=chrome_options) # pylint: disable=attribute-defined-outside-init - self.driver.implicitly_wait(10) - - def teardown_method(self, method): # pylint: disable=unused-argument - """teardown method.""" - self.driver.quit() - - def test_prometheus(self, params): - """The test method""" - # Test name: s1 - # Step # | name | target | value - # 1 | open | - # /graph?g0.expr=&g0.tab=1&g0.stacked=0&g0.show_exemplars=0&g0.range_input=1h - # | - self.driver.get( - "http://{}:{}/".format( - params["server"], - params["port"])) # pylint: disable=consider-using-f-string - # 2 | setWindowSize | 1200x859 | - self.driver.set_window_size(1200, 859) - # 3 | click | css=.cm-line | - self.driver.find_element(By.CSS_SELECTOR, ".cm-line").click() - # 4 | click | css=.execute-btn | - self.driver.find_element(By.CSS_SELECTOR, ".execute-btn").click() - # 5 | click | css=.cm-line | - self.driver.find_element(By.CSS_SELECTOR, ".cm-line").click() - # 6 | editContent | css=.cm-content |
request_count_total
- element = self.driver.find_element(By.CSS_SELECTOR, ".cm-content") - self.driver.execute_script( - "if(arguments[0].contentEditable === 'true') {arguments[0].innerText = '
request_count_total
'}", - element) # pylint: disable=line-too-long - # 7 | click | css=.execute-btn | - self.driver.find_element(By.CSS_SELECTOR, ".execute-btn").click() - # search for the text on the page now - assert "request_count_total" in self.driver.page_source - # 8 | editContent | css=.cm-content |
request_latency_seconds_bucket
# pylint: - # disable=line-too-long - element = self.driver.find_element(By.CSS_SELECTOR, ".cm-content") - self.driver.execute_script( - "if(arguments[0].contentEditable === 'true') {arguments[0].innerText = '
request_latency_seconds_bucket
'}", - element) - # 9 | click | css=.execute-btn | - self.driver.find_element(By.CSS_SELECTOR, ".execute-btn").click() - # search for the text on the page - assert "request_latency_seconds_bucket" in self.driver.page_source diff --git a/community_images/prometheus/ironbank/.rfignore b/community_images/prometheus/ironbank/.rfignore deleted file mode 100644 index bd036ec246..0000000000 --- a/community_images/prometheus/ironbank/.rfignore +++ /dev/null @@ -1 +0,0 @@ -usr/share/licenses diff --git a/community_images/prometheus/ironbank/README.md b/community_images/prometheus/ironbank/README.md deleted file mode 100644 index 32ccdf2eea..0000000000 --- a/community_images/prometheus/ironbank/README.md +++ /dev/null @@ -1,141 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for Prometheus Ironbank - -RapidFort’s container optimization process hardened this Prometheus Ironbank container. This container is free to use and has no license limitations. - -It is the same as the [Platform One Prometheus Ironbank][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is Prometheus Ironbank? - -> Prometheus is a free software application used for event monitoring and alerting. - - -[Overview of Prometheus Ironbank](https://prometheus.io/) - -Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - - -## How do I use this hardened Prometheus Ironbank image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -$ helm repo add bitnami https://charts.bitnami.com/bitnami - -# install prometheus, just replace repository with RapidFort registry -$ helm install my-prometheus bitnami/prometheus --set image.repository=rapidfort/prometheus-ib - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [Platform One Prometheus Ironbank][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [Platform One Prometheus Ironbank][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/prometheus-ib][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=prometheus-ib&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fprometheus%2Fprometheus?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=prometheus-ib&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fprometheus%2Fprometheus?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=prometheus-ib&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fprometheus%2Fprometheus?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=prometheus-ib&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fprometheus%2Fprometheus?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=prometheus-ib&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fprometheus%2Fprometheus?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=prometheus-ib&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/prometheus-ib?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/prometheus-ib?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/prometheus/ironbank/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/prometheus/ironbank/assets/cve_reduction.webp - -[source-image-repo-link]: https://registry1.dso.mil/harbor/projects/3/repositories/opensource%2Fprometheus%2Fprometheus -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/prometheus-ib diff --git a/community_images/prometheus/ironbank/assets/cve_reduction.webp b/community_images/prometheus/ironbank/assets/cve_reduction.webp deleted file mode 100644 index be4646b564..0000000000 Binary files a/community_images/prometheus/ironbank/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/prometheus/ironbank/assets/metrics.webp b/community_images/prometheus/ironbank/assets/metrics.webp deleted file mode 100644 index 246cb179df..0000000000 Binary files a/community_images/prometheus/ironbank/assets/metrics.webp and /dev/null differ diff --git a/community_images/prometheus/ironbank/config/prometheus/prometheus.yml b/community_images/prometheus/ironbank/config/prometheus/prometheus.yml deleted file mode 100644 index 10b6400e4a..0000000000 --- a/community_images/prometheus/ironbank/config/prometheus/prometheus.yml +++ /dev/null @@ -1,33 +0,0 @@ -# my global config -global: - scrape_interval: 15s # By default, scrape targets every 15 seconds. - evaluation_interval: 15s # By default, scrape targets every 15 seconds. - # scrape_timeout is set to the global default (10s). - - # Attach these labels to any time series or alerts when communicating with - # external systems (federation, remote storage, Alertmanager). - external_labels: - monitor: 'my-project' - -# A scrape configuration containing exactly one endpoint to scrape: -# Here it's Prometheus itself. -scrape_configs: - # The job name is added as a label `job=` to any timeseries scraped from this config. - - - job_name: 'prometheus' - - # Override the global default and scrape targets from this job every 5 seconds. - scrape_interval: 15s - - static_configs: - - targets: ['localhost:9090'] - - - job_name: 'webapp' - - # Override the global default and scrape targets from this job every 5 seconds. - scrape_interval: 5s - - # metrics_path defaults to '/metrics' - # scheme defaults to 'http'. - static_configs: - - targets: ['webapp:5000'] diff --git a/community_images/prometheus/ironbank/coverage.sh b/community_images/prometheus/ironbank/coverage.sh deleted file mode 100755 index 12b147d8cc..0000000000 --- a/community_images/prometheus/ironbank/coverage.sh +++ /dev/null @@ -1,67 +0,0 @@ -#!/bin/bash - -set -e -set -x - -# shellcheck disable=SC1091 -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -# shellcheck disable=SC1091 -. "${SCRIPTPATH}"/../../common/scripts/bash_helper.sh - -function get_unused_port() { - netstat -aln | awk ' - $6 == "LISTEN" { - if ($4 ~ "[.:][0-9]+$") { - split($4, a, /[:.]/); - port = a[length(a)]; - p[port] = 1 - } - } - END { - for (i = 3000; i < 65000 && p[i]; i++){}; - if (i == 65000) {exit 1}; - print i - } - ' -} - -function test_prometheus() { - local NAMESPACE=$1 - local PROMETHEUS_SERVER=$2 - local PROMETHEUS_PORT=$3 - - FLASK_POD_NAME="flaskapp" - FLASK_LOCAL_PORT=$(get_unused_port) - - kubectl run "${FLASK_POD_NAME}" --restart='Never' --image rapidfort/flaskapp --namespace "${NAMESPACE}" - - # wait for flask app pod to come up - kubectl wait pods "${FLASK_POD_NAME}" -n "${NAMESPACE}" --for=condition=ready --timeout=10m - - # port forward the pod to the host machine - kubectl port-forward "${FLASK_POD_NAME}" "${FLASK_LOCAL_PORT}":5000 --namespace "${NAMESPACE}" & - PID_PF="$!" - - # hit the flaskapp endpoints so that prometheus metrics are published - for i in {1..10}; do - echo "attempt $i" - with_backoff curl -L http://localhost:"${FLASK_LOCAL_PORT}"/test - with_backoff curl -L http://localhost:"${FLASK_LOCAL_PORT}"/test1 - sleep 1 - done - - # wait for 10 secs for the metrics to be scraped and published - sleep 10 - - # run selenium tests - "${SCRIPTPATH}"/../../common/selenium_tests/runner.sh "${PROMETHEUS_SERVER}" "${PROMETHEUS_PORT}" "${SCRIPTPATH}"/selenium_tests "${NAMESPACE}" 2>&1 - - - # delete pod - kubectl delete pod "${FLASK_POD_NAME}" -n "${NAMESPACE}" - - # kill pid - kill -9 "$PID_PF" - -} diff --git a/community_images/prometheus/ironbank/image.yml b/community_images/prometheus/ironbank/image.yml deleted file mode 100644 index 3f74f20b7d..0000000000 --- a/community_images/prometheus/ironbank/image.yml +++ /dev/null @@ -1,38 +0,0 @@ -name: prometheus-ib -official_name: Prometheus Ironbank -official_website: https://prometheus.io/ -source_image_provider: Platform One -source_image_repo: registry1.dso.mil/ironbank/opensource/prometheus/prometheus -source_image_repo_link: https://registry1.dso.mil/harbor/projects/3/repositories/opensource%2Fprometheus%2Fprometheus -source_image_readme: https://repo1.dso.mil/dsop/opensource/prometheus/prometheus/-/blob/development/README.md -rf_docker_link: rapidfort/prometheus-ib -# image_workflow_name: prometheus_ironbank -github_location: prometheus/ironbank -report_url: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fprometheus%2Fprometheus -usage_instructions: | - $ helm repo add bitnami https://charts.bitnami.com/bitnami - - # install prometheus, just replace repository with RapidFort registry - $ helm install my-prometheus bitnami/prometheus --set image.repository=rapidfort/prometheus-ib -what_is_text: | - Prometheus is a free software application used for event monitoring and alerting. -disclaimer: | - Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. -input_registry: - registry: registry1.dso.mil - account: ironbank -repo_sets: - - opensource/prometheus/prometheus: - input_base_tag: "2.44." - output_repo: prometheus-ib -runtimes: - - type: k8s - script: k8s_coverage.sh - use_helm: False - image_keys: - prometheus-ib: - repository: "image.repository" - tag: "image.tag" - override_file: "overrides.yml" - readiness_wait_pod_name_suffix: - - "" diff --git a/community_images/prometheus/ironbank/k8s_coverage.sh b/community_images/prometheus/ironbank/k8s_coverage.sh deleted file mode 100755 index 461ca4e1d8..0000000000 --- a/community_images/prometheus/ironbank/k8s_coverage.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/bash - -set -x -set -e - -# shellcheck disable=SC1091 -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -# shellcheck disable=SC1091 -. "${SCRIPTPATH}"/coverage.sh - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for k8s coverage = $JSON" - -NAMESPACE=$(jq -r '.namespace_name' < "$JSON_PARAMS") -RELEASE_NAME=$(jq -r '.release_name' < "$JSON_PARAMS") - -# get pod name -PROMETHEUS_SERVER=$(kubectl get pod "${RELEASE_NAME}" -n "${NAMESPACE}" --template '{{.status.podIP}}') - -PROMETHEUS_PORT=9090 - -test_prometheus "${NAMESPACE}" "${PROMETHEUS_SERVER}" "${PROMETHEUS_PORT}" diff --git a/community_images/prometheus/ironbank/overrides.yml b/community_images/prometheus/ironbank/overrides.yml deleted file mode 100644 index 6584d81765..0000000000 --- a/community_images/prometheus/ironbank/overrides.yml +++ /dev/null @@ -1,20 +0,0 @@ -image: - pullSecrets: ["rf-regcred"] - pullPolicy: Always -containerSecurityContext: - enabled: true - runAsUser: 1001 - allowPrivilegeEscalation: true - capabilities: - add: ["SYS_PTRACE"] -resourceType: deployment -replicaCount: 1 -extraEnvVars: - - name: "RF_VERBOSE" - value: "0" -livenessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 -readinessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 diff --git a/community_images/prometheus/ironbank/selenium_tests/__init__.py b/community_images/prometheus/ironbank/selenium_tests/__init__.py deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/community_images/prometheus/ironbank/selenium_tests/conftest.py b/community_images/prometheus/ironbank/selenium_tests/conftest.py deleted file mode 100644 index f30cea12f5..0000000000 --- a/community_images/prometheus/ironbank/selenium_tests/conftest.py +++ /dev/null @@ -1,23 +0,0 @@ -"""The conftest file for running selenium test.""" -# pylint: skip-file - -# conftest.py -import pytest # pylint: disable=import-error - - -def pytest_addoption(parser): - """The function to add options""" - parser.addoption("--server", action="store", help="prometheus server") - parser.addoption("--port", action="store", - help="port for prometheus container") - - -@pytest.fixture -def params(request): - """the params""" - config_params = {} - config_params['server'] = request.config.getoption('--server') - config_params['port'] = request.config.getoption('--port') - if config_params['server'] is None or config_params['port'] is None: - pytest.skip() - return config_params diff --git a/community_images/prometheus/ironbank/selenium_tests/prometheus_selenium_test.py b/community_images/prometheus/ironbank/selenium_tests/prometheus_selenium_test.py deleted file mode 100644 index c820e2c497..0000000000 --- a/community_images/prometheus/ironbank/selenium_tests/prometheus_selenium_test.py +++ /dev/null @@ -1,77 +0,0 @@ -"""The selenium test.""" -# pylint: skip-file - -# Generated by Selenium IDE -import json # pylint: disable=import-error disable=unused-import -import time # pylint: disable=import-error disable=unused-import -import pytest # pylint: disable=import-error disable=unused-import -from selenium import webdriver # pylint: disable=import-error -from selenium.webdriver.chrome.options import Options # pylint: disable=import-error -from selenium.webdriver.common.by import By # pylint: disable=import-error -from selenium.webdriver.common.action_chains import ActionChains # pylint: disable=import-error disable=unused-import -from selenium.webdriver.support import expected_conditions # pylint: disable=import-error disable=unused-import -from selenium.webdriver.support.wait import WebDriverWait # pylint: disable=import-error disable=unused-import -from selenium.webdriver.common.keys import Keys # pylint: disable=import-error disable=unused-import -from selenium.webdriver.common.desired_capabilities import DesiredCapabilities # pylint: disable=import-error disable=unused-import - - -class TestPrometheus(): - """The test word press class for testing wordpress image.""" - - def setup_method(self): - """setup method.""" - chrome_options = Options() - chrome_options.add_argument("--headless") - chrome_options.add_argument('--disable-dev-shm-usage') - chrome_options.add_argument("disable-infobars") - chrome_options.add_argument("--disable-extensions") - chrome_options.add_argument("--disable-gpu") - chrome_options.add_argument("--no-sandbox") - self.driver = webdriver.Chrome( - options=chrome_options) # pylint: disable=attribute-defined-outside-init - self.driver.implicitly_wait(10) - - def teardown_method(self, method): # pylint: disable=unused-argument - """teardown method.""" - self.driver.quit() - - def test_prometheus(self, params): - """The test method""" - # Test name: s1 - # Step # | name | target | value - # 1 | open | - # /graph?g0.expr=&g0.tab=1&g0.stacked=0&g0.show_exemplars=0&g0.range_input=1h - # | - self.driver.get( - "http://{}:{}/".format( - params["server"], - params["port"])) # pylint: disable=consider-using-f-string - # 2 | setWindowSize | 1200x859 | - self.driver.set_window_size(1200, 859) - # 3 | click | css=.cm-line | - self.driver.find_element(By.CSS_SELECTOR, ".cm-line").click() - # 4 | click | css=.execute-btn | - self.driver.find_element(By.CSS_SELECTOR, ".execute-btn").click() - # 5 | click | css=.cm-line | - self.driver.find_element(By.CSS_SELECTOR, ".cm-line").click() - # 6 | editContent | css=.cm-content |
request_count_total
- element = self.driver.find_element(By.CSS_SELECTOR, ".cm-content") - self.driver.execute_script( - "if(arguments[0].contentEditable === 'true') {arguments[0].innerText = '
request_count_total
'}", - element) # pylint: disable=line-too-long - # 7 | click | css=.execute-btn | - self.driver.find_element(By.CSS_SELECTOR, ".execute-btn").click() - # search for the text on the page now - assert "request_count_total" in self.driver.page_source - # 8 | editContent | css=.cm-content |
request_latency_seconds_bucket
# pylint: - # disable=line-too-long - element = self.driver.find_element(By.CSS_SELECTOR, ".cm-content") - self.driver.execute_script( - "if(arguments[0].contentEditable === 'true') {arguments[0].innerText = '
request_latency_seconds_bucket
'}", - element) - # 9 | click | css=.execute-btn | - self.driver.find_element(By.CSS_SELECTOR, ".execute-btn").click() - # search for the text on the page - assert "request_latency_seconds_bucket" in self.driver.page_source diff --git a/community_images/rabbitmq/bitnami/.rfignore b/community_images/rabbitmq/bitnami/.rfignore deleted file mode 100644 index a6a546bb28..0000000000 --- a/community_images/rabbitmq/bitnami/.rfignore +++ /dev/null @@ -1,5 +0,0 @@ -opt/bitnami/rabbitmq -opt/bitnami/common/licenses -opt/bitnami/licenses -opt/bitnami/rabbitmq/licenses -usr/share/common-licenses diff --git a/community_images/rabbitmq/bitnami/README.md b/community_images/rabbitmq/bitnami/README.md deleted file mode 100644 index 3e2e351ce5..0000000000 --- a/community_images/rabbitmq/bitnami/README.md +++ /dev/null @@ -1,144 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for RabbitMQ - -RapidFort’s container optimization process hardened this RabbitMQ container. This container is free to use and has no license limitations. - -It is the same as the [Bitnami RabbitMQ][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is RabbitMQ? - -> RabbitMQ is an open source general-purpose message broker that is designed for consistent, highly-available messaging scenarios (both synchronous and asynchronous). - - -[Overview of RabbitMQ](https://www.rabbitmq.com/) - -Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - - -## How do I use this hardened RabbitMQ image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -$ helm repo add bitnami https://charts.bitnami.com/bitnami - -# install rabbitmq, just replace repository with RapidFort registry -$ helm install my-rabbitmq bitnami/rabbitmq --set image.repository=rapidfort/rabbitmq - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [Bitnami RabbitMQ][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [Bitnami RabbitMQ][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/rabbitmq][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links -* [`3.12`, `3.12-debian-11`, `3.12.10`, `3.12.10-debian-11-r` (3.12/debian-11/Dockerfile)](https://github.com/bitnami/containers/tree/main/bitnami/rabbitmq/3.12/debian-11/Dockerfile) -* [`3.11`, `3.11-debian-11`, `3.11.26`, `3.11.26-debian-11-r` (3.11/debian-11/Dockerfile)](https://github.com/bitnami/containers/tree/main/bitnami/rabbitmq/3.11/debian-11/Dockerfile) -* [`3.10`, `3.10-debian-11`, `3.10.25`, `3.10.25-debian-11-r` (3.10/debian-11/Dockerfile)](https://github.com/bitnami/containers/tree/main/bitnami/rabbitmq/3.10/debian-11/Dockerfile) - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=rabbitmq&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Frabbitmq?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=rabbitmq&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Frabbitmq?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=rabbitmq&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Frabbitmq?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=rabbitmq&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Frabbitmq?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=rabbitmq&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Frabbitmq?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=rabbitmq&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/rabbitmq?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/rabbitmq?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/rabbitmq/bitnami/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/rabbitmq/bitnami/assets/cve_reduction.webp - -[source-image-repo-link]: https://hub.docker.com/r/bitnami/rabbitmq -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/rabbitmq diff --git a/community_images/rabbitmq/bitnami/assets/cve_reduction.webp b/community_images/rabbitmq/bitnami/assets/cve_reduction.webp deleted file mode 100644 index 08319fdff6..0000000000 Binary files a/community_images/rabbitmq/bitnami/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/rabbitmq/bitnami/assets/metrics.webp b/community_images/rabbitmq/bitnami/assets/metrics.webp deleted file mode 100644 index a522fe20cd..0000000000 Binary files a/community_images/rabbitmq/bitnami/assets/metrics.webp and /dev/null differ diff --git a/community_images/rabbitmq/bitnami/consume.py b/community_images/rabbitmq/bitnami/consume.py deleted file mode 100644 index fd27a03e92..0000000000 --- a/community_images/rabbitmq/bitnami/consume.py +++ /dev/null @@ -1,57 +0,0 @@ -"""The rabbitmq consumer.""" -#!/usr/bin/env python -import getopt -import os -import sys - -import pika # pylint: disable=import-error - -DEFAULT_RABBITMQ_USER = 'user' -DEFAULT_RABBITMQ_PASSWORD = 'bitnami' -DEFAULT_TOPIC_NAME = 'test' - -server = 'localhost' # pylint: disable=invalid-name -password = DEFAULT_RABBITMQ_PASSWORD # pylint: disable=invalid-name -user = DEFAULT_RABBITMQ_USER # pylint: disable=invalid-name -try: - opts, args = getopt.getopt(sys.argv[1:], "s:p:u:", [ - "rabbitmq-server=", "password=", "user="]) -except getopt.GetoptError: - print('python3 consume.py --rabbitmq-server --password --user ') - sys.exit(2) -for opt, arg in opts: - if opt in ("--rabbitmq-server", "--s"): - server = arg - elif opt in ("--password", "--p"): - password = arg - elif opt in ("--user", "--u"): - user = arg - - -def main(): - """main function.""" - params = pika.URLParameters(f'amqp://{user}:{password}@{server}') - connection = pika.BlockingConnection(params) - channel = connection.channel() - channel.queue_declare(queue=DEFAULT_TOPIC_NAME) - - method_frame, _, body = channel.basic_get( - queue=DEFAULT_TOPIC_NAME) # pylint: disable=unused-variable - if method_frame is None or method_frame.NAME == 'Basic.GetEmpty': - print(" [x] Error, empty response ") - connection.close() - else: - channel.basic_ack(delivery_tag=method_frame.delivery_tag) - print(f" [x] Received {body}") - connection.close() - - -if __name__ == '__main__': - try: - main() - except KeyboardInterrupt: - print('Interrupted') - try: - sys.exit(0) - except SystemExit: - os._exit(0) # pylint: disable=protected-access diff --git a/community_images/rabbitmq/bitnami/coverage.sh b/community_images/rabbitmq/bitnami/coverage.sh deleted file mode 100644 index b47df34990..0000000000 --- a/community_images/rabbitmq/bitnami/coverage.sh +++ /dev/null @@ -1,72 +0,0 @@ -#!/bin/bash - -set -e -set -x - -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -function test_rabbitmq() { - local NAMESPACE=$1 - local RABBITMQ_SERVER=$2 - local RABBITMQ_PASS=$3 - - PUBLISHER_POD_NAME="publisher" - kubectl run "${PUBLISHER_POD_NAME}" --restart='Never' --image bitnami/python --namespace "${NAMESPACE}" --command -- sleep infinity - # wait for publisher pod to come up - kubectl wait pods "${PUBLISHER_POD_NAME}" -n "${NAMESPACE}" --for=condition=ready --timeout=10m - echo "#!/bin/bash - pip install pika - python3 /tmp/publish.py --rabbitmq-server=$RABBITMQ_SERVER --password=$RABBITMQ_PASS" > "$SCRIPTPATH"/publish_commands.sh - - kubectl -n "${NAMESPACE}" cp "${SCRIPTPATH}"/publish.py "${PUBLISHER_POD_NAME}":/tmp/publish.py - chmod +x "$SCRIPTPATH"/publish_commands.sh - kubectl -n "${NAMESPACE}" cp "${SCRIPTPATH}"/publish_commands.sh "${PUBLISHER_POD_NAME}":/tmp/publish_commands.sh - - kubectl -n "${NAMESPACE}" exec -i "${PUBLISHER_POD_NAME}" -- bash -c "/tmp/publish_commands.sh" - - # consumer specific - CONSUMER_POD_NAME="consumer" - kubectl run "${CONSUMER_POD_NAME}" --restart='Never' --image bitnami/python --namespace "${NAMESPACE}" --command -- sleep infinity - # wait for consumer pod to come up - kubectl wait pods "${CONSUMER_POD_NAME}" -n "${NAMESPACE}" --for=condition=ready --timeout=10m - echo "#!/bin/bash - pip install pika - python3 /tmp/consume.py --rabbitmq-server=$RABBITMQ_SERVER --password=$RABBITMQ_PASS" > "$SCRIPTPATH"/consume_commands.sh - - kubectl -n "${NAMESPACE}" cp "${SCRIPTPATH}"/consume.py "${CONSUMER_POD_NAME}":/tmp/consume.py - chmod +x "$SCRIPTPATH"/consume_commands.sh - kubectl -n "${NAMESPACE}" cp "${SCRIPTPATH}"/consume_commands.sh "${CONSUMER_POD_NAME}":/tmp/consume_commands.sh - - kubectl -n "${NAMESPACE}" exec -i "${CONSUMER_POD_NAME}" -- bash -c "/tmp/consume_commands.sh" - - # delete the client containers - kubectl -n "${NAMESPACE}" delete pod "${PUBLISHER_POD_NAME}" - kubectl -n "${NAMESPACE}" delete pod "${CONSUMER_POD_NAME}" - - # delete the generated command files - rm "$SCRIPTPATH"/publish_commands.sh - rm "$SCRIPTPATH"/consume_commands.sh - - PERF_POD="perf-test" - DEFAULT_RABBITMQ_USER='user' - PERF_TEST_IMAGE_VERSION='2.18.0' - - # run the perf benchmark test - kubectl run -i "${PERF_POD}" \ - --env RABBITMQ_PERF_TEST_LOGGERS=com.rabbitmq.perf=debug,com.rabbitmq.perf.Producer=debug \ - --image=pivotalrabbitmq/perf-test:"${PERF_TEST_IMAGE_VERSION}" \ - --namespace "${NAMESPACE}" -- \ - --uri amqp://"${DEFAULT_RABBITMQ_USER}":"${RABBITMQ_PASS}"@"${RABBITMQ_SERVER}" \ - --time 10 - - # check for message from perf test - out=$(kubectl logs "${PERF_POD}" -n "${NAMESPACE}" | grep -ic 'consumer latency') - - if (( out < 1 )); then - echo "The perf benchmark didn't run properly" - return 1 - fi - - # delete the perf container - kubectl -n "${NAMESPACE}" delete pod "${PERF_POD}" -} diff --git a/community_images/rabbitmq/bitnami/dc_coverage.sh b/community_images/rabbitmq/bitnami/dc_coverage.sh deleted file mode 100755 index f1e9de1475..0000000000 --- a/community_images/rabbitmq/bitnami/dc_coverage.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -set -x -set -e - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" diff --git a/community_images/rabbitmq/bitnami/docker-compose.yml b/community_images/rabbitmq/bitnami/docker-compose.yml deleted file mode 100644 index 9cfdf749a1..0000000000 --- a/community_images/rabbitmq/bitnami/docker-compose.yml +++ /dev/null @@ -1,15 +0,0 @@ -version: '2' - -services: - rabbitmq: - image: ${RABBITMQ_IMAGE_REPOSITORY}:${RABBITMQ_IMAGE_TAG} - cap_add: - - SYS_PTRACE - environment: - - RABBITMQ_DEFAULT_USER=user - - RABBITMQ_DEFAULT_PASS=bitnami - ports: - # AMQP protocol port - - '5672' - # HTTP management UI - - '15672' diff --git a/community_images/rabbitmq/bitnami/docker_coverage.sh b/community_images/rabbitmq/bitnami/docker_coverage.sh deleted file mode 100755 index 109008160b..0000000000 --- a/community_images/rabbitmq/bitnami/docker_coverage.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -set -x -set -e - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker coverage = $JSON" diff --git a/community_images/rabbitmq/bitnami/image.yml b/community_images/rabbitmq/bitnami/image.yml deleted file mode 100644 index 56b832dde9..0000000000 --- a/community_images/rabbitmq/bitnami/image.yml +++ /dev/null @@ -1,51 +0,0 @@ -name: rabbitmq -official_name: RabbitMQ -official_website: https://www.rabbitmq.com/ -source_image_provider: Bitnami -source_image_repo: docker.io/bitnami/rabbitmq -source_image_repo_link: https://hub.docker.com/r/bitnami/rabbitmq -source_image_readme: https://github.com/bitnami/containers/blob/main/bitnami/rabbitmq/README.md -rf_docker_link: rapidfort/rabbitmq -image_workflow_name: rabbitmq_bitnami -github_location: rabbitmq/bitnami -report_url: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Frabbitmq -usage_instructions: | - $ helm repo add bitnami https://charts.bitnami.com/bitnami - - # install rabbitmq, just replace repository with RapidFort registry - $ helm install my-rabbitmq bitnami/rabbitmq --set image.repository=rapidfort/rabbitmq -what_is_text: | - RabbitMQ is an open source general-purpose message broker that is designed for consistent, highly-available messaging scenarios (both synchronous and asynchronous). -disclaimer: | - Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. -input_registry: - registry: docker.io - account: bitnami -repo_sets: - - rabbitmq: - input_base_tag: "3.12.6-debian-11-r" - - rabbitmq: - input_base_tag: "3.11.23-debian-11-r" - - rabbitmq: - input_base_tag: "3.10.25-debian-11-r" -runtimes: - - type: k8s - script: k8s_coverage.sh - helm: - repo: bitnami - repo_url: https://charts.bitnami.com/bitnami - chart: rabbitmq - image_keys: - rabbitmq: - repository: "image.repository" - tag: "image.tag" - override_file: "overrides.yml" - - type: docker_compose - script: dc_coverage.sh - compose_file: docker-compose.yml - image_keys: - rabbitmq: - repository: "RABBITMQ_IMAGE_REPOSITORY" - tag: "RABBITMQ_IMAGE_TAG" - - type: docker - script: docker_coverage.sh diff --git a/community_images/rabbitmq/bitnami/k8s_coverage.sh b/community_images/rabbitmq/bitnami/k8s_coverage.sh deleted file mode 100755 index ebe5af4a61..0000000000 --- a/community_images/rabbitmq/bitnami/k8s_coverage.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/bash - -set -x -set -e - -# shellcheck disable=SC1091 -SCRIPTPATH="$( - cd -- "$(dirname "$0")" >/dev/null 2>&1 - pwd -P -)" - -# shellcheck disable=SC1091 -. "${SCRIPTPATH}"/coverage.sh - -JSON_PARAMS="$1" - -NAMESPACE=$(jq -r '.namespace_name' <"$JSON_PARAMS") -RELEASE_NAME=$(jq -r '.release_name' <"$JSON_PARAMS") - -RABBITMQ_SERVER="${RELEASE_NAME}"."${NAMESPACE}".svc.cluster.local - -RABBITMQ_PASS=$(kubectl get secret --namespace "${NAMESPACE}" "${RELEASE_NAME}" -o jsonpath="{.data.rabbitmq-password}" | base64 -d) -# run coverage script -test_rabbitmq "${NAMESPACE}" "${RABBITMQ_SERVER}" "${RABBITMQ_PASS}" diff --git a/community_images/rabbitmq/bitnami/overrides.yml b/community_images/rabbitmq/bitnami/overrides.yml deleted file mode 100644 index 6584d81765..0000000000 --- a/community_images/rabbitmq/bitnami/overrides.yml +++ /dev/null @@ -1,20 +0,0 @@ -image: - pullSecrets: ["rf-regcred"] - pullPolicy: Always -containerSecurityContext: - enabled: true - runAsUser: 1001 - allowPrivilegeEscalation: true - capabilities: - add: ["SYS_PTRACE"] -resourceType: deployment -replicaCount: 1 -extraEnvVars: - - name: "RF_VERBOSE" - value: "0" -livenessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 -readinessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 diff --git a/community_images/rabbitmq/bitnami/publish.py b/community_images/rabbitmq/bitnami/publish.py deleted file mode 100644 index ef50928dd6..0000000000 --- a/community_images/rabbitmq/bitnami/publish.py +++ /dev/null @@ -1,39 +0,0 @@ -"""The rabbitmq publisher.""" -#!/usr/bin/env python3 -import getopt -import sys - -import pika # pylint: disable=import-error - -DEFAULT_RABBITMQ_USER = 'user' -DEFAULT_RABBITMQ_PASSWORD = 'bitnami' -DEFAULT_TOPIC_NAME = 'test' - -server = 'localhost' # pylint: disable=invalid-name -password = DEFAULT_RABBITMQ_PASSWORD # pylint: disable=invalid-name -user = DEFAULT_RABBITMQ_USER # pylint: disable=invalid-name -try: - opts, args = getopt.getopt(sys.argv[1:], "s:p:u:", [ - "rabbitmq-server=", "password=", "user="]) -except getopt.GetoptError: - print('python3 publish.py --rabbitmq-server --password --user ') - sys.exit(2) -for opt, arg in opts: - if opt in ("--rabbitmq-server", "--s"): - server = arg - elif opt in ("--password", "--p"): - password = arg - elif opt in ("--user", "--u"): - user = arg - -params = pika.URLParameters(f'amqp://{user}:{password}@{server}') -connection = pika.BlockingConnection(params) -channel = connection.channel() - -channel.queue_declare(queue=DEFAULT_TOPIC_NAME) - -message = 'This is a test message!' # pylint: disable=invalid-name -channel.basic_publish( - exchange='', routing_key=DEFAULT_TOPIC_NAME, body=message) -print(f" [x] Sent '{message}'") -connection.close() diff --git a/community_images/redis-cluster/bitnami/.rfignore b/community_images/redis-cluster/bitnami/.rfignore deleted file mode 100644 index cc3759b36a..0000000000 --- a/community_images/redis-cluster/bitnami/.rfignore +++ /dev/null @@ -1,4 +0,0 @@ -opt/bitnami/common/licenses -opt/bitnami/licenses -opt/bitnami/redis/licenses -usr/share/common-licenses diff --git a/community_images/redis-cluster/bitnami/README.md b/community_images/redis-cluster/bitnami/README.md deleted file mode 100644 index c6e7bb46a4..0000000000 --- a/community_images/redis-cluster/bitnami/README.md +++ /dev/null @@ -1,143 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for Redis™ Cluster - -RapidFort’s container optimization process hardened this Redis™ Cluster container. This container is free to use and has no license limitations. - -It is the same as the [Bitnami Redis™ Cluster][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is Redis™ Cluster? - -> Redis™ is an open-source, networked, in-memory, key-value data store with optional durability. It is written in ANSI C. The development of Redis is sponsored by Redis Labs today; before that, it was sponsored by Pivotal and VMware. According to the monthly ranking by DB-Engines.com, Redis is the most popular key-value store. The name Redis means REmote DIctionary Server. - - -[Overview of Redis™ Cluster](http://redis.io) - -Disclaimer: Redis is a registered trademark of Redis Labs Ltd. Any rights therein are reserved to Redis Labs Ltd. Any use by RapidFort is for referential purposes only and does not indicate any sponsorship, endorsement, or affiliation between Redis Labs Ltd. - - -## How do I use this hardened Redis™ Cluster image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -$ helm repo add bitnami https://charts.bitnami.com/bitnami - -# install redis-cluster, just replace repository with RapidFort registry -$ helm install my-redis-cluster bitnami/redis-cluster --set image.repository=rapidfort/redis-cluster - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [Bitnami Redis™ Cluster][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [Bitnami Redis™ Cluster][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/redis-cluster][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links -* [`7.2`, `7.2-debian-11`, `7.2.3`, `7.2.3-debian-11-r` (7.2/debian-11/Dockerfile)](https://github.com/bitnami/containers/tree/main/bitnami/redis-cluster/7.2/debian-11/Dockerfile) -* [`7.0`, `7.0-debian-11`, `7.0.14`, `7.0.14-debian-11-r` (7.0/debian-11/Dockerfile)](https://github.com/bitnami/containers/tree/main/bitnami/redis-cluster/7.0/debian-11/Dockerfile) - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=redis-cluster&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fredis-cluster?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=redis-cluster&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fredis-cluster?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=redis-cluster&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fredis-cluster?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=redis-cluster&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fredis-cluster?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=redis-cluster&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fredis-cluster?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=redis-cluster&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/redis-cluster?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/redis-cluster?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/redis-cluster/bitnami/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/redis-cluster/bitnami/assets/cve_reduction.webp - -[source-image-repo-link]: https://hub.docker.com/r/bitnami/redis-cluster -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/redis-cluster diff --git a/community_images/redis-cluster/bitnami/assets/cve_reduction.webp b/community_images/redis-cluster/bitnami/assets/cve_reduction.webp deleted file mode 100644 index b78acd2929..0000000000 Binary files a/community_images/redis-cluster/bitnami/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/redis-cluster/bitnami/assets/metrics.webp b/community_images/redis-cluster/bitnami/assets/metrics.webp deleted file mode 100644 index 18c59c9ce3..0000000000 Binary files a/community_images/redis-cluster/bitnami/assets/metrics.webp and /dev/null differ diff --git a/community_images/redis-cluster/bitnami/dc_coverage.sh b/community_images/redis-cluster/bitnami/dc_coverage.sh deleted file mode 100755 index f3a04312b8..0000000000 --- a/community_images/redis-cluster/bitnami/dc_coverage.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/bash - -set -x -set -e - -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -# shellcheck disable=SC1091 -. "${SCRIPTPATH}"/../../common/scripts/bash_helper.sh - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" - -PROJECT_NAME=$(jq -r '.project_name' < "$JSON_PARAMS") - -CONTAINER_NAME="${PROJECT_NAME}"-redis-node-0-1 -REDIS_PASSWORD=bitnami - -# run all redis commands in test.redis -docker exec -i "$CONTAINER_NAME" \ - bash -c "/tmp/redis_cluster_runner.sh ${REDIS_PASSWORD} localhost 6379 /tmp/test.redis" - -# run redis coverage -docker exec -i "$CONTAINER_NAME" \ - bash -c "/tmp/redis_coverage.sh" - -# run redis benchmark -docker exec -i "$CONTAINER_NAME" bash -c "redis-benchmark -h localhost -p 6379 -c 2 -n 100 -a ${REDIS_PASSWORD} --cluster" diff --git a/community_images/redis-cluster/bitnami/docker-compose.yml b/community_images/redis-cluster/bitnami/docker-compose.yml deleted file mode 100644 index 3301be846d..0000000000 --- a/community_images/redis-cluster/bitnami/docker-compose.yml +++ /dev/null @@ -1,88 +0,0 @@ -version: '2' -services: - redis-node-0: - image: ${REDIS_CLUSTER_IMAGE_REPOSITORY}:${REDIS_CLUSTER_IMAGE_TAG} - volumes: - - redis-cluster_data-0:/bitnami/redis/data - - ../../common/tests/test.redis:/tmp/test.redis - - ../../common/tests/redis_coverage.sh:/tmp/redis_coverage.sh - - ./redis_cluster_runner.sh:/tmp/redis_cluster_runner.sh - - environment: - - 'REDIS_PASSWORD=bitnami' - - 'REDIS_NODES=redis-node-0 redis-node-1 redis-node-2 redis-node-3 redis-node-4 redis-node-5' - cap_add: - - SYS_PTRACE - - redis-node-1: - image: ${REDIS_CLUSTER_IMAGE_REPOSITORY}:${REDIS_CLUSTER_IMAGE_TAG} - volumes: - - redis-cluster_data-1:/bitnami/redis/data - environment: - - 'REDIS_PASSWORD=bitnami' - - 'REDIS_NODES=redis-node-0 redis-node-1 redis-node-2 redis-node-3 redis-node-4 redis-node-5' - cap_add: - - SYS_PTRACE - - redis-node-2: - image: ${REDIS_CLUSTER_IMAGE_REPOSITORY}:${REDIS_CLUSTER_IMAGE_TAG} - volumes: - - redis-cluster_data-2:/bitnami/redis/data - environment: - - 'REDIS_PASSWORD=bitnami' - - 'REDIS_NODES=redis-node-0 redis-node-1 redis-node-2 redis-node-3 redis-node-4 redis-node-5' - cap_add: - - SYS_PTRACE - - redis-node-3: - image: ${REDIS_CLUSTER_IMAGE_REPOSITORY}:${REDIS_CLUSTER_IMAGE_TAG} - volumes: - - redis-cluster_data-3:/bitnami/redis/data - environment: - - 'REDIS_PASSWORD=bitnami' - - 'REDIS_NODES=redis-node-0 redis-node-1 redis-node-2 redis-node-3 redis-node-4 redis-node-5' - cap_add: - - SYS_PTRACE - - redis-node-4: - image: ${REDIS_CLUSTER_IMAGE_REPOSITORY}:${REDIS_CLUSTER_IMAGE_TAG} - volumes: - - redis-cluster_data-4:/bitnami/redis/data - environment: - - 'REDIS_PASSWORD=bitnami' - - 'REDIS_NODES=redis-node-0 redis-node-1 redis-node-2 redis-node-3 redis-node-4 redis-node-5' - cap_add: - - SYS_PTRACE - - redis-node-5: - image: ${REDIS_CLUSTER_IMAGE_REPOSITORY}:${REDIS_CLUSTER_IMAGE_TAG} - volumes: - - redis-cluster_data-5:/bitnami/redis/data - depends_on: - - redis-node-0 - - redis-node-1 - - redis-node-2 - - redis-node-3 - - redis-node-4 - environment: - - 'REDIS_PASSWORD=bitnami' - - 'REDISCLI_AUTH=bitnami' - - 'REDIS_CLUSTER_REPLICAS=1' - - 'REDIS_NODES=redis-node-0 redis-node-1 redis-node-2 redis-node-3 redis-node-4 redis-node-5' - - 'REDIS_CLUSTER_CREATOR=yes' - cap_add: - - SYS_PTRACE - -volumes: - redis-cluster_data-0: - driver: local - redis-cluster_data-1: - driver: local - redis-cluster_data-2: - driver: local - redis-cluster_data-3: - driver: local - redis-cluster_data-4: - driver: local - redis-cluster_data-5: - driver: local \ No newline at end of file diff --git a/community_images/redis-cluster/bitnami/image.yml b/community_images/redis-cluster/bitnami/image.yml deleted file mode 100644 index 2ba9774245..0000000000 --- a/community_images/redis-cluster/bitnami/image.yml +++ /dev/null @@ -1,65 +0,0 @@ -name: redis-cluster -official_name: Redis™ Cluster -official_website: http://redis.io -source_image_provider: Bitnami -source_image_repo: docker.io/bitnami/redis-cluster -source_image_repo_link: https://hub.docker.com/r/bitnami/redis-cluster -source_image_readme: https://github.com/bitnami/containers/blob/main/bitnami/redis-cluster/README.md -rf_docker_link: rapidfort/redis-cluster -image_workflow_name: redis-cluster_bitnami -github_location: redis-cluster/bitnami -report_url: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fredis-cluster -usage_instructions: | - $ helm repo add bitnami https://charts.bitnami.com/bitnami - - # install redis-cluster, just replace repository with RapidFort registry - $ helm install my-redis-cluster bitnami/redis-cluster --set image.repository=rapidfort/redis-cluster -what_is_text: | - Redis™ is an open-source, networked, in-memory, key-value data store with optional durability. It is written in ANSI C. The development of Redis is sponsored by Redis Labs today; before that, it was sponsored by Pivotal and VMware. According to the monthly ranking by DB-Engines.com, Redis is the most popular key-value store. The name Redis means REmote DIctionary Server. -disclaimer: | - Disclaimer: Redis is a registered trademark of Redis Labs Ltd. Any rights therein are reserved to Redis Labs Ltd. Any use by RapidFort is for referential purposes only and does not indicate any sponsorship, endorsement, or affiliation between Redis Labs Ltd. -bitnami_excluded_branches: - - "6.2" -input_registry: - registry: docker.io - account: bitnami -repo_sets: - - redis-cluster: - input_base_tag: "7.2.1-debian-11-r" - - redis-cluster: - input_base_tag: "7.0.13-debian-11-r" -runtimes: - - type: k8s - helm: - repo: bitnami - repo_url: https://charts.bitnami.com/bitnami - chart: redis-cluster - image_keys: - redis-cluster: {} - override_file: "overrides.yml" - - type: k8s - script: k8s_tls_coverage.sh - helm: - repo: bitnami - repo_url: https://charts.bitnami.com/bitnami - chart: redis-cluster - tls_certs: - generate: true - secret_name: rf-redis-cluster-tls - common_name: rf-redis-cluster - helm_additional_params: - tls.enabled: true - tls.existingSecret: rf-redis-cluster-tls - tls.certCAFilename: ca.crt - tls.certFilename: tls.crt - tls.certKeyFilename: tls.key - image_keys: - redis-cluster: {} - override_file: "overrides.yml" - - type: docker_compose - script: dc_coverage.sh - compose_file: docker-compose.yml - image_keys: - redis-cluster: - repository: "REDIS_CLUSTER_IMAGE_REPOSITORY" - tag: "REDIS_CLUSTER_IMAGE_TAG" diff --git a/community_images/redis-cluster/bitnami/k8s_tls_coverage.sh b/community_images/redis-cluster/bitnami/k8s_tls_coverage.sh deleted file mode 100755 index 57f5d9b0ac..0000000000 --- a/community_images/redis-cluster/bitnami/k8s_tls_coverage.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash - -set -x -set -e - -JSON_PARAMS="$1" - -NAMESPACE=$(jq -r '.namespace_name' < "$JSON_PARAMS") -RELEASE_NAME=$(jq -r '.release_name' < "$JSON_PARAMS") - -# get Redis passwordk -REDIS_PASSWORD=$(kubectl get secret --namespace "${NAMESPACE}" "${RELEASE_NAME}" -o jsonpath="{.data.redis-password}" | base64 --decode) - -# run redis_cluster_runner on cluster -kubectl -n "${NAMESPACE}" exec \ - -i "${RELEASE_NAME}"-0 \ - -- /bin/bash -c \ - "REDISCLI_AUTH=${REDIS_PASSWORD} redis-cli -h ${RELEASE_NAME} -p 6379 --tls --cert /opt/bitnami/redis/certs/tls.crt --key /opt/bitnami/redis/certs/tls.key --cacert /opt/bitnami/redis/certs/ca.crt -c ping" diff --git a/community_images/redis-cluster/bitnami/overrides.yml b/community_images/redis-cluster/bitnami/overrides.yml deleted file mode 100644 index c8bd440b7d..0000000000 --- a/community_images/redis-cluster/bitnami/overrides.yml +++ /dev/null @@ -1,18 +0,0 @@ -image: - pullSecrets: ["rf-regcred"] - pullPolicy: Always -containerSecurityContext: - enabled: true - allowPrivilegeEscalation: true - capabilities: - add: ["SYS_PTRACE"] -redis: - extraEnvVars: - - name: "RF_VERBOSE" - value: "0" - livenessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 - readinessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 diff --git a/community_images/redis-cluster/bitnami/redis_cluster_runner.sh b/community_images/redis-cluster/bitnami/redis_cluster_runner.sh deleted file mode 100755 index 98139c273e..0000000000 --- a/community_images/redis-cluster/bitnami/redis_cluster_runner.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash - -set -x -set -e - -REDIS_PASSWORD=$1 -shift -REDIS_HOST=$1 -shift -REDIS_PORT=$1 -shift -REDIS_TEST_FILE=$1 -shift -TLS_PREFILX=( "$@" ) - -input="${REDIS_TEST_FILE}" -while IFS= read -r line -do - # shellcheck disable=SC2086 - REDISCLI_AUTH="${REDIS_PASSWORD}" redis-cli -h "${REDIS_HOST}" -p "${REDIS_PORT}" "${TLS_PREFILX[@]}" -c $line -done < "$input" diff --git a/community_images/redis-cluster/bitnami/tls_certs.yml b/community_images/redis-cluster/bitnami/tls_certs.yml deleted file mode 100644 index e35da66fd8..0000000000 --- a/community_images/redis-cluster/bitnami/tls_certs.yml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: rf-redis-cluster-cert -spec: - commonName: rf-redis-cluster - duration: 2160h - isCA: false - issuerRef: - group: cert-manager.io - kind: Issuer - name: ci-ca-issuer - privateKey: - algorithm: RSA - encoding: PKCS1 - size: 2048 - renewBefore: 360h - secretName: rf-redis-cluster-tls - subject: - organizations: - - rapidfort - usages: - - server auth - - client auth diff --git a/community_images/redis/bitnami/.rfignore b/community_images/redis/bitnami/.rfignore deleted file mode 100644 index 9484480c02..0000000000 --- a/community_images/redis/bitnami/.rfignore +++ /dev/null @@ -1,6 +0,0 @@ -usr/local/bin/redis-check-aof -usr/local/bin/redis-check-rdb -usr/share/common-licenses -opt/bitnami/redis/licenses -opt/bitnami/licenses -opt/bitnami/common/licenses diff --git a/community_images/redis/bitnami/README.md b/community_images/redis/bitnami/README.md deleted file mode 100644 index 15db35537e..0000000000 --- a/community_images/redis/bitnami/README.md +++ /dev/null @@ -1,144 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for Redis™ - -RapidFort’s container optimization process hardened this Redis™ container. This container is free to use and has no license limitations. - -It is the same as the [Bitnami Redis™][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is Redis™? - -> Redis™ is an open-source, networked, in-memory, key-value data store with optional durability. It is written in ANSI C. The development of Redis is sponsored by Redis Labs today; before that, it was sponsored by Pivotal and VMware. According to the monthly ranking by DB-Engines.com, Redis is the most popular key-value store. The name Redis means REmote DIctionary Server. - - -[Overview of Redis™](http://redis.io) - -Disclaimer: Redis is a registered trademark of Redis Labs Ltd. Any rights therein are reserved to Redis Labs Ltd. Any use by RapidFort is for referential purposes only and does not indicate any sponsorship, endorsement, or affiliation between Redis Labs Ltd. - - -## How do I use this hardened Redis™ image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -$ helm repo add bitnami https://charts.bitnami.com/bitnami - -# install redis, just replace repository with RapidFort registry -$ helm install my-redis bitnami/redis --set image.repository=rapidfort/redis - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [Bitnami Redis™][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [Bitnami Redis™][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/redis][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links -* [`7.2`, `7.2-debian-11`, `7.2.3`, `7.2.3-debian-11-r` (7.2/debian-11/Dockerfile)](https://github.com/bitnami/containers/tree/main/bitnami/redis/7.2/debian-11/Dockerfile) -* [`7.0`, `7.0-debian-11`, `7.0.14`, `7.0.14-debian-11-r` (7.0/debian-11/Dockerfile)](https://github.com/bitnami/containers/tree/main/bitnami/redis/7.0/debian-11/Dockerfile) -* [`6.2`, `6.2-debian-11`, `6.2.14`, `6.2.14-debian-11-r` (6.2/debian-11/Dockerfile)](https://github.com/bitnami/containers/tree/main/bitnami/redis/6.2/debian-11/Dockerfile) - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=redis&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fredis?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=redis&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fredis?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=redis&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fredis?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=redis&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fredis?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=redis&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fredis?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=redis&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/redis?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/redis?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/redis/bitnami/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/redis/bitnami/assets/cve_reduction.webp - -[source-image-repo-link]: https://hub.docker.com/r/bitnami/redis -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/redis diff --git a/community_images/redis/bitnami/assets/cve_reduction.webp b/community_images/redis/bitnami/assets/cve_reduction.webp deleted file mode 100644 index b78acd2929..0000000000 Binary files a/community_images/redis/bitnami/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/redis/bitnami/assets/metrics.webp b/community_images/redis/bitnami/assets/metrics.webp deleted file mode 100644 index 29b52e9ed1..0000000000 Binary files a/community_images/redis/bitnami/assets/metrics.webp and /dev/null differ diff --git a/community_images/redis/bitnami/docker-compose.yml b/community_images/redis/bitnami/docker-compose.yml deleted file mode 100644 index 84783dc25f..0000000000 --- a/community_images/redis/bitnami/docker-compose.yml +++ /dev/null @@ -1,35 +0,0 @@ -version: '2' - -services: - redis-primary: - image: ${REDIS_IMAGE_REPOSITORY}:${REDIS_IMAGE_TAG} - ports: - - '6379' - environment: - - REDIS_REPLICATION_MODE=master - - REDIS_PASSWORD=my_password - - REDIS_DISABLE_COMMANDS=FLUSHDB,FLUSHALL - volumes: - - 'redis_data:/bitnami/redis/data' - cap_add: - - SYS_PTRACE - - redis-secondary: - image: ${REDIS_IMAGE_REPOSITORY}:${REDIS_IMAGE_TAG} - ports: - - '6379' - depends_on: - - redis-primary - environment: - - REDIS_REPLICATION_MODE=slave - - REDIS_MASTER_HOST=redis-primary - - REDIS_MASTER_PORT_NUMBER=6379 - - REDIS_MASTER_PASSWORD=my_password - - REDIS_PASSWORD=my_password - - REDIS_DISABLE_COMMANDS=FLUSHDB,FLUSHALL - cap_add: - - SYS_PTRACE - -volumes: - redis_data: - driver: local \ No newline at end of file diff --git a/community_images/redis/bitnami/image.yml b/community_images/redis/bitnami/image.yml deleted file mode 100644 index d47800d7a2..0000000000 --- a/community_images/redis/bitnami/image.yml +++ /dev/null @@ -1,76 +0,0 @@ -name: redis -official_name: Redis™ -official_website: http://redis.io -source_image_provider: Bitnami -source_image_repo: docker.io/bitnami/redis -source_image_repo_link: https://hub.docker.com/r/bitnami/redis -source_image_readme: https://github.com/bitnami/containers/blob/main/bitnami/redis/README.md -rf_docker_link: rapidfort/redis -image_workflow_name: redis_bitnami -github_location: redis/bitnami -report_url: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fredis -usage_instructions: | - $ helm repo add bitnami https://charts.bitnami.com/bitnami - - # install redis, just replace repository with RapidFort registry - $ helm install my-redis bitnami/redis --set image.repository=rapidfort/redis -what_is_text: | - Redis™ is an open-source, networked, in-memory, key-value data store with optional durability. It is written in ANSI C. The development of Redis is sponsored by Redis Labs today; before that, it was sponsored by Pivotal and VMware. According to the monthly ranking by DB-Engines.com, Redis is the most popular key-value store. The name Redis means REmote DIctionary Server. -disclaimer: | - Disclaimer: Redis is a registered trademark of Redis Labs Ltd. Any rights therein are reserved to Redis Labs Ltd. Any use by RapidFort is for referential purposes only and does not indicate any sponsorship, endorsement, or affiliation between Redis Labs Ltd. -input_registry: - registry: docker.io - account: bitnami -repo_sets: - - redis: - input_base_tag: "7.2.1-debian-11-r" - - redis: - input_base_tag: "7.0.13-debian-11-r" - - redis: - input_base_tag: "6.2.13-debian-11-r" -runtimes: - - type: k8s - script: k8s_coverage.sh - helm: - repo: bitnami - repo_url: https://charts.bitnami.com/bitnami - chart: redis - readiness_wait_pod_name_suffix: - - "master-0" - image_keys: - redis: {} - override_file: "overrides.yml" - - type: k8s - script: k8s_tls_coverage.sh - helm: - repo: bitnami - repo_url: https://charts.bitnami.com/bitnami - chart: redis - readiness_wait_pod_name_suffix: - - "master-0" - tls_certs: - generate: true - secret_name: localhost-server-tls - common_name: localhost - helm_additional_params: - tls.enabled: true - tls.existingSecret: localhost-server-tls - tls.certCAFilename: ca.crt - tls.certFilename: tls.crt - tls.certKeyFilename: tls.key - image_keys: - redis: {} - override_file: "overrides.yml" - - type: docker_compose - compose_file: docker-compose.yml - tls_certs: - generate: true - out_dir: certs - image_keys: - redis: - repository: "REDIS_IMAGE_REPOSITORY" - tag: "REDIS_IMAGE_TAG" - - type: docker - redis: - environment: - REDIS_PASSWORD: my_password \ No newline at end of file diff --git a/community_images/redis/bitnami/k8s_coverage.sh b/community_images/redis/bitnami/k8s_coverage.sh deleted file mode 100755 index e8c1d46d38..0000000000 --- a/community_images/redis/bitnami/k8s_coverage.sh +++ /dev/null @@ -1,45 +0,0 @@ -#!/bin/bash - -set -x -set -e - -JSON_PARAMS="$1" - -SCRIPTPATH=$(jq -r '.image_script_dir' < "$JSON_PARAMS") -NAMESPACE=$(jq -r '.namespace_name' < "$JSON_PARAMS") -RELEASE_NAME=$(jq -r '.release_name' < "$JSON_PARAMS") - -# get Redis password -REDIS_PASSWORD=$(kubectl get secret --namespace "${NAMESPACE}" "${RELEASE_NAME}" -o jsonpath="{.data.redis-password}" | base64 --decode) - -# copy test.redis into container -kubectl -n "${NAMESPACE}" cp \ - "${SCRIPTPATH}"/../../common/tests/test.redis "${RELEASE_NAME}"-master-0:/tmp/test.redis - -# run script -kubectl -n "${NAMESPACE}" \ - exec -i "${RELEASE_NAME}"-master-0 \ - -- /bin/bash -c "cat /tmp/test.redis | REDISCLI_AUTH=\"${REDIS_PASSWORD}\" redis-cli -h localhost --pipe" - -# copy redis_coverage.sh into container -kubectl -n "${NAMESPACE}" cp \ - "${SCRIPTPATH}"/../../common/tests/redis_coverage.sh \ - "${RELEASE_NAME}"-master-0:/tmp/redis_coverage.sh - -# run redis_coverage command on cluster -kubectl -n "${NAMESPACE}" exec \ - -i "${RELEASE_NAME}"-master-0 -- /bin/bash -c \ - "/tmp/redis_coverage.sh" - - -kubectl run "${RELEASE_NAME}"-client --restart='Never' --namespace "${NAMESPACE}" \ - --image bitnami/redis --command -- sleep infinity -kubectl wait pod "${RELEASE_NAME}"-client --for=condition=ready --timeout=10m -n "${NAMESPACE}" -kubectl exec -it "${RELEASE_NAME}"-client -n "${NAMESPACE}" -- \ - redis-benchmark -h "${RELEASE_NAME}"-master -p 6379 -a "${REDIS_PASSWORD}" -n 1000 -c 10 - -# # run redis benchmark -# kubectl run "${RELEASE_NAME}"-client --rm -i \ -# --restart='Never' --namespace "${NAMESPACE}" \ -# --image rapidfort/redis --command \ -# -- redis-benchmark -h "${RELEASE_NAME}"-master -p 6379 -a "${REDIS_PASSWORD}" -n 1000 -c 10 \ No newline at end of file diff --git a/community_images/redis/bitnami/k8s_tls_coverage.sh b/community_images/redis/bitnami/k8s_tls_coverage.sh deleted file mode 100755 index c2e4f86783..0000000000 --- a/community_images/redis/bitnami/k8s_tls_coverage.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/bash - -set -x -set -e - -JSON_PARAMS="$1" - -SCRIPTPATH=$(jq -r '.image_script_dir' < "$JSON_PARAMS") -NAMESPACE=$(jq -r '.namespace_name' < "$JSON_PARAMS") -RELEASE_NAME=$(jq -r '.release_name' < "$JSON_PARAMS") - -# get Redis passwordk -REDIS_PASSWORD=$(kubectl get secret --namespace "${NAMESPACE}" "${RELEASE_NAME}" -o jsonpath="{.data.redis-password}" | base64 --decode) - -# copy test.redis into container -kubectl -n "${NAMESPACE}" cp \ - "${SCRIPTPATH}"/../../common/tests/test.redis "${RELEASE_NAME}"-master-0:/tmp/test.redis - -# run tls script -kubectl -n "${NAMESPACE}" \ - exec -i "${RELEASE_NAME}"-master-0 \ - -- /bin/bash -c "cat /tmp/test.redis | REDISCLI_AUTH=\"${REDIS_PASSWORD}\" redis-cli -h localhost --tls --cert /opt/bitnami/redis/certs/tls.crt --key /opt/bitnami/redis/certs/tls.key --cacert /opt/bitnami/redis/certs/ca.crt --pipe" diff --git a/community_images/redis/bitnami/overrides.yml b/community_images/redis/bitnami/overrides.yml deleted file mode 100644 index c27764377f..0000000000 --- a/community_images/redis/bitnami/overrides.yml +++ /dev/null @@ -1,33 +0,0 @@ -image: - pullSecrets: ["rf-regcred"] - pullPolicy: Always -master: - containerSecurityContext: - enabled: true - allowPrivilegeEscalation: true - capabilities: - add: ["SYS_PTRACE"] - extraEnvVars: - - name: "RF_VERBOSE" - value: "0" - livenessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 - readinessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 -replica: - containerSecurityContext: - enabled: true - allowPrivilegeEscalation: true - capabilities: - add: ["SYS_PTRACE"] - extraEnvVars: - - name: "RF_VERBOSE" - value: "0" - livenessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 - readinessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 \ No newline at end of file diff --git a/community_images/redis/bitnami/tls_certs.yml b/community_images/redis/bitnami/tls_certs.yml deleted file mode 100644 index 3c07fca644..0000000000 --- a/community_images/redis/bitnami/tls_certs.yml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: localhost-cert -spec: - commonName: localhost - duration: 2160h - isCA: false - issuerRef: - group: cert-manager.io - kind: Issuer - name: ci-ca-issuer - privateKey: - algorithm: RSA - encoding: PKCS1 - size: 2048 - renewBefore: 360h - secretName: localhost-server-tls - subject: - organizations: - - rapidfort - usages: - - server auth - - client auth diff --git a/community_images/redis/ironbank/.rfignore b/community_images/redis/ironbank/.rfignore deleted file mode 100644 index dbff0827b0..0000000000 --- a/community_images/redis/ironbank/.rfignore +++ /dev/null @@ -1,4 +0,0 @@ -usr/local/bin/redis-check-aof -usr/local/bin/redis-check-rdb -usr/share/licenses -LICENSE.txt diff --git a/community_images/redis/ironbank/README.md b/community_images/redis/ironbank/README.md deleted file mode 100644 index a7318d7047..0000000000 --- a/community_images/redis/ironbank/README.md +++ /dev/null @@ -1,139 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for Redis™ IronBank - -RapidFort’s container optimization process hardened this Redis™ IronBank container. This container is free to use and has no license limitations. - -It is the same as the [Platform One Redis™ IronBank][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is Redis™ IronBank? - -> Redis™ is an open-source, networked, in-memory, key-value data store with optional durability. It is written in ANSI C. The development of Redis is sponsored by Redis Labs today; before that, it was sponsored by Pivotal and VMware. According to the monthly ranking by DB-Engines.com, Redis is the most popular key-value store. The name Redis means REmote DIctionary Server. - - -[Overview of Redis™ IronBank](http://redis.io) - -Disclaimer: Redis is a registered trademark of Redis Labs Ltd. Any rights therein are reserved to Redis Labs Ltd. Any use by RapidFort is for referential purposes only and does not indicate any sponsorship, endorsement, or affiliation between Redis Labs Ltd. - - -## How do I use this hardened Redis™ IronBank image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -$ docker run -it --rm -p6379:6379 rapidfort/redis6-ib:latest - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [Platform One Redis™ IronBank][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [Platform One Redis™ IronBank][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/redis6-ib][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links -* [`latest` (Dockerfile)](https://repo1.dso.mil/dsop/opensource/redis/redis6/-/blob/development/Dockerfile) - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=redis-ib&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fredis%2Fredis6?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=redis-ib&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fredis%2Fredis6?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=redis-ib&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fredis%2Fredis6?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=redis-ib&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fredis%2Fredis6?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=redis-ib&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fredis%2Fredis6?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=redis-ib&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/redis6-ib?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/redis6-ib?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/redis/ironbank/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/redis/ironbank/assets/cve_reduction.webp - -[source-image-repo-link]: https://registry1.dso.mil/harbor/projects/3/repositories/opensource%2Fredis%2Fredis6 -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/redis6-ib diff --git a/community_images/redis/ironbank/assets/cve_reduction.webp b/community_images/redis/ironbank/assets/cve_reduction.webp deleted file mode 100644 index 15a12b0540..0000000000 Binary files a/community_images/redis/ironbank/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/redis/ironbank/assets/metrics.webp b/community_images/redis/ironbank/assets/metrics.webp deleted file mode 100644 index 010ebec246..0000000000 Binary files a/community_images/redis/ironbank/assets/metrics.webp and /dev/null differ diff --git a/community_images/redis/ironbank/dc_coverage.sh b/community_images/redis/ironbank/dc_coverage.sh deleted file mode 100755 index b4ee42d08a..0000000000 --- a/community_images/redis/ironbank/dc_coverage.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash - -set -x -set -e - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" -NAMESPACE=$(jq -r '.namespace_name' < "$JSON_PARAMS") - -CONTAINER_NAME="${NAMESPACE}"-redis-primary-1 - -# run redis tests -docker exec -i "${CONTAINER_NAME}" bash -c "cat /tmp/test.redis | redis-cli" - -# run redis coverage -docker exec -i "${CONTAINER_NAME}" bash -c "/tmp/redis_coverage.sh" diff --git a/community_images/redis/ironbank/docker-compose.yml b/community_images/redis/ironbank/docker-compose.yml deleted file mode 100644 index aa72499bd6..0000000000 --- a/community_images/redis/ironbank/docker-compose.yml +++ /dev/null @@ -1,37 +0,0 @@ -version: '2' - -services: - redis-primary: - image: ${REDIS_IMAGE_REPOSITORY}:${REDIS_IMAGE_TAG} - ports: - - '6379' - environment: - - REDIS_REPLICATION_MODE=master - - REDIS_PASSWORD=my_password - - REDIS_DISABLE_COMMANDS=FLUSHDB,FLUSHALL - volumes: - - 'redis_data:/bitnami/redis/data' - - ../../common/tests/test.redis:/tmp/test.redis - - ../../common/tests/redis_coverage.sh:/tmp/redis_coverage.sh - cap_add: - - SYS_PTRACE - - redis-secondary: - image: ${REDIS_IMAGE_REPOSITORY}:${REDIS_IMAGE_TAG} - ports: - - '6379' - depends_on: - - redis-primary - environment: - - REDIS_REPLICATION_MODE=slave - - REDIS_MASTER_HOST=redis-primary - - REDIS_MASTER_PORT_NUMBER=6379 - - REDIS_MASTER_PASSWORD=my_password - - REDIS_PASSWORD=my_password - - REDIS_DISABLE_COMMANDS=FLUSHDB,FLUSHALL - cap_add: - - SYS_PTRACE - -volumes: - redis_data: - driver: local diff --git a/community_images/redis/ironbank/docker_coverage.sh b/community_images/redis/ironbank/docker_coverage.sh deleted file mode 100755 index 2280cf13e9..0000000000 --- a/community_images/redis/ironbank/docker_coverage.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/bash - -set -x -set -e - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" - -RAPIDFORT_ACCOUNT="${RAPIDFORT_ACCOUNT:-rapidfort}" -NAMESPACE=$(jq -r '.namespace_name' < "$JSON_PARAMS") - -# get docker host ip -REDIS_HOST=$(jq -r '.container_details."redis6-ib".ip_address' < "$JSON_PARAMS") -REPO_PATH=$(jq -r '.image_tag_details."redis6-ib".repo_path' < "$JSON_PARAMS") -TAG=$(jq -r '.image_tag_details."redis6-ib".tag' < "$JSON_PARAMS") - -# run redis-client tests -docker run --rm -i --cap-add=SYS_PTRACE \ - --network="${NAMESPACE}" \ - "${REPO_PATH}:${TAG}" \ - redis-benchmark -h "${REDIS_HOST}" -p 6379 -n 1000 -c 10 diff --git a/community_images/redis/ironbank/image.yml b/community_images/redis/ironbank/image.yml deleted file mode 100644 index c4072375bb..0000000000 --- a/community_images/redis/ironbank/image.yml +++ /dev/null @@ -1,37 +0,0 @@ -name: redis-ib -official_name: Redis™ IronBank -official_website: http://redis.io -source_image_provider: Platform One -source_image_repo: registry1.dso.mil/ironbank/opensource/redis/redis6 -source_image_repo_link: https://registry1.dso.mil/harbor/projects/3/repositories/opensource%2Fredis%2Fredis6 -source_image_readme: https://repo1.dso.mil/dsop/opensource/redis/redis6/-/blob/development/README.md -rf_docker_link: rapidfort/redis6-ib -image_workflow_name: redis_ironbank -github_location: redis/ironbank -report_url: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fredis%2Fredis6 -usage_instructions: | - $ docker run -it --rm -p6379:6379 rapidfort/redis6-ib:latest -what_is_text: | - Redis™ is an open-source, networked, in-memory, key-value data store with optional durability. It is written in ANSI C. The development of Redis is sponsored by Redis Labs today; before that, it was sponsored by Pivotal and VMware. According to the monthly ranking by DB-Engines.com, Redis is the most popular key-value store. The name Redis means REmote DIctionary Server. -disclaimer: | - Disclaimer: Redis is a registered trademark of Redis Labs Ltd. Any rights therein are reserved to Redis Labs Ltd. Any use by RapidFort is for referential purposes only and does not indicate any sponsorship, endorsement, or affiliation between Redis Labs Ltd. -docker_links: - - "[`latest` (Dockerfile)](https://repo1.dso.mil/dsop/opensource/redis/redis6/-/blob/development/Dockerfile)" -input_registry: - registry: registry1.dso.mil - account: ironbank -repo_sets: - - opensource/redis/redis6: - input_base_tag: "6.2." - output_repo: redis6-ib -runtimes: - - type: docker_compose - script: dc_coverage.sh - compose_file: docker-compose.yml - image_keys: - redis6-ib: - repository: "REDIS_IMAGE_REPOSITORY" - tag: "REDIS_IMAGE_TAG" - - type: docker - script: docker_coverage.sh - redis6-ib: {} \ No newline at end of file diff --git a/community_images/redis/official/.rfignore b/community_images/redis/official/.rfignore deleted file mode 100644 index dbff0827b0..0000000000 --- a/community_images/redis/official/.rfignore +++ /dev/null @@ -1,4 +0,0 @@ -usr/local/bin/redis-check-aof -usr/local/bin/redis-check-rdb -usr/share/licenses -LICENSE.txt diff --git a/community_images/redis/official/README.md b/community_images/redis/official/README.md deleted file mode 100644 index 4646d0989a..0000000000 --- a/community_images/redis/official/README.md +++ /dev/null @@ -1,146 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for Redis™ Official - -RapidFort’s container optimization process hardened this Redis™ Official container. This container is free to use and has no license limitations. - -It is the same as the [The Docker Community Redis™ Official][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is Redis™ Official? - -> Redis™ is an open-source, networked, in-memory, key-value data store with optional durability. It is written in ANSI C. The development of Redis is sponsored by Redis Labs today; before that, it was sponsored by Pivotal and VMware. According to the monthly ranking by DB-Engines.com, Redis is the most popular key-value store. The name Redis means REmote DIctionary Server. - - -[Overview of Redis™ Official](http://redis.io) - -Disclaimer: Redis is a registered trademark of Redis Labs Ltd. Any rights therein are reserved to Redis Labs Ltd. Any use by RapidFort is for referential purposes only and does not indicate any sponsorship, endorsement, or affiliation between Redis Labs Ltd. - - -## How do I use this hardened Redis™ Official image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -$ docker run -it --rm -p 6379:6379 rapidfort/redis-official:latest - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [The Docker Community Redis™ Official][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [The Docker Community Redis™ Official][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/redis-official][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links -* [`7.2.0`, `7.2`, `7`, `latest`, `7.2.0-bookworm`, `7.2-bookworm`, `7-bookworm`, `bookworm`](https://github.com/docker-library/redis/blob/9b538c33746872dcd1e8c809cbde9f21ac2ec3ac/7.2/Dockerfile) -* [`7.2.0-alpine`, `7.2-alpine`, `7-alpine`, `alpine`, `7.2.0-alpine3.18`, `7.2-alpine3.18`, `7-alpine3.18`, `alpine3.18`](https://github.com/docker-library/redis/blob/9b538c33746872dcd1e8c809cbde9f21ac2ec3ac/7.2/alpine/Dockerfile) -* [`7.0.12`, `7.0`, `7.0.12-bookworm`, `7.0-bookworm`](https://github.com/docker-library/redis/blob/5c8459f1bd20b7b7f92325f83898636f3c8db95f/7.0/Dockerfile) -* [`7.0.12-alpine`, 7.0-alpine`, `7.0.12-alpine3.18`, `7.0-alpine3.18`](https://github.com/docker-library/redis/blob/5c8459f1bd20b7b7f92325f83898636f3c8db95f/7.0/alpine/Dockerfile) -* [`6.2.13`, `6.2`, `6`, `6.2.13-bookworm`, `6.2-bookworm`, `6-bookworm`](https://github.com/docker-library/redis/blob/f2da8752a05b783eb805b67ad7a56a997a0fe91f/6.2/Dockerfile) -* [`6.2.13-alpine`, `6.2-alpine`, `6-alpine`, `6.2.13-alpine3.18`, `6.2-alpine3.18`, `6-alpine3.18`](https://github.com/docker-library/redis/blob/f2da8752a05b783eb805b67ad7a56a997a0fe91f/6.2/alpine/Dockerfile) -* [`6.0.20`, `6.0`, `6.0.20-bookworm`, `6.0-bookworm`](https://github.com/docker-library/redis/blob/873a7cac27da5a275d0c1e0c7d41724ae2701071/6.0/Dockerfile) -* [`6.0.20-alpine`, `6.0-alpine`, `6.0.20-alpine3.18`, `6.0-alpine3.18`](https://github.com/docker-library/redis/blob/873a7cac27da5a275d0c1e0c7d41724ae2701071/6.0/alpine/Dockerfile) - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=redis-official&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fredis?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=redis-official&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fredis?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=redis-official&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fredis?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=redis-official&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fredis?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=redis-official&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fredis?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=redis-official&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/redis-official?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/redis-official?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/redis/official/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/redis/official/assets/cve_reduction.webp - -[source-image-repo-link]: https://hub.docker.com/_/redis -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/redis-official diff --git a/community_images/redis/official/assets/cve_reduction.webp b/community_images/redis/official/assets/cve_reduction.webp deleted file mode 100644 index 369cbb0b8b..0000000000 Binary files a/community_images/redis/official/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/redis/official/assets/metrics.webp b/community_images/redis/official/assets/metrics.webp deleted file mode 100644 index 29e5655c16..0000000000 Binary files a/community_images/redis/official/assets/metrics.webp and /dev/null differ diff --git a/community_images/redis/official/dc_coverage.sh b/community_images/redis/official/dc_coverage.sh deleted file mode 100755 index 978a51a194..0000000000 --- a/community_images/redis/official/dc_coverage.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash - -set -x -set -e - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" -NAMESPACE=$(jq -r '.namespace_name' < "$JSON_PARAMS") - -CONTAINER_NAME="${NAMESPACE}"-redis-primary-1 - -# run redis tests -(docker exec -i "${CONTAINER_NAME}" bash -c "cat ../tmp/test.redis | redis-cli") || (docker exec -i "${CONTAINER_NAME}" sh -c "cat ../tmp/test.redis | redis-cli") - -# run redis coverage -(docker exec -i "${CONTAINER_NAME}" sh ../tmp/redis_coverage.sh) || (docker exec -i "${CONTAINER_NAME}" bash -c "../tmp/redis_coverage.sh") diff --git a/community_images/redis/official/docker-compose.yml b/community_images/redis/official/docker-compose.yml deleted file mode 100644 index aa72499bd6..0000000000 --- a/community_images/redis/official/docker-compose.yml +++ /dev/null @@ -1,37 +0,0 @@ -version: '2' - -services: - redis-primary: - image: ${REDIS_IMAGE_REPOSITORY}:${REDIS_IMAGE_TAG} - ports: - - '6379' - environment: - - REDIS_REPLICATION_MODE=master - - REDIS_PASSWORD=my_password - - REDIS_DISABLE_COMMANDS=FLUSHDB,FLUSHALL - volumes: - - 'redis_data:/bitnami/redis/data' - - ../../common/tests/test.redis:/tmp/test.redis - - ../../common/tests/redis_coverage.sh:/tmp/redis_coverage.sh - cap_add: - - SYS_PTRACE - - redis-secondary: - image: ${REDIS_IMAGE_REPOSITORY}:${REDIS_IMAGE_TAG} - ports: - - '6379' - depends_on: - - redis-primary - environment: - - REDIS_REPLICATION_MODE=slave - - REDIS_MASTER_HOST=redis-primary - - REDIS_MASTER_PORT_NUMBER=6379 - - REDIS_MASTER_PASSWORD=my_password - - REDIS_PASSWORD=my_password - - REDIS_DISABLE_COMMANDS=FLUSHDB,FLUSHALL - cap_add: - - SYS_PTRACE - -volumes: - redis_data: - driver: local diff --git a/community_images/redis/official/docker.env.temp b/community_images/redis/official/docker.env.temp deleted file mode 100644 index 91f3bf6f23..0000000000 --- a/community_images/redis/official/docker.env.temp +++ /dev/null @@ -1,2 +0,0 @@ -REDIS_IMAGE_REPOSITORY=rapidfort/redis-official -REDIS_IMAGE_TAG=6.0.20-alpine3.18 diff --git a/community_images/redis/official/docker_coverage.sh b/community_images/redis/official/docker_coverage.sh deleted file mode 100755 index ba69a1e0a7..0000000000 --- a/community_images/redis/official/docker_coverage.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/bash - -set -x -set -e - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" - -RAPIDFORT_ACCOUNT="${RAPIDFORT_ACCOUNT:-rapidfort}" -NAMESPACE=$(jq -r '.namespace_name' < "$JSON_PARAMS") - -# get docker host ip -REDIS_HOST=$(jq -r '.container_details."redis-official".ip_address' < "$JSON_PARAMS") -REPO_PATH=$(jq -r '.image_tag_details."redis-official".repo_path' < "$JSON_PARAMS") -TAG=$(jq -r '.image_tag_details."redis-official".tag' < "$JSON_PARAMS") - -# run redis-client tests -docker run --rm -i --cap-add=SYS_PTRACE \ - --network="${NAMESPACE}" \ - "${REPO_PATH}:${TAG}" \ - redis-benchmark -h "${REDIS_HOST}" -p 6379 -n 1000 -c 10 diff --git a/community_images/redis/official/image.yml b/community_images/redis/official/image.yml deleted file mode 100644 index 0ba9cb0188..0000000000 --- a/community_images/redis/official/image.yml +++ /dev/null @@ -1,65 +0,0 @@ -name: redis-official -official_name: Redis™ Official -official_website: http://redis.io -source_image_provider: The Docker Community -source_image_repo: docker.io/library/redis -source_image_repo_link: https://hub.docker.com/_/redis -source_image_readme: https://github.com/docker-library/docs/blob/master/redis/README.md -rf_docker_link: rapidfort/redis-official -image_workflow_name: redis_official -github_location: redis/official -report_url: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fredis -usage_instructions: | - $ docker run -it --rm -p 6379:6379 rapidfort/redis-official:latest -what_is_text: | - Redis™ is an open-source, networked, in-memory, key-value data store with optional durability. It is written in ANSI C. The development of Redis is sponsored by Redis Labs today; before that, it was sponsored by Pivotal and VMware. According to the monthly ranking by DB-Engines.com, Redis is the most popular key-value store. The name Redis means REmote DIctionary Server. -disclaimer: | - Disclaimer: Redis is a registered trademark of Redis Labs Ltd. Any rights therein are reserved to Redis Labs Ltd. Any use by RapidFort is for referential purposes only and does not indicate any sponsorship, endorsement, or affiliation between Redis Labs Ltd. -docker_links: - - "[`7.2.0`, `7.2`, `7`, `latest`, `7.2.0-bookworm`, `7.2-bookworm`, `7-bookworm`, `bookworm`](https://github.com/docker-library/redis/blob/9b538c33746872dcd1e8c809cbde9f21ac2ec3ac/7.2/Dockerfile)" - - "[`7.2.0-alpine`, `7.2-alpine`, `7-alpine`, `alpine`, `7.2.0-alpine3.18`, `7.2-alpine3.18`, `7-alpine3.18`, `alpine3.18`](https://github.com/docker-library/redis/blob/9b538c33746872dcd1e8c809cbde9f21ac2ec3ac/7.2/alpine/Dockerfile)" - - "[`7.0.12`, `7.0`, `7.0.12-bookworm`, `7.0-bookworm`](https://github.com/docker-library/redis/blob/5c8459f1bd20b7b7f92325f83898636f3c8db95f/7.0/Dockerfile)" - - "[`7.0.12-alpine`, 7.0-alpine`, `7.0.12-alpine3.18`, `7.0-alpine3.18`](https://github.com/docker-library/redis/blob/5c8459f1bd20b7b7f92325f83898636f3c8db95f/7.0/alpine/Dockerfile)" - - "[`6.2.13`, `6.2`, `6`, `6.2.13-bookworm`, `6.2-bookworm`, `6-bookworm`](https://github.com/docker-library/redis/blob/f2da8752a05b783eb805b67ad7a56a997a0fe91f/6.2/Dockerfile)" - - "[`6.2.13-alpine`, `6.2-alpine`, `6-alpine`, `6.2.13-alpine3.18`, `6.2-alpine3.18`, `6-alpine3.18`](https://github.com/docker-library/redis/blob/f2da8752a05b783eb805b67ad7a56a997a0fe91f/6.2/alpine/Dockerfile)" - - "[`6.0.20`, `6.0`, `6.0.20-bookworm`, `6.0-bookworm`](https://github.com/docker-library/redis/blob/873a7cac27da5a275d0c1e0c7d41724ae2701071/6.0/Dockerfile)" - - "[`6.0.20-alpine`, `6.0-alpine`, `6.0.20-alpine3.18`, `6.0-alpine3.18`](https://github.com/docker-library/redis/blob/873a7cac27da5a275d0c1e0c7d41724ae2701071/6.0/alpine/Dockerfile)" -input_registry: - registry: docker.io - account: library -repo_sets: - - redis: - input_base_tag: "6.0.*-alpine" - output_repo: redis-official - - redis: - input_base_tag: "6.0.*-bookworm" - output_repo: redis-official - - redis: - input_base_tag: "6.2.*-alpine" - output_repo: redis-official - - redis: - input_base_tag: "6.2.*-bookworm" - output_repo: redis-official - - redis: - input_base_tag: "7.0.*-alpine" - output_repo: redis-official - - redis: - input_base_tag: "7.0.*-bookworm" - output_repo: redis-official - - redis: - input_base_tag: "7.2.*-alpine" - output_repo: redis-official - - redis: - input_base_tag: "7.2.*-bookworm" - output_repo: redis-official -runtimes: - - type: docker_compose - script: dc_coverage.sh - compose_file: docker-compose.yml - image_keys: - redis-official: - repository: "REDIS_IMAGE_REPOSITORY" - tag: "REDIS_IMAGE_TAG" - - type: docker - script: docker_coverage.sh - redis-official: {} diff --git a/community_images/telegraf/bitnami/README.md b/community_images/telegraf/bitnami/README.md deleted file mode 100644 index 970f6e293f..0000000000 --- a/community_images/telegraf/bitnami/README.md +++ /dev/null @@ -1,142 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for Telegraf - -RapidFort’s container optimization process hardened this Telegraf container. This container is free to use and has no license limitations. - -It is the same as the [Bitnami Telegraf][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is Telegraf? - -> Telegraf is a server-based agent for collecting and sending all metrics and events from databases, systems, and IoT sensors. Telegraf is written in Go and compiles into a single binary with no external dependencies, and requires a very minimal memory footprint. - - -[Overview of Telegraf](https://www.influxdata.com/time-series-platform/telegraf) - -Telegraf(TM) is a trademark owned by InfluxData, which is not affiliated with, and does not endorse, this site. - - -## How do I use this hardened Telegraf image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -$ helm repo add bitnami https://charts.bitnami.com/bitnami - -# install telegraf, just replace repository with RapidFort registry -$ helm install my-telegraf bitnami/telegraf --set image.repository=rapidfort/telegraf - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [Bitnami Telegraf][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [Bitnami Telegraf][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/telegraf][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links -* [`1`, `1-debian-11`, `1.28.5`, `1.28.5-debian-11-r` (1/debian-11/Dockerfile)](https://github.com/bitnami/containers/tree/main/bitnami/telegraf/1/debian-11/Dockerfile) - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=telegraf&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Ftelegraf?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=telegraf&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Ftelegraf?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=telegraf&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Ftelegraf?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=telegraf&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Ftelegraf?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=telegraf&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Ftelegraf?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=telegraf&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/telegraf?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/telegraf?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/telegraf/bitnami/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/telegraf/bitnami/assets/cve_reduction.webp - -[source-image-repo-link]: https://hub.docker.com/r/bitnami/telegraf -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/telegraf diff --git a/community_images/telegraf/bitnami/assets/cve_reduction.webp b/community_images/telegraf/bitnami/assets/cve_reduction.webp deleted file mode 100644 index cadc685647..0000000000 Binary files a/community_images/telegraf/bitnami/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/telegraf/bitnami/assets/metrics.webp b/community_images/telegraf/bitnami/assets/metrics.webp deleted file mode 100644 index 73ac37b1c1..0000000000 Binary files a/community_images/telegraf/bitnami/assets/metrics.webp and /dev/null differ diff --git a/community_images/telegraf/bitnami/coverage.sh b/community_images/telegraf/bitnami/coverage.sh deleted file mode 100755 index 441d69a169..0000000000 --- a/community_images/telegraf/bitnami/coverage.sh +++ /dev/null @@ -1,43 +0,0 @@ -#!/bin/bash - -set -x -set -e - -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -# shellcheck disable=SC1091 -. "${SCRIPTPATH}"/../../common/scripts/bash_helper.sh - -function test_telegraf() { - local ORG=$1 - local TOKEN=$2 - wget https://dl.influxdata.com/influxdb/releases/influxdb2-client-2.6.1-linux-amd64.tar.gz - tar xvzf influxdb2-client-2.6.1-linux-amd64.tar.gz - sudo cp influxdb2-client-2.6.1-linux-amd64/influx /usr/local/bin/ - # bring up a client influxdb instance - influx query 'from(bucket:"example_bucket") |> range(start:-1m)' --org "${ORG}" -t "${TOKEN}" -} - -function setup_telegraf() { - local NAMESPACE=$1 - # local CONTAINER_NAME=$2 - # create a sample telegraf configuration file - telegraf --sample-config --input-filter cpu:mem --output-filter influxdb_v2\ - --aggregator-filter : --processor-filter : > telegraf.conf - # start the telegraf server - # telegraf --config telegraf.conf -} - -function setup_influxdb() { - local NAMESPACE=$1 - # start the influxdb - INFLUXDB_POD_NAME="influxdb_telegraf" - docker run --name influxdb_telegraf --net "${NAMESPACE}" -p 8086:8086 \ - -p 8088:8088 -d rapidfort/influxdb - - # create the bucket and and example org - chmod +x "${SCRIPTPATH}"/influx_bucket_org_create.sh - docker cp "${SCRIPTPATH}"/influx_bucket_org_create.sh "${INFLUXDB_POD_NAME}":/tmp/influx_bucket_org_create.sh - - with_backoff docker exec -t "${INFLUXDB_POD_NAME}" bash /tmp/influx_bucket_org_create.sh -} \ No newline at end of file diff --git a/community_images/telegraf/bitnami/dc_coverage.sh b/community_images/telegraf/bitnami/dc_coverage.sh deleted file mode 100755 index 82dc182d1b..0000000000 --- a/community_images/telegraf/bitnami/dc_coverage.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash - -set -x -set -e - -# shellcheck disable=SC1091 -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -# shellcheck disable=SC1091 -. "${SCRIPTPATH}"/coverage.sh - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" -test_telegraf example_org admintoken123 diff --git a/community_images/telegraf/bitnami/docker-compose.yml b/community_images/telegraf/bitnami/docker-compose.yml deleted file mode 100644 index 4f8291b6cf..0000000000 --- a/community_images/telegraf/bitnami/docker-compose.yml +++ /dev/null @@ -1,44 +0,0 @@ -version: '2' -services: - telegraf: - image: ${TELEGRAF_IMAGE_REPOSITORY}:${TELEGRAF_IMAGE_TAG} - cap_add: - - SYS_PTRACE - depends_on: - - init-influxdb - links: - - influxdb - # this seems to start the telegraf container correctly - command: telegraf --version - ports: - - "8092:8092/udp" - - 8094:8094 - - "8125:8125/udp" - volumes: - - ./telegraf.conf:/etc/telegraf/telegraf.conf:ro - init-influxdb: - image: rapidfort/influxdb - command: /init_influxdb.sh - volumes: - - ./init_influxdb.sh:/init_influxdb.sh - depends_on: - influxdb: - condition: service_healthy - influxdb: - image: rapidfort/influxdb - ports: - - 8086:8086 - - 8088:8088 - healthcheck: - test: ["CMD", "curl", "-f", "http://localhost:8086"] - interval: 30s - timeout: 10s - retries: 5 - environment: - - INFLUXDB_ADMIN_USER_PASSWORD=bitnami123 - - INFLUXDB_ADMIN_USER_TOKEN=admintoken123 - - INFLUXDB_USER=my_user - - INFLUXDB_USER_PASSWORD=my_password - - INFLUXDB_DB=my_database - - INFLUXDB_USER_BUCKET=my_bucket - - INFLUXDB_ORG=my_org \ No newline at end of file diff --git a/community_images/telegraf/bitnami/docker.env b/community_images/telegraf/bitnami/docker.env deleted file mode 100644 index 6b520ad4b3..0000000000 --- a/community_images/telegraf/bitnami/docker.env +++ /dev/null @@ -1,5 +0,0 @@ -INFLUXDB_ADMIN_USER_PASSWORD="bitnami123" -INFLUXDB_ADMIN_USER_TOKEN="admintoken123" -INFLUXDB_USER="my_user" -INFLUXDB_USER_PASSWORD="my_password" -INFLUXDB_DB="my_database" diff --git a/community_images/telegraf/bitnami/docker_coverage.sh b/community_images/telegraf/bitnami/docker_coverage.sh deleted file mode 100755 index fcafaf9f02..0000000000 --- a/community_images/telegraf/bitnami/docker_coverage.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -set -x -set -e - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker coverage = $JSON" \ No newline at end of file diff --git a/community_images/telegraf/bitnami/image.yml b/community_images/telegraf/bitnami/image.yml deleted file mode 100644 index 1465625d79..0000000000 --- a/community_images/telegraf/bitnami/image.yml +++ /dev/null @@ -1,34 +0,0 @@ -name: telegraf -official_name: Telegraf -official_website: https://www.influxdata.com/time-series-platform/telegraf -source_image_provider: Bitnami -source_image_repo: docker.io/bitnami/telegraf -source_image_repo_link: https://hub.docker.com/r/bitnami/telegraf -source_image_readme: https://github.com/bitnami/containers/blob/main/bitnami/telegraf/README.md -rf_docker_link: rapidfort/telegraf -image_workflow_name: telegraf_bitnami -github_location: telegraf/bitnami -report_url: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Ftelegraf -usage_instructions: | - $ helm repo add bitnami https://charts.bitnami.com/bitnami - - # install telegraf, just replace repository with RapidFort registry - $ helm install my-telegraf bitnami/telegraf --set image.repository=rapidfort/telegraf -what_is_text: | - Telegraf is a server-based agent for collecting and sending all metrics and events from databases, systems, and IoT sensors. Telegraf is written in Go and compiles into a single binary with no external dependencies, and requires a very minimal memory footprint. -disclaimer: | - Telegraf(TM) is a trademark owned by InfluxData, which is not affiliated with, and does not endorse, this site. -input_registry: - registry: docker.io - account: bitnami -repo_sets: - - telegraf: - input_base_tag: "1.28.2-debian-11-r" -runtimes: - - type: docker_compose - script: dc_coverage.sh - compose_file: docker-compose.yml - image_keys: - telegraf: - repository: "TELEGRAF_IMAGE_REPOSITORY" - tag: "TELEGRAF_IMAGE_TAG" diff --git a/community_images/telegraf/bitnami/init_influxdb.sh b/community_images/telegraf/bitnami/init_influxdb.sh deleted file mode 100755 index d6cfaa836d..0000000000 --- a/community_images/telegraf/bitnami/init_influxdb.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh - -set -e -influx org create --name example_org -t admintoken123 --host 'http://influxdb:8086' -influx bucket create -n example_bucket -t admintoken123 --org example_org -r 7d --host 'http://influxdb:8086' \ No newline at end of file diff --git a/community_images/telegraf/bitnami/k8s_coverage.sh b/community_images/telegraf/bitnami/k8s_coverage.sh deleted file mode 100755 index 001d4f89ed..0000000000 --- a/community_images/telegraf/bitnami/k8s_coverage.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash - -set -x -set -e - -# shellcheck disable=SC1091 -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -JSON_PARAMS="$1" - -NAMESPACE=$(jq -r '.namespace_name' < "$JSON_PARAMS") -RELEASE_NAME=$(jq -r '.release_name' < "$JSON_PARAMS") -REPOSITORY=influxdb - -# get pod name -POD_NAME=$(kubectl -n "${NAMESPACE}" get pods -l app.kubernetes.io/name="$REPOSITORY" -o jsonpath="{.items[0].metadata.name}") - -# get influxdb token -INFLUXDB_TOKEN=$(kubectl get secret --namespace "${NAMESPACE}" "${RELEASE_NAME}" -o jsonpath="{.data.admin-user-token}" | base64 --decode) - -# copy tests into container -kubectl -n "${NAMESPACE}" cp "${SCRIPTPATH}"/tests/example.csv "${POD_NAME}":/tmp/example.csv -kubectl -n "${NAMESPACE}" cp "${SCRIPTPATH}"/tests/query.flux "${POD_NAME}":/tmp/query.flux - -# write data to db -kubectl -n "${NAMESPACE}" exec -it "${POD_NAME}" -- /bin/bash -c "influx write -t $INFLUXDB_TOKEN -b primary --org-id primary -f /tmp/example.csv" - -# run query on db -kubectl -n "${NAMESPACE}" exec -i "${POD_NAME}" -- influx query -t "$INFLUXDB_TOKEN" --org primary -f /tmp/query.flux diff --git a/community_images/telegraf/bitnami/overrides.yml b/community_images/telegraf/bitnami/overrides.yml deleted file mode 100644 index 71a692bfe6..0000000000 --- a/community_images/telegraf/bitnami/overrides.yml +++ /dev/null @@ -1,28 +0,0 @@ -image: - pullSecrets: ["rf-regcred"] - pullPolicy: Always -telegraf: - containerSecurityContext: - enabled: true - runAsUser: 1001 - allowPrivilegeEscalation: true - capabilities: - add: ["SYS_PTRACE"] - extraEnvVars: - - name: "RF_VERBOSE" - value: "0" - livenessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 - readinessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 -auth: - admin: - username: admin - password: bitnami123 - token: admintoken123 -auth: - user: - username: my_user - password: my_password diff --git a/community_images/telegraf/bitnami/telegraf.conf b/community_images/telegraf/bitnami/telegraf.conf deleted file mode 100644 index 0a429ac638..0000000000 --- a/community_images/telegraf/bitnami/telegraf.conf +++ /dev/null @@ -1,1127 +0,0 @@ -# Telegraf Configuration -# -# Telegraf is entirely plugin driven. All metrics are gathered from the -# declared inputs, and sent to the declared outputs. -# -# Plugins must be declared in here to be active. -# To deactivate a plugin, comment out the name and any variables. -# -# Use 'telegraf -config telegraf.conf -test' to see what metrics a config -# file would generate. -# -# Environment variables can be used anywhere in this config file, simply surround -# them with ${}. For strings the variable must be within quotes (ie, "${STR_VAR}"), -# for numbers and booleans they should be plain (ie, ${INT_VAR}, ${BOOL_VAR}) - - -# Global tags can be specified here in key="value" format. -[global_tags] - # dc = "us-east-1" # will tag all metrics with dc=us-east-1 - # rack = "1a" - ## Environment variables can be used as tags, and throughout the config file - # user = "$USER" - -# Configuration for telegraf agent -[agent] - ## Default data collection interval for all inputs - interval = "10s" - ## Rounds collection interval to 'interval' - ## ie, if interval="10s" then always collect on :00, :10, :20, etc. - round_interval = true - - ## Telegraf will send metrics to outputs in batches of at most - ## metric_batch_size metrics. - ## This controls the size of writes that Telegraf sends to output plugins. - metric_batch_size = 1000 - - ## Maximum number of unwritten metrics per output. Increasing this value - ## allows for longer periods of output downtime without dropping metrics at the - ## cost of higher maximum memory usage. - metric_buffer_limit = 10000 - - ## Collection jitter is used to jitter the collection by a random amount. - ## Each plugin will sleep for a random time within jitter before collecting. - ## This can be used to avoid many plugins querying things like sysfs at the - ## same time, which can have a measurable effect on the system. - collection_jitter = "0s" - - ## Collection offset is used to shift the collection by the given amount. - ## This can be be used to avoid many plugins querying constraint devices - ## at the same time by manually scheduling them in time. - # collection_offset = "0s" - - ## Default flushing interval for all outputs. Maximum flush_interval will be - ## flush_interval + flush_jitter - flush_interval = "10s" - ## Jitter the flush interval by a random amount. This is primarily to avoid - ## large write spikes for users running a large number of telegraf instances. - ## ie, a jitter of 5s and interval 10s means flushes will happen every 10-15s - flush_jitter = "0s" - - ## Collected metrics are rounded to the precision specified. Precision is - ## specified as an interval with an integer + unit (e.g. 0s, 10ms, 2us, 4s). - ## Valid time units are "ns", "us" (or "µs"), "ms", "s". - ## - ## By default or when set to "0s", precision will be set to the same - ## timestamp order as the collection interval, with the maximum being 1s: - ## ie, when interval = "10s", precision will be "1s" - ## when interval = "250ms", precision will be "1ms" - ## - ## Precision will NOT be used for service inputs. It is up to each individual - ## service input to set the timestamp at the appropriate precision. - precision = "0s" - - ## Log at debug level. - # debug = false - ## Log only error level messages. - # quiet = false - - ## Log target controls the destination for logs and can be one of "file", - ## "stderr" or, on Windows, "eventlog". When set to "file", the output file - ## is determined by the "logfile" setting. - # logtarget = "file" - - ## Name of the file to be logged to when using the "file" logtarget. If set to - ## the empty string then logs are written to stderr. - # logfile = "" - - ## The logfile will be rotated after the time interval specified. When set - ## to 0 no time based rotation is performed. Logs are rotated only when - ## written to, if there is no log activity rotation may be delayed. - # logfile_rotation_interval = "0h" - - ## The logfile will be rotated when it becomes larger than the specified - ## size. When set to 0 no size based rotation is performed. - # logfile_rotation_max_size = "0MB" - - ## Maximum number of rotated archives to keep, any older logs are deleted. - ## If set to -1, no archives are removed. - # logfile_rotation_max_archives = 5 - - ## Pick a timezone to use when logging or type 'local' for local time. - ## Example: America/Chicago - # log_with_timezone = "" - - ## Override default hostname, if empty use os.Hostname() - hostname = "" - ## If set to true, do no set the "host" tag in the telegraf agent. - omit_hostname = false - - ## Method of translating SNMP objects. Can be "netsnmp" (deprecated) which - ## translates by calling external programs snmptranslate and snmptable, - ## or "gosmi" which translates using the built-in gosmi library. - # snmp_translator = "netsnmp" - -############################################################################### -# SECRETSTORE PLUGINS # -############################################################################### - - -# # File based Javascript Object Signing and Encryption based secret-store -# [[secretstores.jose]] -# ## Unique identifier for the secret-store. -# ## This id can later be used in plugins to reference the secrets -# ## in this secret-store via @{:} (mandatory) -# id = "secretstore" -# -# ## Directory for storing the secrets -# # path = "secrets" -# -# ## Password to access the secrets. -# ## If no password is specified here, Telegraf will prompt for it at startup time. -# # password = "" - - -# # Operating System native secret-store -# [[secretstores.os]] -# ## Unique identifier for the secret-store. -# ## This id can later be used in plugins to reference the secrets -# ## in this secret-store via @{:} (mandatory) -# id = "secretstore" -# -# ## MacOS' Keychain name and service name -# # keyring = "telegraf" -# # collection = "" -# -# ## MacOS' Keychain password -# ## If no password is specified here, Telegraf will prompt for it at startup time. -# # password = "" -# -# ## Allow dynamic secrets that are updated during runtime of telegraf -# # dynamic = false - - -############################################################################### -# SECRETSTORE PLUGINS # -############################################################################### - - -# # File based Javascript Object Signing and Encryption based secret-store -# [[secretstores.jose]] -# ## Unique identifier for the secret-store. -# ## This id can later be used in plugins to reference the secrets -# ## in this secret-store via @{:} (mandatory) -# id = "secretstore" -# -# ## Directory for storing the secrets -# # path = "secrets" -# -# ## Password to access the secrets. -# ## If no password is specified here, Telegraf will prompt for it at startup time. -# # password = "" - - -# # Operating System native secret-store -# [[secretstores.os]] -# ## Unique identifier for the secret-store. -# ## This id can later be used in plugins to reference the secrets -# ## in this secret-store via @{:} (mandatory) -# id = "secretstore" -# -# ## MacOS' Keychain name and service name -# # keyring = "telegraf" -# # collection = "" -# -# ## MacOS' Keychain password -# ## If no password is specified here, Telegraf will prompt for it at startup time. -# # password = "" -# -# ## Allow dynamic secrets that are updated during runtime of telegraf -# # dynamic = false - - -# Configuration for sending metrics to InfluxDB 2.0 -[[outputs.influxdb_v2]] - ## The URLs of the InfluxDB cluster nodes. - ## - ## Multiple URLs can be specified for a single cluster, only ONE of the - ## urls will be written to each interval. - ## ex: urls = ["https://us-west-2-1.aws.cloud2.influxdata.com"] - urls = ["http://influxdb:8086"] - - ## Token for authentication. - token = "admintoken123" - - ## Organization is the name of the organization you wish to write to. - organization = "example_org" - - ## Destination bucket to write into. - bucket = "example_bucket" - - ## The value of this tag will be used to determine the bucket. If this - ## tag is not set the 'bucket' option is used as the default. - # bucket_tag = "" - - ## If true, the bucket tag will not be added to the metric. - # exclude_bucket_tag = false - - ## Timeout for HTTP messages. - # timeout = "5s" - - ## Additional HTTP headers - # http_headers = {"X-Special-Header" = "Special-Value"} - - ## HTTP Proxy override, if unset values the standard proxy environment - ## variables are consulted to determine which proxy, if any, should be used. - # http_proxy = "http://corporate.proxy:3128" - - ## HTTP User-Agent - # user_agent = "telegraf" - - ## Content-Encoding for write request body, can be set to "gzip" to - ## compress body or "identity" to apply no encoding. - # content_encoding = "gzip" - - ## Enable or disable uint support for writing uints influxdb 2.0. - # influx_uint_support = false - - ## Optional TLS Config for use on HTTP connections. - # tls_ca = "/etc/telegraf/ca.pem" - # tls_cert = "/etc/telegraf/cert.pem" - # tls_key = "/etc/telegraf/key.pem" - ## Use TLS but skip chain & host verification - # insecure_skip_verify = false - - -############################################################################### -# PROCESSOR PLUGINS # -############################################################################### - - -# # Attach AWS EC2 metadata to metrics -# [[processors.aws_ec2]] -# ## Instance identity document tags to attach to metrics. -# ## For more information see: -# ## https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html -# ## -# ## Available tags: -# ## * accountId -# ## * architecture -# ## * availabilityZone -# ## * billingProducts -# ## * imageId -# ## * instanceId -# ## * instanceType -# ## * kernelId -# ## * pendingTime -# ## * privateIp -# ## * ramdiskId -# ## * region -# ## * version -# imds_tags = [] -# -# ## EC2 instance tags retrieved with DescribeTags action. -# ## In case tag is empty upon retrieval it's omitted when tagging metrics. -# ## Note that in order for this to work, role attached to EC2 instance or AWS -# ## credentials available from the environment must have a policy attached, that -# ## allows ec2:DescribeTags. -# ## -# ## For more information see: -# ## https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeTags.html -# ec2_tags = [] -# -# ## Timeout for http requests made by against aws ec2 metadata endpoint. -# timeout = "10s" -# -# ## ordered controls whether or not the metrics need to stay in the same order -# ## this plugin received them in. If false, this plugin will change the order -# ## with requests hitting cached results moving through immediately and not -# ## waiting on slower lookups. This may cause issues for you if you are -# ## depending on the order of metrics staying the same. If so, set this to true. -# ## Keeping the metrics ordered may be slightly slower. -# ordered = false -# -# ## max_parallel_calls is the maximum number of AWS API calls to be in flight -# ## at the same time. -# ## It's probably best to keep this number fairly low. -# max_parallel_calls = 10 - - -# # Apply metric modifications using override semantics. -# [[processors.clone]] -# ## All modifications on inputs and aggregators can be overridden: -# # name_override = "new_name" -# # name_prefix = "new_name_prefix" -# # name_suffix = "new_name_suffix" -# -# ## Tags to be added (all values must be strings) -# # [processors.clone.tags] -# # additional_tag = "tag_value" - - -# # Convert values to another metric value type -# [[processors.converter]] -# ## Tags to convert -# ## -# ## The table key determines the target type, and the array of key-values -# ## select the keys to convert. The array may contain globs. -# ## = [...] -# [processors.converter.tags] -# measurement = [] -# string = [] -# integer = [] -# unsigned = [] -# boolean = [] -# float = [] -# -# ## Fields to convert -# ## -# ## The table key determines the target type, and the array of key-values -# ## select the keys to convert. The array may contain globs. -# ## = [...] -# [processors.converter.fields] -# measurement = [] -# tag = [] -# string = [] -# integer = [] -# unsigned = [] -# boolean = [] -# float = [] - - -# # Dates measurements, tags, and fields that pass through this filter. -# [[processors.date]] -# ## New tag to create -# tag_key = "month" -# -# ## New field to create (cannot set both field_key and tag_key) -# # field_key = "month" -# -# ## Date format string, must be a representation of the Go "reference time" -# ## which is "Mon Jan 2 15:04:05 -0700 MST 2006". -# date_format = "Jan" -# -# ## If destination is a field, date format can also be one of -# ## "unix", "unix_ms", "unix_us", or "unix_ns", which will insert an integer field. -# # date_format = "unix" -# -# ## Offset duration added to the date string when writing the new tag. -# # date_offset = "0s" -# -# ## Timezone to use when creating the tag or field using a reference time -# ## string. This can be set to one of "UTC", "Local", or to a location name -# ## in the IANA Time Zone database. -# ## example: timezone = "America/Los_Angeles" -# # timezone = "UTC" - - -# # Filter metrics with repeating field values -# [[processors.dedup]] -# ## Maximum time to suppress output -# dedup_interval = "600s" - - -# ## Set default fields on your metric(s) when they are nil or empty -# [[processors.defaults]] -# ## Ensures a set of fields always exists on your metric(s) with their -# ## respective default value. -# ## For any given field pair (key = default), if it's not set, a field -# ## is set on the metric with the specified default. -# ## -# ## A field is considered not set if it is nil on the incoming metric; -# ## or it is not nil but its value is an empty string or is a string -# ## of one or more spaces. -# ## = -# [processors.defaults.fields] -# field_1 = "bar" -# time_idle = 0 -# is_error = true - - -# # Map enum values according to given table. -# [[processors.enum]] -# [[processors.enum.mapping]] -# ## Name of the field to map. Globs accepted. -# field = "status" -# -# ## Name of the tag to map. Globs accepted. -# # tag = "status" -# -# ## Destination tag or field to be used for the mapped value. By default the -# ## source tag or field is used, overwriting the original value. -# dest = "status_code" -# -# ## Default value to be used for all values not contained in the mapping -# ## table. When unset and no match is found, the original field will remain -# ## unmodified and the destination tag or field will not be created. -# # default = 0 -# -# ## Table of mappings -# [processors.enum.mapping.value_mappings] -# green = 1 -# amber = 2 -# red = 3 - - -# # Run executable as long-running processor plugin -# [[processors.execd]] -# ## One program to run as daemon. -# ## NOTE: process and each argument should each be their own string -# ## eg: command = ["/path/to/your_program", "arg1", "arg2"] -# command = ["cat"] -# -# ## Environment variables -# ## Array of "key=value" pairs to pass as environment variables -# ## e.g. "KEY=value", "USERNAME=John Doe", -# ## "LD_LIBRARY_PATH=/opt/custom/lib64:/usr/local/libs" -# # environment = [] -# -# ## Delay before the process is restarted after an unexpected termination -# # restart_delay = "10s" - - -# # Performs file path manipulations on tags and fields -# [[processors.filepath]] -# ## Treat the tag value as a path and convert it to its last element, storing the result in a new tag -# # [[processors.filepath.basename]] -# # tag = "path" -# # dest = "basepath" -# -# ## Treat the field value as a path and keep all but the last element of path, typically the path's directory -# # [[processors.filepath.dirname]] -# # field = "path" -# -# ## Treat the tag value as a path, converting it to its the last element without its suffix -# # [[processors.filepath.stem]] -# # tag = "path" -# -# ## Treat the tag value as a path, converting it to the shortest path name equivalent -# ## to path by purely lexical processing -# # [[processors.filepath.clean]] -# # tag = "path" -# -# ## Treat the tag value as a path, converting it to a relative path that is lexically -# ## equivalent to the source path when joined to 'base_path' -# # [[processors.filepath.rel]] -# # tag = "path" -# # base_path = "/var/log" -# -# ## Treat the tag value as a path, replacing each separator character in path with a '/' character. Has only -# ## effect on Windows -# # [[processors.filepath.toslash]] -# # tag = "path" - - -# # Add a tag of the network interface name looked up over SNMP by interface number -# [[processors.ifname]] -# ## Name of tag holding the interface number -# # tag = "ifIndex" -# -# ## Name of output tag where service name will be added -# # dest = "ifName" -# -# ## Name of tag of the SNMP agent to request the interface name from -# # agent = "agent" -# -# ## Timeout for each request. -# # timeout = "5s" -# -# ## SNMP version; can be 1, 2, or 3. -# # version = 2 -# -# ## SNMP community string. -# # community = "public" -# -# ## Number of retries to attempt. -# # retries = 3 -# -# ## The GETBULK max-repetitions parameter. -# # max_repetitions = 10 -# -# ## SNMPv3 authentication and encryption options. -# ## -# ## Security Name. -# # sec_name = "myuser" -# ## Authentication protocol; one of "MD5", "SHA", or "". -# # auth_protocol = "MD5" -# ## Authentication password. -# # auth_password = "pass" -# ## Security Level; one of "noAuthNoPriv", "authNoPriv", or "authPriv". -# # sec_level = "authNoPriv" -# ## Context Name. -# # context_name = "" -# ## Privacy protocol used for encrypted messages; one of "DES", "AES" or "". -# # priv_protocol = "" -# ## Privacy password used for encrypted messages. -# # priv_password = "" -# -# ## max_parallel_lookups is the maximum number of SNMP requests to -# ## make at the same time. -# # max_parallel_lookups = 100 -# -# ## ordered controls whether or not the metrics need to stay in the -# ## same order this plugin received them in. If false, this plugin -# ## may change the order when data is cached. If you need metrics to -# ## stay in order set this to true. keeping the metrics ordered may -# ## be slightly slower -# # ordered = false -# -# ## cache_ttl is the amount of time interface names are cached for a -# ## given agent. After this period elapses if names are needed they -# ## will be retrieved again. -# # cache_ttl = "8h" - - -# # Adds noise to numerical fields -# [[processors.noise]] -# ## Specified the type of the random distribution. -# ## Can be "laplacian", "gaussian" or "uniform". -# # type = "laplacian -# -# ## Center of the distribution. -# ## Only used for Laplacian and Gaussian distributions. -# # mu = 0.0 -# -# ## Scale parameter for the Laplacian or Gaussian distribution -# # scale = 1.0 -# -# ## Upper and lower bound of the Uniform distribution -# # min = -1.0 -# # max = 1.0 -# -# ## Apply the noise only to numeric fields matching the filter criteria below. -# ## Excludes takes precedence over includes. -# # include_fields = [] -# # exclude_fields = [] - - -# # Apply metric modifications using override semantics. -# [[processors.override]] -# ## All modifications on inputs and aggregators can be overridden: -# # name_override = "new_name" -# # name_prefix = "new_name_prefix" -# # name_suffix = "new_name_suffix" -# -# ## Tags to be added (all values must be strings) -# # [processors.override.tags] -# # additional_tag = "tag_value" - - -# # Parse a value in a specified field(s)/tag(s) and add the result in a new metric -# [[processors.parser]] -# ## The name of the fields whose value will be parsed. -# parse_fields = ["message"] -# -# ## The name of the tags whose value will be parsed. -# # parse_tags = [] -# -# ## If true, incoming metrics are not emitted. -# # drop_original = false -# -# ## If set to override, emitted metrics will be merged by overriding the -# ## original metric using the newly parsed metrics. -# ## Only has effect when drop_original is set to false. -# merge = "override" -# -# ## The dataformat to be read from files -# ## Each data format has its own unique set of configuration options, read -# ## more about them here: -# ## https://github.com/influxdata/telegraf/blob/master/docs/DATA_FORMATS_INPUT.md -# data_format = "influx" - - -# # Rotate a single valued metric into a multi field metric -# [[processors.pivot]] -# ## Tag to use for naming the new field. -# tag_key = "name" -# ## Field to use as the value of the new field. -# value_key = "value" - - -# # Given a tag/field of a TCP or UDP port number, add a tag/field of the service name looked up in the system services file -# [[processors.port_name]] -# ## Name of tag holding the port number -# # tag = "port" -# ## Or name of the field holding the port number -# # field = "port" -# -# ## Name of output tag or field (depending on the source) where service name will be added -# # dest = "service" -# -# ## Default tcp or udp -# # default_protocol = "tcp" -# -# ## Tag containing the protocol (tcp or udp, case-insensitive) -# # protocol_tag = "proto" -# -# ## Field containing the protocol (tcp or udp, case-insensitive) -# # protocol_field = "proto" - - -# # Print all metrics that pass through this filter. -# [[processors.printer]] - - -# # Transforms tag and field values as well as measurement, tag and field names with regex pattern -# [[processors.regex]] -# namepass = ["nginx_requests"] -# -# # Tag and field conversions defined in a separate sub-tables -# [[processors.regex.tags]] -# ## Tag to change, "*" will change every tag -# key = "resp_code" -# ## Regular expression to match on a tag value -# pattern = "^(\\d)\\d\\d$" -# ## Matches of the pattern will be replaced with this string. Use ${1} -# ## notation to use the text of the first submatch. -# replacement = "${1}xx" -# -# [[processors.regex.fields]] -# ## Field to change -# key = "request" -# ## All the power of the Go regular expressions available here -# ## For example, named subgroups -# pattern = "^/api(?P/[\\w/]+)\\S*" -# replacement = "${method}" -# ## If result_key is present, a new field will be created -# ## instead of changing existing field -# result_key = "method" -# -# # Multiple conversions may be applied for one field sequentially -# # Let's extract one more value -# [[processors.regex.fields]] -# key = "request" -# pattern = ".*category=(\\w+).*" -# replacement = "${1}" -# result_key = "search_category" -# -# # Rename metric fields -# [[processors.regex.field_rename]] -# ## Regular expression to match on a field name -# pattern = "^search_(\\w+)d$" -# ## Matches of the pattern will be replaced with this string. Use ${1} -# ## notation to use the text of the first submatch. -# replacement = "${1}" -# ## If the new field name already exists, you can either "overwrite" the -# ## existing one with the value of the renamed field OR you can "keep" -# ## both the existing and source field. -# # result_key = "keep" -# -# # Rename metric tags -# # [[processors.regex.tag_rename]] -# # ## Regular expression to match on a tag name -# # pattern = "^search_(\\w+)d$" -# # ## Matches of the pattern will be replaced with this string. Use ${1} -# # ## notation to use the text of the first submatch. -# # replacement = "${1}" -# # ## If the new tag name already exists, you can either "overwrite" the -# # ## existing one with the value of the renamed tag OR you can "keep" -# # ## both the existing and source tag. -# # # result_key = "keep" -# -# # Rename metrics -# # [[processors.regex.metric_rename]] -# # ## Regular expression to match on an metric name -# # pattern = "^search_(\\w+)d$" -# # ## Matches of the pattern will be replaced with this string. Use ${1} -# # ## notation to use the text of the first submatch. -# # replacement = "${1}" - - -# # Rename measurements, tags, and fields that pass through this filter. -# [[processors.rename]] -# ## Specify one sub-table per rename operation. -# [[processors.rename.replace]] -# measurement = "network_interface_throughput" -# dest = "throughput" -# -# [[processors.rename.replace]] -# tag = "hostname" -# dest = "host" -# -# [[processors.rename.replace]] -# field = "lower" -# dest = "min" -# -# [[processors.rename.replace]] -# field = "upper" -# dest = "max" - - -# # ReverseDNS does a reverse lookup on IP addresses to retrieve the DNS name -# [[processors.reverse_dns]] -# ## For optimal performance, you may want to limit which metrics are passed to this -# ## processor. eg: -# ## namepass = ["my_metric_*"] -# -# ## cache_ttl is how long the dns entries should stay cached for. -# ## generally longer is better, but if you expect a large number of diverse lookups -# ## you'll want to consider memory use. -# cache_ttl = "24h" -# -# ## lookup_timeout is how long should you wait for a single dns request to repsond. -# ## this is also the maximum acceptable latency for a metric travelling through -# ## the reverse_dns processor. After lookup_timeout is exceeded, a metric will -# ## be passed on unaltered. -# ## multiple simultaneous resolution requests for the same IP will only make a -# ## single rDNS request, and they will all wait for the answer for this long. -# lookup_timeout = "3s" -# -# ## max_parallel_lookups is the maximum number of dns requests to be in flight -# ## at the same time. Requesting hitting cached values do not count against this -# ## total, and neither do mulptiple requests for the same IP. -# ## It's probably best to keep this number fairly low. -# max_parallel_lookups = 10 -# -# ## ordered controls whether or not the metrics need to stay in the same order -# ## this plugin received them in. If false, this plugin will change the order -# ## with requests hitting cached results moving through immediately and not -# ## waiting on slower lookups. This may cause issues for you if you are -# ## depending on the order of metrics staying the same. If so, set this to true. -# ## keeping the metrics ordered may be slightly slower. -# ordered = false -# -# [[processors.reverse_dns.lookup]] -# ## get the ip from the field "source_ip", and put the result in the field "source_name" -# field = "source_ip" -# dest = "source_name" -# -# [[processors.reverse_dns.lookup]] -# ## get the ip from the tag "destination_ip", and put the result in the tag -# ## "destination_name". -# tag = "destination_ip" -# dest = "destination_name" -# -# ## If you would prefer destination_name to be a field instead, you can use a -# ## processors.converter after this one, specifying the order attribute. - - -# # Add the S2 Cell ID as a tag based on latitude and longitude fields -# [[processors.s2geo]] -# ## The name of the lat and lon fields containing WGS-84 latitude and -# ## longitude in decimal degrees. -# # lat_field = "lat" -# # lon_field = "lon" -# -# ## New tag to create -# # tag_key = "s2_cell_id" -# -# ## Cell level (see https://s2geometry.io/resources/s2cell_statistics.html) -# # cell_level = 9 - - -# # Process metrics using a Starlark script -# [[processors.starlark]] -# ## The Starlark source can be set as a string in this configuration file, or -# ## by referencing a file containing the script. Only one source or script -# ## should be set at once. -# -# ## Source of the Starlark script. -# source = ''' -# def apply(metric): -# return metric -# ''' -# -# ## File containing a Starlark script. -# # script = "/usr/local/bin/myscript.star" -# -# ## The constants of the Starlark script. -# # [processors.starlark.constants] -# # max_size = 10 -# # threshold = 0.75 -# # default_name = "Julia" -# # debug_mode = true - - -# # Perform string processing on tags, fields, and measurements -# [[processors.strings]] -# ## Convert a field value to lowercase and store in a new field -# # [[processors.strings.lowercase]] -# # field = "uri_stem" -# # dest = "uri_stem_normalised" -# -# ## Convert a tag value to uppercase -# # [[processors.strings.uppercase]] -# # tag = "method" -# -# ## Convert a field value to titlecase -# # [[processors.strings.titlecase]] -# # field = "status" -# -# ## Trim leading and trailing whitespace using the default cutset -# # [[processors.strings.trim]] -# # field = "message" -# -# ## Trim leading characters in cutset -# # [[processors.strings.trim_left]] -# # field = "message" -# # cutset = "\t" -# -# ## Trim trailing characters in cutset -# # [[processors.strings.trim_right]] -# # field = "message" -# # cutset = "\r\n" -# -# ## Trim the given prefix from the field -# # [[processors.strings.trim_prefix]] -# # field = "my_value" -# # prefix = "my_" -# -# ## Trim the given suffix from the field -# # [[processors.strings.trim_suffix]] -# # field = "read_count" -# # suffix = "_count" -# -# ## Replace all non-overlapping instances of old with new -# # [[processors.strings.replace]] -# # measurement = "*" -# # old = ":" -# # new = "_" -# -# ## Trims strings based on width -# # [[processors.strings.left]] -# # field = "message" -# # width = 10 -# -# ## Decode a base64 encoded utf-8 string -# # [[processors.strings.base64decode]] -# # field = "message" -# -# ## Sanitize a string to ensure it is a valid utf-8 string -# ## Each run of invalid UTF-8 byte sequences is replaced by the replacement string, which may be empty -# # [[processors.strings.valid_utf8]] -# # field = "message" -# # replacement = "" - - -# # Restricts the number of tags that can pass through this filter and chooses which tags to preserve when over the limit. -# [[processors.tag_limit]] -# ## Maximum number of tags to preserve -# limit = 3 -# -# ## List of tags to preferentially preserve -# keep = ["environment", "region"] - - -# # Uses a Go template to create a new tag -# [[processors.template]] -# ## Tag to set with the output of the template. -# tag = "topic" -# -# ## Go template used to create the tag value. In order to ease TOML -# ## escaping requirements, you may wish to use single quotes around the -# ## template string. -# template = '{{ .Tag "hostname" }}.{{ .Tag "level" }}' - - -# # Print all metrics that pass through this filter. -# [[processors.topk]] -# ## How many seconds between aggregations -# # period = 10 -# -# ## How many top buckets to return per field -# ## Every field specified to aggregate over will return k number of results. -# ## For example, 1 field with k of 10 will return 10 buckets. While 2 fields -# ## with k of 3 will return 6 buckets. -# # k = 10 -# -# ## Over which tags should the aggregation be done. Globs can be specified, in -# ## which case any tag matching the glob will aggregated over. If set to an -# ## empty list is no aggregation over tags is done -# # group_by = ['*'] -# -# ## The field(s) to aggregate -# ## Each field defined is used to create an independent aggregation. Each -# ## aggregation will return k buckets. If a metric does not have a defined -# ## field the metric will be dropped from the aggregation. Considering using -# ## the defaults processor plugin to ensure fields are set if required. -# # fields = ["value"] -# -# ## What aggregation function to use. Options: sum, mean, min, max -# # aggregation = "mean" -# -# ## Instead of the top k largest metrics, return the bottom k lowest metrics -# # bottomk = false -# -# ## The plugin assigns each metric a GroupBy tag generated from its name and -# ## tags. If this setting is different than "" the plugin will add a -# ## tag (which name will be the value of this setting) to each metric with -# ## the value of the calculated GroupBy tag. Useful for debugging -# # add_groupby_tag = "" -# -# ## These settings provide a way to know the position of each metric in -# ## the top k. The 'add_rank_field' setting allows to specify for which -# ## fields the position is required. If the list is non empty, then a field -# ## will be added to each and every metric for each string present in this -# ## setting. This field will contain the ranking of the group that -# ## the metric belonged to when aggregated over that field. -# ## The name of the field will be set to the name of the aggregation field, -# ## suffixed with the string '_topk_rank' -# # add_rank_fields = [] -# -# ## These settings provide a way to know what values the plugin is generating -# ## when aggregating metrics. The 'add_aggregate_field' setting allows to -# ## specify for which fields the final aggregation value is required. If the -# ## list is non empty, then a field will be added to each every metric for -# ## each field present in this setting. This field will contain -# ## the computed aggregation for the group that the metric belonged to when -# ## aggregated over that field. -# ## The name of the field will be set to the name of the aggregation field, -# ## suffixed with the string '_topk_aggregate' -# # add_aggregate_fields = [] - - -# # Rotate multi field metric into several single field metrics -# [[processors.unpivot]] -# ## Tag to use for the name. -# tag_key = "name" -# ## Field to use for the name of the value. -# value_key = "value" - - -############################################################################### -# AGGREGATOR PLUGINS # -############################################################################### - - -# # Keep the aggregate basicstats of each metric passing through. -# [[aggregators.basicstats]] -# ## The period on which to flush & clear the aggregator. -# period = "30s" -# -# ## If true, the original metric will be dropped by the -# ## aggregator and will not get sent to the output plugins. -# drop_original = false -# -# ## Configures which basic stats to push as fields -# # stats = ["count","diff","rate","min","max","mean","non_negative_diff","non_negative_rate","stdev","s2","sum","interval"] - - -# # Calculates a derivative for every field. -# [[aggregators.derivative]] -# ## The period in which to flush the aggregator. -# period = "30s" -# ## -# ## Suffix to append for the resulting derivative field. -# # suffix = "_rate" -# ## -# ## Field to use for the quotient when computing the derivative. -# ## When using a field as the derivation parameter the name of that field will -# ## be used for the resulting derivative, e.g. *fieldname_by_parameter*. -# ## By default the timestamps of the metrics are used and the suffix is omitted. -# # variable = "" -# ## -# ## Maximum number of roll-overs in case only one measurement is found during a period. -# # max_roll_over = 10 - - -# # Report the final metric of a series -# [[aggregators.final]] -# ## The period on which to flush & clear the aggregator. -# period = "30s" -# ## If true, the original metric will be dropped by the -# ## aggregator and will not get sent to the output plugins. -# drop_original = false -# -# ## The time that a series is not updated until considering it final. -# series_timeout = "5m" - - -# # Configuration for aggregate histogram metrics -# [[aggregators.histogram]] -# ## The period in which to flush the aggregator. -# period = "30s" -# -# ## If true, the original metric will be dropped by the -# ## aggregator and will not get sent to the output plugins. -# drop_original = false -# -# ## If true, the histogram will be reset on flush instead -# ## of accumulating the results. -# reset = false -# -# ## Whether bucket values should be accumulated. If set to false, "gt" tag will be added. -# ## Defaults to true. -# cumulative = true -# -# ## Expiration interval for each histogram. The histogram will be expired if -# ## there are no changes in any buckets for this time interval. 0 == no expiration. -# # expiration_interval = "0m" -# -# ## If true, aggregated histogram are pushed to output only if it was updated since -# ## previous push. Defaults to false. -# # push_only_on_update = false -# -# ## Example config that aggregates all fields of the metric. -# # [[aggregators.histogram.config]] -# # ## Right borders of buckets (with +Inf implicitly added). -# # buckets = [0.0, 15.6, 34.5, 49.1, 71.5, 80.5, 94.5, 100.0] -# # ## The name of metric. -# # measurement_name = "cpu" -# -# ## Example config that aggregates only specific fields of the metric. -# # [[aggregators.histogram.config]] -# # ## Right borders of buckets (with +Inf implicitly added). -# # buckets = [0.0, 10.0, 20.0, 30.0, 40.0, 50.0, 60.0, 70.0, 80.0, 90.0, 100.0] -# # ## The name of metric. -# # measurement_name = "diskio" -# # ## The concrete fields of metric -# # fields = ["io_time", "read_time", "write_time"] - - -# # Merge metrics into multifield metrics by series key -# [[aggregators.merge]] -# ## If true, the original metric will be dropped by the -# ## aggregator and will not get sent to the output plugins. -# drop_original = true - - -# # Keep the aggregate min/max of each metric passing through. -# [[aggregators.minmax]] -# ## General Aggregator Arguments: -# ## The period on which to flush & clear the aggregator. -# period = "30s" -# ## If true, the original metric will be dropped by the -# ## aggregator and will not get sent to the output plugins. -# drop_original = false - - -# # Keep the aggregate quantiles of each metric passing through. -# [[aggregators.quantile]] -# ## General Aggregator Arguments: -# ## The period on which to flush & clear the aggregator. -# period = "30s" -# -# ## If true, the original metric will be dropped by the -# ## aggregator and will not get sent to the output plugins. -# drop_original = false -# -# ## Quantiles to output in the range [0,1] -# # quantiles = [0.25, 0.5, 0.75] -# -# ## Type of aggregation algorithm -# ## Supported are: -# ## "t-digest" -- approximation using centroids, can cope with large number of samples -# ## "exact R7" -- exact computation also used by Excel or NumPy (Hyndman & Fan 1996 R7) -# ## "exact R8" -- exact computation (Hyndman & Fan 1996 R8) -# ## NOTE: Do not use "exact" algorithms with large number of samples -# ## to not impair performance or memory consumption! -# # algorithm = "t-digest" -# -# ## Compression for approximation (t-digest). The value needs to be -# ## greater or equal to 1.0. Smaller values will result in more -# ## performance but less accuracy. -# # compression = 100.0 - - -# # Aggregate metrics using a Starlark script -# [[aggregators.starlark]] -# ## The Starlark source can be set as a string in this configuration file, or -# ## by referencing a file containing the script. Only one source or script -# ## should be set at once. -# ## -# ## Source of the Starlark script. -# source = ''' -# state = {} -# -# def add(metric): -# state["last"] = metric -# -# def push(): -# return state.get("last") -# -# def reset(): -# state.clear() -# ''' -# -# ## File containing a Starlark script. -# # script = "/usr/local/bin/myscript.star" -# -# ## The constants of the Starlark script. -# # [aggregators.starlark.constants] -# # max_size = 10 -# # threshold = 0.75 -# # default_name = "Julia" -# # debug_mode = true - - -# # Count the occurrence of values in fields. -# [[aggregators.valuecounter]] -# ## General Aggregator Arguments: -# ## The period on which to flush & clear the aggregator. -# period = "30s" -# ## If true, the original metric will be dropped by the -# ## aggregator and will not get sent to the output plugins. -# drop_original = false -# ## The fields for which the values will be counted -# fields = ["status"] - - -# Read metrics about cpu usage -[[inputs.cpu]] - ## Whether to report per-cpu stats or not - percpu = true - ## Whether to report total system cpu stats or not - totalcpu = true - ## If true, collect raw CPU time metrics - collect_cpu_time = false - ## If true, compute and report the sum of all non-idle CPU states - report_active = false - ## If true and the info is available then add core_id and physical_id tags - core_tags = false - - -# Read metrics about memory usage -[[inputs.mem]] - # no configuration - diff --git a/community_images/traefik/ironbank/README.md b/community_images/traefik/ironbank/README.md deleted file mode 100644 index a072f2609c..0000000000 --- a/community_images/traefik/ironbank/README.md +++ /dev/null @@ -1,141 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for TRAEFIK Ironbank - -RapidFort’s container optimization process hardened this TRAEFIK Ironbank container. This container is free to use and has no license limitations. - -It is the same as the [Platform One TRAEFIK Ironbank][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is TRAEFIK Ironbank? - -> Traefik is a modern HTTP reverse proxy and load balancer that makes deploying microservices easy. Traefik integrates with your existing infrastructure components (Docker, Swarm mode, Kubernetes, Marathon, Consul, Etcd, Rancher, Amazon ECS, ...) and configures itself automatically and dynamically. Pointing Traefik at your orchestrator should be the only configuration step you need. - - -[Overview of TRAEFIK Ironbank](https://traefik.io/) - -Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - - -## How do I use this hardened TRAEFIK Ironbank image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -$ helm repo add traefik https://helm.traefik.io/traefik - -# install traefik, just replace repository with RapidFort image.name and the image.tag -$ helm install traefik traefik/traefik --set image.name=rapidfort/traefik-ib --set image.tag=v2.9.4 - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [Platform One TRAEFIK Ironbank][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [Platform One TRAEFIK Ironbank][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/traefik-ib][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=traefik-ib&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Ftraefik%2Ftraefik?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=traefik-ib&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Ftraefik%2Ftraefik?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=traefik-ib&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Ftraefik%2Ftraefik?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=traefik-ib&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Ftraefik%2Ftraefik?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=traefik-ib&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Ftraefik%2Ftraefik?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=traefik-ib&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/traefik-ib?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/traefik-ib?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/traefik/ironbank/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/traefik/ironbank/assets/cve_reduction.webp - -[source-image-repo-link]: https://registry1.dso.mil/harbor/projects/3/repositories/opensource%2Ftraefik%2Ftraefik -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/traefik-ib diff --git a/community_images/traefik/ironbank/assets/cve_reduction.webp b/community_images/traefik/ironbank/assets/cve_reduction.webp deleted file mode 100644 index f7cb305f4e..0000000000 Binary files a/community_images/traefik/ironbank/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/traefik/ironbank/assets/metrics.webp b/community_images/traefik/ironbank/assets/metrics.webp deleted file mode 100644 index 9e63166ad3..0000000000 Binary files a/community_images/traefik/ironbank/assets/metrics.webp and /dev/null differ diff --git a/community_images/traefik/ironbank/dc_coverage.sh b/community_images/traefik/ironbank/dc_coverage.sh deleted file mode 100755 index 75f53801ae..0000000000 --- a/community_images/traefik/ironbank/dc_coverage.sh +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/bash - -set -x -set -e - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" - -PROJECT_NAME=$(jq -r '.project_name' < "$JSON_PARAMS") -CONTAINER_NAME="${PROJECT_NAME}"-reverse-proxy-1 - -# log for debugging -docker inspect "${CONTAINER_NAME}" - -# find non-tls and tls port -docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"80/tcp\"[0].HostPort" -docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"443/tcp\"[0].HostPort" -docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"8080/tcp\"[0].HostPort" -docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"8082/tcp\"[0].HostPort" - -NON_TLS_PORT=$(docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"80/tcp\"[0].HostPort") -TLS_PORT=$(docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"443/tcp\"[0].HostPort") -ADMIN_PORT=$(docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"8080/tcp\"[0].HostPort") -PING_PORT=$(docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"8082/tcp\"[0].HostPort") - -# Get Dashboard -wget http://localhost:"${ADMIN_PORT}"/dashboard -cat dashboard -rm dashboard -# Check Ping feature (traefik healthcheck) -curl -s http://localhost:"${PING_PORT}"/ping - -# run curl in loop for different endpoints -for i in {1..3}; -do - echo "Attempt $i" - curl https://localhost:"${TLS_PORT}" --header 'Host:whoami.docker.localhost' https://localhost:"${TLS_PORT}" -k -s - curl http://localhost:"${NON_TLS_PORT}" --header 'Host:whoami.docker.localhost' -s -done diff --git a/community_images/traefik/ironbank/docker-compose.yml b/community_images/traefik/ironbank/docker-compose.yml deleted file mode 100644 index 11ba4529a4..0000000000 --- a/community_images/traefik/ironbank/docker-compose.yml +++ /dev/null @@ -1,51 +0,0 @@ -version: '3' - -services: - reverse-proxy: - image: ${TRAEFIK_IMAGE_REPOSITORY}:${TRAEFIK_IMAGE_TAG} - cap_add: - - SYS_PTRACE - # Enables the web UI and tells Traefik to listen to docker - command: - - "--api.insecure=true" - - "--log.filePath=/traefik.log" - - "--log.format=json" - - "--log.level=DEBUG" - - "--providers.docker=true" - - "--providers.file.directory=/dockerProvider/" - - "--providers.file.watch=true" - - "--entrypoints.web.address=:80" - - "--entrypoints.web-secure.address=:443" - - "--entryPoints.ping.address=:8082" - - "--ping.entryPoint=ping" - - "--ping=true" - ports: - # The HTTP port - - '0.0.0.0::80' - # 443 for TLS - - '0.0.0.0::443' - # Expose Ping - - '0.0.0.0::8082' - # The Web UI (enabled by --api.insecure=true) - - '0.0.0.0::8080' - volumes: - # So that Traefik can listen to the Docker events - - /var/run/docker.sock:/var/run/docker.sock - # Traefik config File to point to certificates - - "./dockerProvider:/dockerProvider" - - "./certs:/certs" - labels: - - "traefik.http.routers.ping.rule=Host(`ping.docker.localhost`) && Path(`/ping`)" - - "traefik.http.routers.ping.service=ping@internal" - - whoami: - # A container that exposes an API to show its IP address - image: traefik/whoami - deploy: - replicas: 2 - labels: - - "traefik.http.routers.whoami.tls=true" - - "traefik.http.routers.whoami.rule=Host(`whoami.docker.localhost`)" - - "traefik.http.routers.whoami.entrypoints=web-secure" - - "traefik.http.routers.httpwhoami.rule=Host(`whoami.docker.localhost`)" - - "traefik.http.routers.httpwhoami.entrypoints=web" diff --git a/community_images/traefik/ironbank/dockerProvider/certificates.yml b/community_images/traefik/ironbank/dockerProvider/certificates.yml deleted file mode 100644 index 9cde619a34..0000000000 --- a/community_images/traefik/ironbank/dockerProvider/certificates.yml +++ /dev/null @@ -1,4 +0,0 @@ -tls: - certificates: - - certFile: /certs/server-cert.pem - keyFile: /certs/server-key.pem diff --git a/community_images/traefik/ironbank/image.yml b/community_images/traefik/ironbank/image.yml deleted file mode 100644 index f3b1d2fdfc..0000000000 --- a/community_images/traefik/ironbank/image.yml +++ /dev/null @@ -1,39 +0,0 @@ -name: traefik-ib -official_name: TRAEFIK Ironbank -official_website: https://traefik.io/ -source_image_provider: Platform One -source_image_repo: registry1.dso.mil/ironbank/opensource/traefik/traefik -source_image_repo_link: https://registry1.dso.mil/harbor/projects/3/repositories/opensource%2Ftraefik%2Ftraefik -source_image_readme: https://repo1.dso.mil/dsop/opensource/traefik/traefik/-/blob/development/README.md -rf_docker_link: rapidfort/traefik-ib -image_workflow_name: traefik_ironbank -github_location: traefik/ironbank -report_url: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Ftraefik%2Ftraefik -usage_instructions: | - $ helm repo add traefik https://helm.traefik.io/traefik - - # install traefik, just replace repository with RapidFort image.name and the image.tag - $ helm install traefik traefik/traefik --set image.name=rapidfort/traefik-ib --set image.tag=v2.9.4 -what_is_text: | - Traefik is a modern HTTP reverse proxy and load balancer that makes deploying microservices easy. Traefik integrates with your existing infrastructure components (Docker, Swarm mode, Kubernetes, Marathon, Consul, Etcd, Rancher, Amazon ECS, ...) and configures itself automatically and dynamically. Pointing Traefik at your orchestrator should be the only configuration step you need. -disclaimer: | - Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. -input_registry: - registry: registry1.dso.mil - account: ironbank -repo_sets: - - opensource/traefik/traefik: - input_base_tag: "2.10." - output_repo: traefik-ib -runtimes: - - type: docker_compose - script: dc_coverage.sh - compose_file: docker-compose.yml - wait_time_sec: 10 - tls_certs: - generate: true - out_dir: certs - image_keys: - traefik-ib: - repository: "TRAEFIK_IMAGE_REPOSITORY" - tag: "TRAEFIK_IMAGE_TAG" diff --git a/community_images/traefik/traefik/README.md b/community_images/traefik/traefik/README.md deleted file mode 100644 index d4b956ffec..0000000000 --- a/community_images/traefik/traefik/README.md +++ /dev/null @@ -1,144 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for TRAEFIK - -RapidFort’s container optimization process hardened this TRAEFIK container. This container is free to use and has no license limitations. - -It is the same as the [Traefik TRAEFIK][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is TRAEFIK? - -> Traefik is a modern HTTP reverse proxy and load balancer that makes deploying microservices easy. Traefik integrates with your existing infrastructure components (Docker, Swarm mode, Kubernetes, Marathon, Consul, Etcd, Rancher, Amazon ECS, ...) and configures itself automatically and dynamically. Pointing Traefik at your orchestrator should be the only configuration step you need. - - -[Overview of TRAEFIK](https://traefik.io/) - -Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - - -## How do I use this hardened TRAEFIK image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -$ helm repo add traefik https://helm.traefik.io/traefik - -# install traefik, just replace repository with RapidFort image.name and the image.tag -$ helm install traefik traefik/traefik --set image.name=rapidfort/traefik --set image.tag=v2.9.4 - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [Traefik TRAEFIK][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [Traefik TRAEFIK][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/traefik][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links -* [`v2.9.4`, `2.9.4`, `2.9`, `banon`, `latest` (902a0bf463bda84f4cc2cefbcbf9b5b6f7a2cdb9/alpine/Dockerfile)](https://github.com/traefik/traefik-library-image/blob/902a0bf463bda84f4cc2cefbcbf9b5b6f7a2cdb9/alpine/Dockerfile) -* [`1.7.34`, `1.7`, `maroilles` (4434758cf14bbd1ec9511b3f2a37b0a6ce846db6/scratch/Dockerfile)](https://github.com/traefik/traefik-library-image/blob/4434758cf14bbd1ec9511b3f2a37b0a6ce846db6/scratch/Dockerfile) -* [`1.7.34-alpine`, `1.7-alpine`, `maroilles-alpine` (4434758cf14bbd1ec9511b3f2a37b0a6ce846db6/alpine/Dockerfile)](https://github.com/traefik/traefik-library-image/blob/4434758cf14bbd1ec9511b3f2a37b0a6ce846db6/alpine/Dockerfile) - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=traefik&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Ftraefik?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=traefik&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Ftraefik?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=traefik&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Ftraefik?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=traefik&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Ftraefik?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=traefik&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Ftraefik?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=traefik&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/traefik?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/traefik?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/traefik/traefik/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/traefik/traefik/assets/cve_reduction.webp - -[source-image-repo-link]: https://hub.docker.com/_/traefik -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/traefik diff --git a/community_images/traefik/traefik/assets/cve_reduction.webp b/community_images/traefik/traefik/assets/cve_reduction.webp deleted file mode 100644 index fae75b8ac5..0000000000 Binary files a/community_images/traefik/traefik/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/traefik/traefik/assets/metrics.webp b/community_images/traefik/traefik/assets/metrics.webp deleted file mode 100644 index 57b940fcca..0000000000 Binary files a/community_images/traefik/traefik/assets/metrics.webp and /dev/null differ diff --git a/community_images/traefik/traefik/dc_coverage.sh b/community_images/traefik/traefik/dc_coverage.sh deleted file mode 100755 index bf74ecdb77..0000000000 --- a/community_images/traefik/traefik/dc_coverage.sh +++ /dev/null @@ -1,43 +0,0 @@ -#!/bin/bash - -set -x -set -e - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" - -PROJECT_NAME=$(jq -r '.project_name' < "$JSON_PARAMS") -NETWORK_NAME="${PROJECT_NAME}"_default -CONTAINER_NAME="${PROJECT_NAME}"-reverse-proxy-1 - -# log for debugging -docker inspect "${CONTAINER_NAME}" - -# find non-tls and tls port -docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"80/tcp\"[0].HostPort" -docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"443/tcp\"[0].HostPort" -docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"8080/tcp\"[0].HostPort" -docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"8082/tcp\"[0].HostPort" - -NON_TLS_PORT=$(docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"80/tcp\"[0].HostPort") -TLS_PORT=$(docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"443/tcp\"[0].HostPort") -ADMIN_PORT=$(docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"8080/tcp\"[0].HostPort") -PING_PORT=$(docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"8082/tcp\"[0].HostPort") - -# Get Dashboard -wget http://localhost:"${ADMIN_PORT}"/dashboard -cat dashboard -rm dashboard -# Check Ping feature (traefik healthcheck) -curl -s http://localhost:"${PING_PORT}"/ping - -# run curl in loop for different endpoints -for i in {1..3}; -do - echo "Attempt $i" - curl https://localhost:"${TLS_PORT}" --header 'Host:whoami.docker.localhost' https://localhost:"${TLS_PORT}" -k -s - curl http://localhost:"${NON_TLS_PORT}" --header 'Host:whoami.docker.localhost' -s -done diff --git a/community_images/traefik/traefik/docker-compose.yml b/community_images/traefik/traefik/docker-compose.yml deleted file mode 100644 index 11ba4529a4..0000000000 --- a/community_images/traefik/traefik/docker-compose.yml +++ /dev/null @@ -1,51 +0,0 @@ -version: '3' - -services: - reverse-proxy: - image: ${TRAEFIK_IMAGE_REPOSITORY}:${TRAEFIK_IMAGE_TAG} - cap_add: - - SYS_PTRACE - # Enables the web UI and tells Traefik to listen to docker - command: - - "--api.insecure=true" - - "--log.filePath=/traefik.log" - - "--log.format=json" - - "--log.level=DEBUG" - - "--providers.docker=true" - - "--providers.file.directory=/dockerProvider/" - - "--providers.file.watch=true" - - "--entrypoints.web.address=:80" - - "--entrypoints.web-secure.address=:443" - - "--entryPoints.ping.address=:8082" - - "--ping.entryPoint=ping" - - "--ping=true" - ports: - # The HTTP port - - '0.0.0.0::80' - # 443 for TLS - - '0.0.0.0::443' - # Expose Ping - - '0.0.0.0::8082' - # The Web UI (enabled by --api.insecure=true) - - '0.0.0.0::8080' - volumes: - # So that Traefik can listen to the Docker events - - /var/run/docker.sock:/var/run/docker.sock - # Traefik config File to point to certificates - - "./dockerProvider:/dockerProvider" - - "./certs:/certs" - labels: - - "traefik.http.routers.ping.rule=Host(`ping.docker.localhost`) && Path(`/ping`)" - - "traefik.http.routers.ping.service=ping@internal" - - whoami: - # A container that exposes an API to show its IP address - image: traefik/whoami - deploy: - replicas: 2 - labels: - - "traefik.http.routers.whoami.tls=true" - - "traefik.http.routers.whoami.rule=Host(`whoami.docker.localhost`)" - - "traefik.http.routers.whoami.entrypoints=web-secure" - - "traefik.http.routers.httpwhoami.rule=Host(`whoami.docker.localhost`)" - - "traefik.http.routers.httpwhoami.entrypoints=web" diff --git a/community_images/traefik/traefik/dockerProvider/certificates.yml b/community_images/traefik/traefik/dockerProvider/certificates.yml deleted file mode 100644 index 9cde619a34..0000000000 --- a/community_images/traefik/traefik/dockerProvider/certificates.yml +++ /dev/null @@ -1,4 +0,0 @@ -tls: - certificates: - - certFile: /certs/server-cert.pem - keyFile: /certs/server-key.pem diff --git a/community_images/traefik/traefik/image.yml b/community_images/traefik/traefik/image.yml deleted file mode 100644 index 94cc94696c..0000000000 --- a/community_images/traefik/traefik/image.yml +++ /dev/null @@ -1,43 +0,0 @@ -name: traefik -official_name: TRAEFIK -official_website: https://traefik.io/ -source_image_provider: Traefik -source_image_repo: docker.io/library/traefik -source_image_repo_link: https://hub.docker.com/_/traefik -source_image_readme: https://github.com/traefik/traefik-library-image/blob/master/README.md -rf_docker_link: rapidfort/traefik -image_workflow_name: traefik_traefik -github_location: traefik/traefik -report_url: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Ftraefik -usage_instructions: | - $ helm repo add traefik https://helm.traefik.io/traefik - - # install traefik, just replace repository with RapidFort image.name and the image.tag - $ helm install traefik traefik/traefik --set image.name=rapidfort/traefik --set image.tag=v2.9.4 -what_is_text: | - Traefik is a modern HTTP reverse proxy and load balancer that makes deploying microservices easy. Traefik integrates with your existing infrastructure components (Docker, Swarm mode, Kubernetes, Marathon, Consul, Etcd, Rancher, Amazon ECS, ...) and configures itself automatically and dynamically. Pointing Traefik at your orchestrator should be the only configuration step you need. -disclaimer: | - Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. -docker_links: - - "[`v2.9.4`, `2.9.4`, `2.9`, `banon`, `latest` (902a0bf463bda84f4cc2cefbcbf9b5b6f7a2cdb9/alpine/Dockerfile)](https://github.com/traefik/traefik-library-image/blob/902a0bf463bda84f4cc2cefbcbf9b5b6f7a2cdb9/alpine/Dockerfile)" - - "[`1.7.34`, `1.7`, `maroilles` (4434758cf14bbd1ec9511b3f2a37b0a6ce846db6/scratch/Dockerfile)](https://github.com/traefik/traefik-library-image/blob/4434758cf14bbd1ec9511b3f2a37b0a6ce846db6/scratch/Dockerfile)" - - "[`1.7.34-alpine`, `1.7-alpine`, `maroilles-alpine` (4434758cf14bbd1ec9511b3f2a37b0a6ce846db6/alpine/Dockerfile)](https://github.com/traefik/traefik-library-image/blob/4434758cf14bbd1ec9511b3f2a37b0a6ce846db6/alpine/Dockerfile)" -input_registry: - registry: docker.io - account: library -repo_sets: - - traefik: - input_base_tag: "v2.9.[0-9.]*$" -runtimes: - - type: docker_compose - script: dc_coverage.sh - compose_file: docker-compose.yml - wait_time_sec: 10 - tls_certs: - generate: true - out_dir: certs - image_keys: - traefik: - repository: "TRAEFIK_IMAGE_REPOSITORY" - tag: "TRAEFIK_IMAGE_TAG" - diff --git a/community_images/vault/hashicorp/.rfignore b/community_images/vault/hashicorp/.rfignore deleted file mode 100644 index 6908379cd0..0000000000 --- a/community_images/vault/hashicorp/.rfignore +++ /dev/null @@ -1 +0,0 @@ -bin/vault diff --git a/community_images/vault/hashicorp/README.md b/community_images/vault/hashicorp/README.md deleted file mode 100644 index 795f7357c0..0000000000 --- a/community_images/vault/hashicorp/README.md +++ /dev/null @@ -1,142 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for Vault - -RapidFort’s container optimization process hardened this Vault container. This container is free to use and has no license limitations. - -It is the same as the [Hashicorp Vault][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is Vault? - -> Secure, store and tightly control access to tokens, passwords, certificates, encryption keys for protecting secrets and other sensitive data - - -[Overview of Vault](https://www.vaultproject.io/) - -Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - - -## How do I use this hardened Vault image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -$ helm repo add hashicorp https://helm.releases.hashicorp.com - -# install vault, just replace repository with RapidFort registry -$ helm install vault hashicorp/vault - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [Hashicorp Vault][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [Hashicorp Vault][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/vault][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links -* [`1.12.0`, `latest` (latest/Dockerfile)](https://github.com/hashicorp/docker-vault/blob/11a5dff987176c6ab24f76cee14f6dd820f42d96/0.X/Dockerfile) - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=vault&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fvault?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=vault&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fvault?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=vault&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fvault?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=vault&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fvault?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=vault&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fvault?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=vault&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/vault?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/vault?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/vault/hashicorp/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/vault/hashicorp/assets/cve_reduction.webp - -[source-image-repo-link]: https://hub.docker.com/_/vault -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/vault diff --git a/community_images/vault/hashicorp/assets/cve_reduction.webp b/community_images/vault/hashicorp/assets/cve_reduction.webp deleted file mode 100644 index 7ffcff0311..0000000000 Binary files a/community_images/vault/hashicorp/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/vault/hashicorp/assets/metrics.webp b/community_images/vault/hashicorp/assets/metrics.webp deleted file mode 100644 index 8989fc2a29..0000000000 Binary files a/community_images/vault/hashicorp/assets/metrics.webp and /dev/null differ diff --git a/community_images/vault/hashicorp/coverage.sh b/community_images/vault/hashicorp/coverage.sh deleted file mode 100644 index 8a5de84b15..0000000000 --- a/community_images/vault/hashicorp/coverage.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - -set -e -set -x - -# shellcheck disable=SC1091 -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -# shellcheck disable=SC1091 -. "${SCRIPTPATH}"/../../common/scripts/bash_helper.sh - -test_vault() { - VAULT_CONTAINER=$1 - NAMESPACE=$2 - KUBERNETES_PORT_443_TCP_ADDR=$(minikube ip) - K8S_API_PORT=8443 - # verify that the vault is installed correctly - kubectl exec -n "${NAMESPACE}" "${VAULT_CONTAINER}" -- vault version - - # generate the unseal keys and root token and store in cluster-keys.json - kubectl exec -n "${NAMESPACE}" "${VAULT_CONTAINER}" -- vault operator init \ - -key-shares=1 \ - -key-threshold=1 \ - -format=json > cluster-keys.json - - VAULT_UNSEAL_KEY=$(jq -r ".unseal_keys_b64[]" cluster-keys.json) - kubectl exec -n "${NAMESPACE}" "${VAULT_CONTAINER}" -- vault operator unseal "${VAULT_UNSEAL_KEY}" - - ROOT_TOKEN=$(jq -r ".root_token" cluster-keys.json) - kubectl exec -n "${NAMESPACE}" "${VAULT_CONTAINER}" -- vault login "${ROOT_TOKEN}" - - # Enable an instance of the kv-v2 secrets engine at the path secret - kubectl exec -n "${NAMESPACE}" "${VAULT_CONTAINER}" -- vault secrets enable -path=secret kv-v2 - - # check the help on this path - kubectl exec -n "${NAMESPACE}" "${VAULT_CONTAINER}" -- vault path-help secret - - kubectl exec -n "${NAMESPACE}" "${VAULT_CONTAINER}" -- vault kv put secret/webapp/config username="static-user" password="static-password" - kubectl exec -n "${NAMESPACE}" "${VAULT_CONTAINER}" -- vault kv get secret/webapp/config - - # enable kubernetes based authentication - kubectl exec -n "${NAMESPACE}" "${VAULT_CONTAINER}" -- vault auth enable kubernetes - kubectl exec -n "${NAMESPACE}" "${VAULT_CONTAINER}" -- vault write auth/kubernetes/config kubernetes_host="https://${KUBERNETES_PORT_443_TCP_ADDR}:${K8S_API_PORT}" - kubectl cp "${SCRIPTPATH}"/policy.hcl -n "${NAMESPACE}" "${VAULT_CONTAINER}":/tmp/ - kubectl exec -n "${NAMESPACE}" "${VAULT_CONTAINER}" -- vault policy write webapp /tmp/policy.hcl - kubectl exec -n "${NAMESPACE}" "${VAULT_CONTAINER}" -- vault write auth/kubernetes/role/webapp \ - bound_service_account_names=vault \ - bound_service_account_namespaces=default \ - policies=webapp \ - ttl=24h -} \ No newline at end of file diff --git a/community_images/vault/hashicorp/dc_coverage.sh b/community_images/vault/hashicorp/dc_coverage.sh deleted file mode 100755 index 9e539fb7a1..0000000000 --- a/community_images/vault/hashicorp/dc_coverage.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash - -set -x -set -e - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" - -# PROJECT_NAME=$(jq -r '.project_name' < "$JSON_PARAMS") diff --git a/community_images/vault/hashicorp/deployment-webapp.yml b/community_images/vault/hashicorp/deployment-webapp.yml deleted file mode 100644 index 228555c989..0000000000 --- a/community_images/vault/hashicorp/deployment-webapp.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: webapp - labels: - app: webapp -spec: - replicas: 1 - selector: - matchLabels: - app: webapp - template: - metadata: - labels: - app: webapp - spec: - serviceAccountName: rf-vault - containers: - - name: app - image: burtlo/exampleapp-ruby:k8s - imagePullPolicy: Always - env: - - name: VAULT_ADDR - value: 'http://rf-vault:8200' - - name: JWT_PATH - value: '/var/run/secrets/kubernetes.io/serviceaccount/token' - - name: SERVICE_PORT - value: '8080' \ No newline at end of file diff --git a/community_images/vault/hashicorp/docker-compose.yml b/community_images/vault/hashicorp/docker-compose.yml deleted file mode 100644 index a0d0e5b609..0000000000 --- a/community_images/vault/hashicorp/docker-compose.yml +++ /dev/null @@ -1,10 +0,0 @@ -version: '2' - -services: - template: - image: ${IMAGE}:${TAG} - user: root - cap_add: - - SYS_PTRACE - ports: - - '8080' diff --git a/community_images/vault/hashicorp/docker_coverage.sh b/community_images/vault/hashicorp/docker_coverage.sh deleted file mode 100755 index 87c7ba3798..0000000000 --- a/community_images/vault/hashicorp/docker_coverage.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash - -set -x -set -e - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker coverage = $JSON" - -# NETWORK_NAME=$(jq -r '.network_name' < "$JSON_PARAMS") -# ENVOY_HOST=$(jq -r '.container_details.envoy.ip_address' < "$JSON_PARAMS") diff --git a/community_images/vault/hashicorp/image.yml b/community_images/vault/hashicorp/image.yml deleted file mode 100644 index ca0c08147c..0000000000 --- a/community_images/vault/hashicorp/image.yml +++ /dev/null @@ -1,47 +0,0 @@ -name: vault -official_name: Vault -official_website: https://www.vaultproject.io/ -source_image_provider: Hashicorp -source_image_repo: docker.io/library/vault -source_image_repo_link: https://hub.docker.com/_/vault -source_image_readme: https://github.com/hashicorp/docker-vault/blob/master/README.md -rf_docker_link: rapidfort/vault -image_workflow_name: vault_hashicorp -github_location: vault/hashicorp -report_url: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fvault -usage_instructions: | - $ helm repo add hashicorp https://helm.releases.hashicorp.com - - # install vault, just replace repository with RapidFort registry - $ helm install vault hashicorp/vault -what_is_text: | - Secure, store and tightly control access to tokens, passwords, certificates, encryption keys for protecting secrets and other sensitive data -disclaimer: | - Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. -docker_links: - - "[`1.12.0`, `latest` (latest/Dockerfile)](https://github.com/hashicorp/docker-vault/blob/11a5dff987176c6ab24f76cee14f6dd820f42d96/0.X/Dockerfile)" -input_registry: - registry: docker.io - account: library -repo_sets: - - vault: - input_base_tag: "1.12.0" -needs_common_commands: False -runtimes: - - type: k8s - script: k8s_coverage.sh - helm: - repo: hashicorp - repo_url: https://helm.releases.hashicorp.com - chart: vault - readiness_check_script: vault_health_check.sh - # disabling persistence otherwise PVC creation fails for data dir - helm_additional_params: - persistence.enabled: false - # server.statefulSet.securityContext.container.allowPrivilegeEscalation: true - # server.statefulSet.securityContext.container.capabilities.add: ["SYS_PTRACE"] - image_keys: - vault: - repository: "server.image.repository" - tag: "server.image.tag" - override_file: "overrides.yml" diff --git a/community_images/vault/hashicorp/k8s_coverage.sh b/community_images/vault/hashicorp/k8s_coverage.sh deleted file mode 100755 index b0a659c1df..0000000000 --- a/community_images/vault/hashicorp/k8s_coverage.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash - -set -x -set -e - -# shellcheck disable=SC1091 -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -# shellcheck disable=SC1091 -. "${SCRIPTPATH}"/coverage.sh - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for k8s coverage = $JSON" - -NAMESPACE=$(jq -r '.namespace_name' < "$JSON_PARAMS") -RELEASE_NAME=$(jq -r '.release_name' < "$JSON_PARAMS") - -test_vault "${RELEASE_NAME}-0" "${NAMESPACE}" \ No newline at end of file diff --git a/community_images/vault/hashicorp/overrides.yml b/community_images/vault/hashicorp/overrides.yml deleted file mode 100644 index 54e2125c47..0000000000 --- a/community_images/vault/hashicorp/overrides.yml +++ /dev/null @@ -1,21 +0,0 @@ -image: - pullSecrets: ["rf-regcred"] - pullPolicy: Always -server: - statefulSet: - securityContext: - container: - runAsUser: 1001 - allowPrivilegeEscalation: true - capabilities: - add: - - "SYS_PTRACE" -extraEnvironmentVars: - - name: "RF_VERBOSE" - value: "0" -livenessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 -readinessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 diff --git a/community_images/vault/hashicorp/policy.hcl b/community_images/vault/hashicorp/policy.hcl deleted file mode 100644 index ac54334372..0000000000 --- a/community_images/vault/hashicorp/policy.hcl +++ /dev/null @@ -1,3 +0,0 @@ -path "secret/data/webapp/config" { - capabilities = ["read"] -} \ No newline at end of file diff --git a/community_images/vault/hashicorp/serviceaccount.yml b/community_images/vault/hashicorp/serviceaccount.yml deleted file mode 100644 index fc2bc660ce..0000000000 --- a/community_images/vault/hashicorp/serviceaccount.yml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: vault \ No newline at end of file diff --git a/community_images/vault/hashicorp/vault_health_check.sh b/community_images/vault/hashicorp/vault_health_check.sh deleted file mode 100644 index 94c894e68d..0000000000 --- a/community_images/vault/hashicorp/vault_health_check.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash - -set -x -set -e - -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -# shellcheck disable=SC1091 -. "${SCRIPTPATH}"/../../common/scripts/bash_helper.sh - -NAMESPACE=$1 - -POD_NAME="rf-vault-0" -# wait for the pod to go in th running state -while [ "$(kubectl get pods "${POD_NAME}" -n "${NAMESPACE}" -o 'jsonpath={..status.phase}')" != "Running" ]; do - echo "waiting for pod" && sleep 1; -done - -for((i=0;i<10;i++)); do - out=$(kubectl logs "${POD_NAME}" -n "${NAMESPACE}") - echo "output is $out" - sleep 5 -done - - -# wait for the pod to be initialized -until kubectl logs "${POD_NAME}" -n "${NAMESPACE}" | grep -q "seal configuration missing"; do - sleep 1 -done diff --git a/community_images/wordpress/bitnami/.rfignore b/community_images/wordpress/bitnami/.rfignore deleted file mode 100644 index ea58f39cfe..0000000000 --- a/community_images/wordpress/bitnami/.rfignore +++ /dev/null @@ -1,3 +0,0 @@ -usr/share/common-licenses -opt/bitnami/licenses -opt/bitnami/wordpress diff --git a/community_images/wordpress/bitnami/README.md b/community_images/wordpress/bitnami/README.md deleted file mode 100644 index 0932b7748d..0000000000 --- a/community_images/wordpress/bitnami/README.md +++ /dev/null @@ -1,142 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for Wordpress - -RapidFort’s container optimization process hardened this Wordpress container. This container is free to use and has no license limitations. - -It is the same as the [Bitnami Wordpress][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is Wordpress? - -> WordPress gives you everything you need to start your website today. Free hosting, your own domain, a world-class support team, and so much more - - -[Overview of Wordpress](https://wordpress.com/) - -Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - - -## How do I use this hardened Wordpress image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -$ helm repo add bitnami https://charts.bitnami.com/bitnami - -# install wordpress, just replace repository with RapidFort registry -$ helm install my-wordpress bitnami/wordpress --set image.repository=rapidfort/wordpress - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [Bitnami Wordpress][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [Bitnami Wordpress][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/wordpress][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links -* [`6`, `6-debian-11`, `6.4.2`, `6.4.2-debian-11-r` (6/debian-11/Dockerfile)](https://github.com/bitnami/containers/tree/main/bitnami/wordpress/6/debian-11/Dockerfile) - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=wordpress&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fwordpress?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=wordpress&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fwordpress?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=wordpress&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fwordpress?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=wordpress&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fwordpress?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=wordpress&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fwordpress?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=wordpress&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/wordpress?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/wordpress?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/wordpress/bitnami/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/wordpress/bitnami/assets/cve_reduction.webp - -[source-image-repo-link]: https://hub.docker.com/r/bitnami/wordpress -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/wordpress diff --git a/community_images/wordpress/bitnami/assets/cve_reduction.webp b/community_images/wordpress/bitnami/assets/cve_reduction.webp deleted file mode 100644 index 3d745c2d89..0000000000 Binary files a/community_images/wordpress/bitnami/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/wordpress/bitnami/assets/metrics.webp b/community_images/wordpress/bitnami/assets/metrics.webp deleted file mode 100644 index 5390ec6c13..0000000000 Binary files a/community_images/wordpress/bitnami/assets/metrics.webp and /dev/null differ diff --git a/community_images/wordpress/bitnami/docker-compose.yml b/community_images/wordpress/bitnami/docker-compose.yml deleted file mode 100644 index cbbd6a3230..0000000000 --- a/community_images/wordpress/bitnami/docker-compose.yml +++ /dev/null @@ -1,35 +0,0 @@ -version: '2' - -services: - mariadb: - image: docker.io/rapidfort/mariadb - volumes: - - 'mariadb_data:/bitnami/mariadb' - environment: - # ALLOW_EMPTY_PASSWORD is recommended only for development. - - ALLOW_EMPTY_PASSWORD=yes - - MARIADB_USER=bn_wordpress - - MARIADB_DATABASE=bitnami_wordpress - wordpress: - image: ${WORDPRESS_IMAGE_REPOSITORY}:${WORDPRESS_IMAGE_TAG} - cap_add: - - SYS_PTRACE - ports: - - '8000:8080' - - '4443:8443' - volumes: - - 'wordpress_data:/bitnami/wordpress' - depends_on: - - mariadb - environment: - # ALLOW_EMPTY_PASSWORD is recommended only for development. - - ALLOW_EMPTY_PASSWORD=yes - - WORDPRESS_DATABASE_HOST=mariadb - - WORDPRESS_DATABASE_PORT_NUMBER=3306 - - WORDPRESS_DATABASE_USER=bn_wordpress - - WORDPRESS_DATABASE_NAME=bitnami_wordpress -volumes: - mariadb_data: - driver: local - wordpress_data: - driver: local diff --git a/community_images/wordpress/bitnami/image.yml b/community_images/wordpress/bitnami/image.yml deleted file mode 100644 index dfde464acc..0000000000 --- a/community_images/wordpress/bitnami/image.yml +++ /dev/null @@ -1,44 +0,0 @@ -name: wordpress -official_name: Wordpress -official_website: https://wordpress.com/ -source_image_provider: Bitnami -source_image_repo: docker.io/bitnami/wordpress -source_image_repo_link: https://hub.docker.com/r/bitnami/wordpress -source_image_readme: https://github.com/bitnami/containers/blob/main/bitnami/wordpress/README.md -rf_docker_link: rapidfort/wordpress -image_workflow_name: wordpress_bitnami -github_location: wordpress/bitnami -report_url: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fwordpress -usage_instructions: | - $ helm repo add bitnami https://charts.bitnami.com/bitnami - - # install wordpress, just replace repository with RapidFort registry - $ helm install my-wordpress bitnami/wordpress --set image.repository=rapidfort/wordpress -what_is_text: | - WordPress gives you everything you need to start your website today. Free hosting, your own domain, a world-class support team, and so much more -disclaimer: | - Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. -input_registry: - registry: docker.io - account: bitnami -repo_sets: - - wordpress: - input_base_tag: "6.3.1-debian-11-r" -runtimes: - - type: k8s - script: k8s_coverage.sh - helm: - repo: bitnami - repo_url: https://charts.bitnami.com/bitnami - chart: wordpress - image_keys: - wordpress: - repository: "image.repository" - tag: "image.tag" - override_file: "overrides.yml" - - type: docker_compose - compose_file: docker-compose.yml - image_keys: - wordpress: - repository: "WORDPRESS_IMAGE_REPOSITORY" - tag: "WORDPRESS_IMAGE_TAG" diff --git a/community_images/wordpress/bitnami/k8s_coverage.sh b/community_images/wordpress/bitnami/k8s_coverage.sh deleted file mode 100755 index 37decbebe3..0000000000 --- a/community_images/wordpress/bitnami/k8s_coverage.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash - -set -x -set -e - -# shellcheck disable=SC1091 -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -JSON_PARAMS="$1" - -NAMESPACE=$(jq -r '.namespace_name' < "$JSON_PARAMS") -RELEASE_NAME=$(jq -r '.release_name' < "$JSON_PARAMS") - -WORDPRESS_SERVER="${RELEASE_NAME}"."${NAMESPACE}".svc.cluster.local - -WORDPRESS_PORT='80' -"${SCRIPTPATH}"/../../common/selenium_tests/runner.sh "${WORDPRESS_SERVER}" "${WORDPRESS_PORT}" "${SCRIPTPATH}"/selenium_tests "${NAMESPACE}" 2>&1 diff --git a/community_images/wordpress/bitnami/overrides.yml b/community_images/wordpress/bitnami/overrides.yml deleted file mode 100644 index 6584d81765..0000000000 --- a/community_images/wordpress/bitnami/overrides.yml +++ /dev/null @@ -1,20 +0,0 @@ -image: - pullSecrets: ["rf-regcred"] - pullPolicy: Always -containerSecurityContext: - enabled: true - runAsUser: 1001 - allowPrivilegeEscalation: true - capabilities: - add: ["SYS_PTRACE"] -resourceType: deployment -replicaCount: 1 -extraEnvVars: - - name: "RF_VERBOSE" - value: "0" -livenessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 -readinessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 diff --git a/community_images/wordpress/bitnami/selenium_tests/__init__.py b/community_images/wordpress/bitnami/selenium_tests/__init__.py deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/community_images/wordpress/bitnami/selenium_tests/conftest.py b/community_images/wordpress/bitnami/selenium_tests/conftest.py deleted file mode 100644 index ce945b43c0..0000000000 --- a/community_images/wordpress/bitnami/selenium_tests/conftest.py +++ /dev/null @@ -1,23 +0,0 @@ -"""The conftest file for running selenium test.""" -# pylint: skip-file - -# conftest.py -import pytest # pylint: disable=import-error - - -def pytest_addoption(parser): - """The function to add options""" - parser.addoption("--server", action="store", help="wordpress server") - parser.addoption("--port", action="store", - help="port for wordpress container") - - -@pytest.fixture -def params(request): - """the params""" - config_params = {} - config_params['server'] = request.config.getoption('--server') - config_params['port'] = request.config.getoption('--port') - if config_params['server'] is None or config_params['port'] is None: - pytest.skip() - return config_params diff --git a/community_images/wordpress/bitnami/selenium_tests/wordpress_selenium_test.py b/community_images/wordpress/bitnami/selenium_tests/wordpress_selenium_test.py deleted file mode 100644 index d933f1d196..0000000000 --- a/community_images/wordpress/bitnami/selenium_tests/wordpress_selenium_test.py +++ /dev/null @@ -1,136 +0,0 @@ -"""The selenium test.""" -# pylint: skip-file - -# Generated by Selenium IDE -import json # pylint: disable=import-error disable=unused-import -import time # pylint: disable=import-error disable=unused-import -import pytest # pylint: disable=import-error disable=unused-import -from selenium import webdriver # pylint: disable=import-error -from selenium.webdriver.chrome.options import Options # pylint: disable=import-error -from selenium.webdriver.common.by import By # pylint: disable=import-error -from selenium.webdriver.common.action_chains import ActionChains # pylint: disable=import-error disable=unused-import -from selenium.webdriver.support import expected_conditions # pylint: disable=import-error disable=unused-import -from selenium.webdriver.support.wait import WebDriverWait # pylint: disable=import-error disable=unused-import -from selenium.webdriver.common.keys import Keys # pylint: disable=import-error disable=unused-import -from selenium.webdriver.common.desired_capabilities import DesiredCapabilities # pylint: disable=import-error disable=unused-import - - -class TestWordpresstest1(): - """The test word press class for testing wordpress image.""" - - def setup_method(self, method): # pylint: disable=unused-argument - """setup method.""" - chrome_options = Options() - chrome_options.add_argument("--headless") - chrome_options.add_argument('--disable-dev-shm-usage') - chrome_options.add_argument("disable-infobars") - chrome_options.add_argument("--disable-extensions") - chrome_options.add_argument("--disable-gpu") - chrome_options.add_argument("--no-sandbox") - self.driver = webdriver.Chrome( - options=chrome_options) # pylint: disable=attribute-defined-outside-init - self.driver.implicitly_wait(10) - - def teardown_method(self, method): # pylint: disable=unused-argument - """teardown method.""" - self.driver.quit() - - def test_wordpresstest1(self, params): - """test wordpress.""" - # Test name: wordpress-test-1 - # Step # | name | target | value - # 1 | open | / | - self.driver.get( - "http://{}:{}/".format( - params["server"], - params["port"])) # pylint: disable=consider-using-f-string - # 2 | setWindowSize | 1095x688 | - self.driver.set_window_size(1095, 688) - # 3 | click | linkText=Hello world! | - self.driver.find_element(By.LINK_TEXT, "Hello world!").click() - # 4 | click | id=comment | - self.driver.find_element(By.ID, "comment").click() - # 5 | type | id=comment | hello - self.driver.find_element(By.ID, "comment").send_keys("hello") - # 6 | click | id=author | - self.driver.find_element(By.ID, "author").click() - # 7 | type | id=author | hello - self.driver.find_element(By.ID, "author").send_keys("hello") - # 8 | type | id=email | hello@abc.com - self.driver.find_element(By.ID, "email").send_keys("hello@abc.com") - # 9 | type | id=url | http://hello.com - self.driver.find_element(By.ID, "url").send_keys("http://hello.com") - # 10 | click | id=submit | - self.driver.find_element(By.ID, "submit").click() - # 11 | click | linkText=User's Blog! | - #self.driver.find_element(By.LINK_TEXT, "User\'s Blog!").click() - - def test_users(self, params): - """Test name: simplelogin.""" - # Step # | name | target | value - # 1 | open | /wp-login.php | - self.driver.get( - "http://{}:{}/users.php".format( - params["server"], - params["port"])) # pylint: disable=consider-using-f-string - # 2 | setWindowSize | 1200x828 | - self.driver.set_window_size(1200, 828) - - # def test_addusers(self, params): - # """Test name: simplelogin.""" - # # Step # | name | target | value - # # 1 | open | /wp-login.php | - # self.driver.get("http://{}:{}/wp-admin/user-new.php".format(params["server"], params["port"])) # pylint: disable=consider-using-f-string disable=line-too-long - # # 2 | setWindowSize | 1200x828 | - # self.driver.set_window_size(1200, 828) - # self.driver.find_element(By.ID, "user_login").send_keys("user3") - # # 10 | type | id=email | user3 - # self.driver.find_element(By.ID, "email").send_keys("user3") - # # 11 | type | id=email | user3@abc.com - # self.driver.find_element(By.ID, "email").send_keys("user3@abc.com") - # # 12 | type | id=first_name | user3 - # self.driver.find_element(By.ID, "first_name").send_keys("user3") - # # 13 | type | id=last_name | user3 - # self.driver.find_element(By.ID, "last_name").send_keys("user3") - # # 14 | type | id=url | user3 - # self.driver.find_element(By.ID, "url").send_keys("user3") - # # 15 | click | id=pass1 | - # self.driver.find_element(By.ID, "pass1").click() - # # 16 | type | id=pass1 | simplepassword - # self.driver.find_element(By.ID, "pass1").send_keys("simplepassword") - # # 17 | click | name=pw_weak | - # self.driver.find_element(By.NAME, "pw_weak").click() - # # 18 | click | id=createusersub | - # self.driver.find_element(By.ID, "createusersub").click() - - # def test_options_general(self, params): - # """Test name: simplelogin.""" - # # Step # | name | target | value - # # 1 | open | /wp-login.php | - # self.driver.get("http://{}:{}/wp-admin/options-general.php".format(params["server"], params["port"])) # pylint: disable=consider-using-f-string disable=line-too-long - # # 2 | setWindowSize | 1200x828 | - # self.driver.set_window_size(1200, 828) - # # 21 | click | id=start_of_week | - # self.driver.find_element(By.ID, "start_of_week").click() - # # 22 | select | id=start_of_week | label=Tuesday - # dropdown = self.driver.find_element(By.ID, "start_of_week") - # dropdown.find_element(By.XPATH, "//option[. = 'Tuesday']").click() - # # 23 | click | id=submit | - # self.driver.find_element(By.ID, "submit").click() - - def test_simplelogin(self, params): - """Test name: simplelogin.""" - # Step # | name | target | value - # 1 | open | /wp-login.php | - self.driver.get( - "http://{}:{}/wp-login.php".format( - params["server"], - params["port"])) # pylint: disable=consider-using-f-string - # 2 | setWindowSize | 1200x828 | - self.driver.set_window_size(1200, 828) - # 3 | type | id=user_login | user - self.driver.find_element(By.ID, "user_login").send_keys("user") - # 4 | type | id=user_pass | bitnami - self.driver.find_element(By.ID, "user_pass").send_keys("bitnami") - # 5 | click | id=wp-submit | - self.driver.find_element(By.ID, "wp-submit").click() diff --git a/community_images/wordpress/ironbank/.rfignore b/community_images/wordpress/ironbank/.rfignore deleted file mode 100644 index bd036ec246..0000000000 --- a/community_images/wordpress/ironbank/.rfignore +++ /dev/null @@ -1 +0,0 @@ -usr/share/licenses diff --git a/community_images/wordpress/ironbank/README.md b/community_images/wordpress/ironbank/README.md deleted file mode 100644 index 8f60415792..0000000000 --- a/community_images/wordpress/ironbank/README.md +++ /dev/null @@ -1,141 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for Wordpress Ironbank - -RapidFort’s container optimization process hardened this Wordpress Ironbank container. This container is free to use and has no license limitations. - -It is the same as the [Platform One Wordpress Ironbank][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is Wordpress Ironbank? - -> WordPress gives you everything you need to start your website today. Free hosting, your own domain, a world-class support team, and so much more - - -[Overview of Wordpress Ironbank](https://wordpress.com/) - -Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - - -## How do I use this hardened Wordpress Ironbank image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -# Using docker run -$ docker run -d -p 8080:8080 -p 4443:8443 -e ALLOW_EMPTY_PASSWORD=yes-e WORDPRESS_DATABASE_HOST=mariadb -e WORDPRESS_DATABASE_PORT_NUMBER=3306 -e WORDPRESS_DATABASE_USER=ib_wordpress -e WORDPRESS_DATABASE_NAME=ironbank_wordpress rapidfort/wordpress-ib - -# Then, access it via http://localhost:8080/ or http://:8080/ in a browser. - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [Platform One Wordpress Ironbank][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [Platform One Wordpress Ironbank][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/wordpress-ib][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=wordpress-ib&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fwordpress%2Fwordpress?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=wordpress-ib&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fwordpress%2Fwordpress?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=wordpress-ib&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fwordpress%2Fwordpress?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=wordpress-ib&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fwordpress%2Fwordpress?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=wordpress-ib&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fwordpress%2Fwordpress?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=wordpress-ib&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/wordpress-ib?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/wordpress-ib?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/wordpress/ironbank/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/wordpress/ironbank/assets/cve_reduction.webp - -[source-image-repo-link]: https://registry1.dso.mil/harbor/projects/3/repositories/opensource%2Fwordpress%2Fwordpress -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/wordpress-ib diff --git a/community_images/wordpress/ironbank/assets/cve_reduction.webp b/community_images/wordpress/ironbank/assets/cve_reduction.webp deleted file mode 100644 index 53dad6d3fe..0000000000 Binary files a/community_images/wordpress/ironbank/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/wordpress/ironbank/assets/metrics.webp b/community_images/wordpress/ironbank/assets/metrics.webp deleted file mode 100644 index 82751b4e0f..0000000000 Binary files a/community_images/wordpress/ironbank/assets/metrics.webp and /dev/null differ diff --git a/community_images/wordpress/ironbank/dc_coverage.sh b/community_images/wordpress/ironbank/dc_coverage.sh deleted file mode 100755 index e77380f25c..0000000000 --- a/community_images/wordpress/ironbank/dc_coverage.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash - -set -x -set -e - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" - -PROJECT_NAME=$(jq -r '.project_name' < "$JSON_PARAMS") - -# shellcheck disable=SC1091 -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -WORDPRESS_PORT='8080' -"${SCRIPTPATH}"/../../common/selenium_tests/runner-dc.sh "${PROJECT_NAME}" "${WORDPRESS_PORT}" "${SCRIPTPATH}"/selenium_tests 2>&1 diff --git a/community_images/wordpress/ironbank/docker-compose.yml b/community_images/wordpress/ironbank/docker-compose.yml deleted file mode 100644 index 3870966b2d..0000000000 --- a/community_images/wordpress/ironbank/docker-compose.yml +++ /dev/null @@ -1,43 +0,0 @@ -version: '2' - -services: - mariadb: - image: docker.io/rapidfort/mariadb - volumes: - - 'mariadb_data:/ironbank/mariadb' - environment: - # ALLOW_EMPTY_PASSWORD is recommended only for development. - - ALLOW_EMPTY_PASSWORD=yes - - MARIADB_USER=ib_wordpress - - MARIADB_DATABASE=ironbank_wordpress - - wordpress-ib: - image: ${WORDPRESS_IMAGE_REPOSITORY}:${WORDPRESS_IMAGE_TAG} - - user: root - cap_add: - - SYS_PTRACE - ports: - - '8080:8080' - - '4443:8443' - volumes: - - 'wordpress_data:/ironbank/wordpress' - - ./certs/server.crt:/etc/pki/tls/certs/localhost.crt - - ./certs/server.key:/etc/pki/tls/private/localhost.key - - ./certs/server.crt:/usr/local/apache2/conf/server.crt - - ./certs/server.key:/usr/local/apache2/conf/server.key - - depends_on: - - mariadb - environment: - # ALLOW_EMPTY_PASSWORD is recommended only for development. - - ALLOW_EMPTY_PASSWORD=yes - - WORDPRESS_DATABASE_HOST=mariadb - - WORDPRESS_DATABASE_PORT_NUMBER=3306 - - WORDPRESS_DATABASE_USER=ib_wordpress - - WORDPRESS_DATABASE_NAME=ironbank_wordpress -volumes: - mariadb_data: - driver: local - wordpress_data: - driver: local diff --git a/community_images/wordpress/ironbank/image.yml b/community_images/wordpress/ironbank/image.yml deleted file mode 100644 index e48f7f6899..0000000000 --- a/community_images/wordpress/ironbank/image.yml +++ /dev/null @@ -1,37 +0,0 @@ -name: wordpress-ib -official_name: Wordpress Ironbank -official_website: https://wordpress.com/ -source_image_provider: Platform One -source_image_repo: registry1.dso.mil/ironbank/opensource/wordpress/wordpress -source_image_repo_link: https://registry1.dso.mil/harbor/projects/3/repositories/opensource%2Fwordpress%2Fwordpress -source_image_readme: https://repo1.dso.mil/dsop/opensource/wordpress/wordpress/-/blob/development/README.md -rf_docker_link: rapidfort/wordpress-ib -github_location: wordpress/ironbank -report_url: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fwordpress%2Fwordpress -usage_instructions: | - # Using docker run - $ docker run -d -p 8080:8080 -p 4443:8443 -e ALLOW_EMPTY_PASSWORD=yes-e WORDPRESS_DATABASE_HOST=mariadb -e WORDPRESS_DATABASE_PORT_NUMBER=3306 -e WORDPRESS_DATABASE_USER=ib_wordpress -e WORDPRESS_DATABASE_NAME=ironbank_wordpress rapidfort/wordpress-ib - - # Then, access it via http://localhost:8080/ or http://:8080/ in a browser. -what_is_text: | - WordPress gives you everything you need to start your website today. Free hosting, your own domain, a world-class support team, and so much more -disclaimer: | - Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. -input_registry: - registry: registry1.dso.mil - account: ironbank -repo_sets: - - opensource/wordpress/wordpress: - input_base_tag: "6.2." - output_repo: wordpress-ib -runtimes: - - type: docker_compose - script: dc_coverage.sh - compose_file: docker-compose.yml - tls_certs: - generate: true - out_dir: certs - image_keys: - wordpress-ib: - repository: "WORDPRESS_IMAGE_REPOSITORY" - tag: "WORDPRESS_IMAGE_TAG" diff --git a/community_images/wordpress/ironbank/selenium_tests/__init__.py b/community_images/wordpress/ironbank/selenium_tests/__init__.py deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/community_images/wordpress/ironbank/selenium_tests/conftest.py b/community_images/wordpress/ironbank/selenium_tests/conftest.py deleted file mode 100644 index ce945b43c0..0000000000 --- a/community_images/wordpress/ironbank/selenium_tests/conftest.py +++ /dev/null @@ -1,23 +0,0 @@ -"""The conftest file for running selenium test.""" -# pylint: skip-file - -# conftest.py -import pytest # pylint: disable=import-error - - -def pytest_addoption(parser): - """The function to add options""" - parser.addoption("--server", action="store", help="wordpress server") - parser.addoption("--port", action="store", - help="port for wordpress container") - - -@pytest.fixture -def params(request): - """the params""" - config_params = {} - config_params['server'] = request.config.getoption('--server') - config_params['port'] = request.config.getoption('--port') - if config_params['server'] is None or config_params['port'] is None: - pytest.skip() - return config_params diff --git a/community_images/wordpress/ironbank/selenium_tests/wordpress_selenium_test.py b/community_images/wordpress/ironbank/selenium_tests/wordpress_selenium_test.py deleted file mode 100644 index 927b28ca50..0000000000 --- a/community_images/wordpress/ironbank/selenium_tests/wordpress_selenium_test.py +++ /dev/null @@ -1,129 +0,0 @@ -"""The selenium test.""" -# pylint: skip-file - -# Generated by Selenium IDE -import json # pylint: disable=import-error disable=unused-import -import time # pylint: disable=import-error disable=unused-import -import pytest # pylint: disable=import-error disable=unused-import -from selenium import webdriver # pylint: disable=import-error -from selenium.webdriver.chrome.options import Options # pylint: disable=import-error -from selenium.webdriver.common.by import By # pylint: disable=import-error -from selenium.webdriver.common.action_chains import ActionChains # pylint: disable=import-error disable=unused-import -from selenium.webdriver.support import expected_conditions # pylint: disable=import-error disable=unused-import -from selenium.webdriver.support.wait import WebDriverWait # pylint: disable=import-error disable=unused-import -from selenium.webdriver.common.keys import Keys # pylint: disable=import-error disable=unused-import -from selenium.webdriver.common.desired_capabilities import DesiredCapabilities # pylint: disable=import-error disable=unused-import - - -class TestWordpresstest1(): - """The test word press class for testing wordpress image.""" - - def setup_method(self, method): # pylint: disable=unused-argument - """setup method.""" - chrome_options = Options() - chrome_options.add_argument("--headless") - chrome_options.add_argument('--disable-dev-shm-usage') - chrome_options.add_argument("disable-infobars") - chrome_options.add_argument("--disable-extensions") - chrome_options.add_argument("--disable-gpu") - chrome_options.add_argument("--no-sandbox") - self.driver = webdriver.Chrome( - options=chrome_options) # pylint: disable=attribute-defined-outside-init - self.driver.implicitly_wait(10) - - def teardown_method(self, method): # pylint: disable=unused-argument - """teardown method.""" - self.driver.quit() - - def test_initializationdatabases(self, params): - # Test name: initialization_databases - # Step # | name | target | value | - # 1 | open | /wp-admin/setup-config.php | - self.driver.get( - "http://localhost:{}/wp-admin/setup-config.php".format( - params["port"])) # pylint: disable=consider-using-f-string - # 2 | setWindowSize | 727x785 | - self.driver.set_window_size(727, 785) - # 3 | click | id=language-continue | - self.driver.find_element(By.ID, "language-continue").click() - # 4 | click | linkText=Let’s go! | - self.driver.find_element(By.LINK_TEXT, "Let’s go!").click() - # 5 | click | id=dbname | - self.driver.find_element(By.ID, "dbname").click() - # 6 | type | id=dbname | ironbank_wordpress | - self.driver.find_element(By.ID, "dbname").send_keys("ironbank_wordpress") - # 7 | click | id=uname | - self.driver.find_element(By.ID, "uname").click() - # 8 | type | id=uname | ib_wordpress | - self.driver.find_element(By.ID, "uname").send_keys("ib_wordpress") - # 9 | click | id=dbhost | - self.driver.find_element(By.ID, "dbhost").click() - # 10 | type | id=dbhost | mariadb | - self.driver.find_element(By.ID, "dbhost").send_keys("\b\b\b\b\b\b\b\b\bmariadb") - # 11 | click | name=submit | - self.driver.find_element(By.NAME, "submit").click() - # 12 | click | linkText=Run the installation | - self.driver.find_element(By.LINK_TEXT, "Run the installation").click() - - # 13 | open | /wp-admin/install.php?language=en_US | - self.driver.get( - "http://localhost:{}/wp-admin/install.php?language=en_US".format( - params["port"])) # pylint: disable=consider-using-f-string - - # 14 | click | id=weblog_title | - self.driver.find_element(By.ID, "weblog_title").click() - # 15 | type | id=weblog_title | rf-site-wordpress-ib | - self.driver.find_element(By.ID, "weblog_title").send_keys("rf-site-wordpress-ib") - # 16 | click | id=user_login | - self.driver.find_element(By.ID, "user_login").click() - # 17 | type | id=user_login | ib_wordpress_user | - self.driver.find_element(By.ID, "user_login").send_keys("ib_wordpress_user") - # 18 | click | id=admin_email | - self.driver.find_element(By.ID, "admin_email").click() - # 19 | type | id=admin_email | my@mymail.com | - self.driver.find_element(By.ID, "admin_email").send_keys("my@mymail.com") - # 20 | click | id=submit | - self.driver.find_element(By.ID, "submit").click() - - def test_wordpresstest1(self, params): - """test wordpress.""" - # Test name: wordpress-test-1 - # Step # | name | target | value - # 1 | open | / | - self.driver.get( - "http://localhost:{}/".format( - params["port"])) # pylint: disable=consider-using-f-string - # 2 | setWindowSize | 1095x688 | - self.driver.set_window_size(1095, 688) - # 3 | click | linkText=Hello world! | - self.driver.find_element(By.LINK_TEXT, "Hello world!").click() - # 4 | click | id=comment | - self.driver.find_element(By.ID, "comment").click() - # 5 | type | id=comment | hello - self.driver.find_element(By.ID, "comment").send_keys("hello") - # 6 | click | id=author | - self.driver.find_element(By.ID, "author").click() - # 7 | type | id=author | hello - self.driver.find_element(By.ID, "author").send_keys("hello") - # 8 | type | id=email | hello@abc.com - self.driver.find_element(By.ID, "email").send_keys("hello@abc.com") - # 9 | type | id=url | http://hello.com - self.driver.find_element(By.ID, "url").send_keys("http://hello.com") - # 10 | click | id=submit | - self.driver.find_element(By.ID, "submit").click() - - def test_simplelogin(self, params): - """Test name: simplelogin.""" - # Step # | name | target | value - # 1 | open | /wp-login.php | - self.driver.get( - "http://localhost:{}/wp-login.php".format( - params["port"])) # pylint: disable=consider-using-f-string - # 2 | setWindowSize | 1200x828 | - self.driver.set_window_size(1200, 828) - # 3 | type | id=user_login | user - self.driver.find_element(By.ID, "user_login").send_keys("user") - # 4 | type | id=user_pass | bitnami - self.driver.find_element(By.ID, "user_pass").send_keys("bitnami") - # 5 | click | id=wp-submit | - self.driver.find_element(By.ID, "wp-submit").click() diff --git a/community_images/yourls/official/README.md b/community_images/yourls/official/README.md deleted file mode 100755 index f4e1b28ead..0000000000 --- a/community_images/yourls/official/README.md +++ /dev/null @@ -1,141 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for YOURLS - -RapidFort’s container optimization process hardened this YOURLS container. This container is free to use and has no license limitations. - -It is the same as the [YOURLS YOURLS][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is YOURLS? - -> YOURLS is a set of PHP scripts that will allow you to run Your Own URL Shortener. You'll have full control over your data, detailed stats, analytics, plugins, and more. It's free. - - -[Overview of YOURLS](https://yourls.org/) - -Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - - -## How do I use this hardened YOURLS image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -# Using docker run: -$ docker run --name some-yourls --link some-mysql:mysql -p 8080:80 -d rapidfort/yourls -# Then, access it via http://localhost:8080/admin/ or http://:8080/admin/ in a browser. - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [YOURLS YOURLS][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [YOURLS YOURLS][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/yourls][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links -* [`1.9.1-apache`, `1.9-apache`, `1-apache`, `apache`, `1.9.1`, `1.9`, `1`, `latest`](https://github.com/YOURLS/docker/blob/38f550a34a4eb96419d9d3ebabe802c439103218/apache/Dockerfile) - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=yourls&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fyourls?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=yourls&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fyourls?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=yourls&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fyourls?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=yourls&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fyourls?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=yourls&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fyourls?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=yourls&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/yourls?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/yourls?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/yourls/official/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/yourls/official/assets/cve_reduction.webp - -[source-image-repo-link]: https://hub.docker.com/_/yourls -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/yourls diff --git a/community_images/yourls/official/assets/cve_reduction.webp b/community_images/yourls/official/assets/cve_reduction.webp deleted file mode 100644 index 21b8b7c5f3..0000000000 Binary files a/community_images/yourls/official/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/yourls/official/assets/metrics.webp b/community_images/yourls/official/assets/metrics.webp deleted file mode 100644 index 2fce8431cc..0000000000 Binary files a/community_images/yourls/official/assets/metrics.webp and /dev/null differ diff --git a/community_images/yourls/official/dc_coverage.sh b/community_images/yourls/official/dc_coverage.sh deleted file mode 100755 index eb2e7a812d..0000000000 --- a/community_images/yourls/official/dc_coverage.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/bash - -set -x -set -e - -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -# shellcheck disable=SC1091 -. "${SCRIPTPATH}"/../../common/scripts/bash_helper.sh - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" - -PROJECT_NAME=$(jq -r '.project_name' < "$JSON_PARAMS") -CONTAINER_NAME="${PROJECT_NAME}"-yourls-1 - -# Wait for all mysql server to set up -sleep 60 - -# log for debugging -docker inspect "${CONTAINER_NAME}" - -# find non-tls and tls port -docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"80/tcp\"[0].HostPort" -PORT=$(docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"80/tcp\"[0].HostPort") - -# Initiating Selenium tests -"${SCRIPTPATH}"/../../common/selenium_tests/runner-dc.sh "${PROJECT_NAME}" "${PORT}" "${SCRIPTPATH}"/selenium_tests 2>&1 diff --git a/community_images/yourls/official/docker-compose.yml b/community_images/yourls/official/docker-compose.yml deleted file mode 100755 index bd12188082..0000000000 --- a/community_images/yourls/official/docker-compose.yml +++ /dev/null @@ -1,43 +0,0 @@ -version: '2' - -services: - - db: - image: rapidfort/mysql - expose: - - 3306 - volumes: - - ${MYSQL_VOLUME:-mysql-volume}:/var/lib/mysql:Z - environment: - - MYSQL_ROOT_PASSWORD=coolpassword - - MYSQL_DATABASE=yourls - cap_add: - - SYS_PTRACE - - yourls: - image: ${YOURLS_IMAGE_REPOSITORY}:${YOURLS_IMAGE_TAG} - restart: always - depends_on: - - db - links: - - db:mysql - ports: - - "0.0.0.0::80" - environment: - - YOURLS_USER=rapidfortbot - - YOURLS_PASS=rapidpassword - - YOURLS_DB_USER=root - - YOURLS_DB_PASS=coolpassword - - YOURLS_DB_NAME=yourls - - YOURLS_DEBUG=false - - YOURLS_USERS=default:default - - YOURLS_SITE=http://localhost - - YOURLS_INDEX_WEBSITE=https://yourls.org - - YOURLS_ADMIN_SSL=false - - YOURLS_UNIQUE_URLS=false - cap_add: - - SYS_PTRACE - -volumes: - mysql-volume: - driver: local \ No newline at end of file diff --git a/community_images/yourls/official/image.yml b/community_images/yourls/official/image.yml deleted file mode 100755 index a6bd9e824c..0000000000 --- a/community_images/yourls/official/image.yml +++ /dev/null @@ -1,40 +0,0 @@ -name: yourls -official_name: YOURLS -official_website: https://yourls.org/ -source_image_provider: YOURLS -source_image_repo: docker.io/library/yourls -source_image_repo_link: https://hub.docker.com/_/yourls -source_image_readme: https://github.com/docker-library/docs/blob/master/yourls/README.md -rf_docker_link: rapidfort/yourls -image_workflow_name: yourls_official -github_location: yourls/official -report_url: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fyourls -usage_instructions: | - # Using docker run: - $ docker run --name some-yourls --link some-mysql:mysql -p 8080:80 -d rapidfort/yourls - # Then, access it via http://localhost:8080/admin/ or http://:8080/admin/ in a browser. -what_is_text: | - YOURLS is a set of PHP scripts that will allow you to run Your Own URL Shortener. You'll have full control over your data, detailed stats, analytics, plugins, and more. It's free. -disclaimer: | - Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. -docker_links: - - "[`1.9.1-apache`, `1.9-apache`, `1-apache`, `apache`, `1.9.1`, `1.9`, `1`, `latest`](https://github.com/YOURLS/docker/blob/38f550a34a4eb96419d9d3ebabe802c439103218/apache/Dockerfile)" -input_registry: - registry: docker.io - account: library -repo_sets: - - yourls: - input_base_tag: "1.9.*-apache" -runtimes: - - type: docker_compose - script: dc_coverage.sh - compose_file: docker-compose.yml - wait_time_sec: 70 - tls_certs: - generate: true - out_dir: certs - image_keys: - yourls: - repository: "YOURLS_IMAGE_REPOSITORY" - tag: "YOURLS_IMAGE_TAG" - diff --git a/community_images/yourls/official/selenium_tests/conftest.py b/community_images/yourls/official/selenium_tests/conftest.py deleted file mode 100644 index c08a336eb9..0000000000 --- a/community_images/yourls/official/selenium_tests/conftest.py +++ /dev/null @@ -1,23 +0,0 @@ -"""The conftest file for running selenium test.""" -# pylint: skip-file - -# conftest.py -import pytest # pylint: disable=import-error - - -def pytest_addoption(parser): - """The function to add options""" - parser.addoption("--server", action="store", help="wordpress server") - parser.addoption("--port", action="store", - help="port on host linked to yourls container") - - -@pytest.fixture -def params(request): - """the params""" - config_params = {} - config_params['server'] = request.config.getoption('--server') - config_params['port'] = request.config.getoption('--port') - if config_params['server'] is None or config_params['port'] is None: - pytest.skip() - return config_params diff --git a/community_images/yourls/official/selenium_tests/test_yourlsuitest.py b/community_images/yourls/official/selenium_tests/test_yourlsuitest.py deleted file mode 100644 index 937b443214..0000000000 --- a/community_images/yourls/official/selenium_tests/test_yourlsuitest.py +++ /dev/null @@ -1,69 +0,0 @@ -# Generated by Selenium IDE -# pylint: skip-file - -import pytest -import time -import json -from selenium import webdriver -from selenium.webdriver.chrome.options import Options -from selenium.webdriver.common.by import By -from selenium.webdriver.common.action_chains import ActionChains -from selenium.webdriver.support import expected_conditions -from selenium.webdriver.support.wait import WebDriverWait -from selenium.webdriver.common.keys import Keys -from selenium.webdriver.common.desired_capabilities import DesiredCapabilities - - -class TestYourlsuitest(): - def setup_method(self, method): # pylint: disable=unused-argument - """setup method.""" - chrome_options = Options() - chrome_options.add_argument("--headless") - chrome_options.add_argument('--disable-dev-shm-usage') - chrome_options.add_argument("disable-infobars") - chrome_options.add_argument("--disable-extensions") - chrome_options.add_argument("--disable-gpu") - chrome_options.add_argument("--no-sandbox") - self.driver = webdriver.Chrome( - options=chrome_options) # pylint: disable=attribute-defined-outside-init - self.driver.implicitly_wait(10) - - def teardown_method(self, method): # pylint: disable=unused-argument - """teardown method.""" - self.driver.quit() - - def test_yourlsuitest(self, params): - # Navigating to Initial Installation Page - self.driver.get("http://localhost:{}/admin/install.php".format(params["port"])) - # Setting Window Size - self.driver.set_window_size(533, 876) - self.driver.find_element(By.NAME, "install").click() - # Navigating to Admin Page - self.driver.find_element(By.LINK_TEXT, "YOURLS Administration Page").click() - self.driver.get("http://localhost:{}/admin/".format(params["port"])) - # Logging in - self.driver.find_element(By.ID, "username").send_keys("rapidfortbot") - self.driver.find_element(By.ID, "password").send_keys("rapidpassword") - self.driver.find_element(By.ID, "submit").click() - # Adding test url - self.driver.find_element(By.ID, "add-url").send_keys("https://www.rapidfort.com") - self.driver.find_element(By.ID, "add-button").click() - # Enabling Plugins - self.driver.find_element(By.LINK_TEXT, "Manage Plugins").click() - self.driver.get("http://localhost:{}/admin/plugins.php".format(params["port"])) - element = self.driver.find_element(By.CSS_SELECTOR, ".plugin:nth-child(2) > .plugin_author > a") - actions = ActionChains(self.driver) - actions.move_to_element(element).perform() - self.driver.find_element(By.LINK_TEXT, "Activate").click() - # Navigating to Tools page - self.driver.get("http://localhost:{}/admin/tools.php".format(params["port"])) - # Navigating to Admin Page - self.driver.get("http://localhost:{}/admin/".format(params["port"])) - element = self.driver.find_element(By.ID, "clicks-yid1") - actions = ActionChains(self.driver) - actions.move_to_element(element).perform() - # Viewing Stats - self.driver.find_element(By.ID, "statlink-yid1").click() - # Logging out - self.driver.get("http://localhost:{}/admin/tools.php".format(params["port"])) - self.driver.find_element(By.LINK_TEXT, "Logout").click() \ No newline at end of file diff --git a/community_images/yourls/official/selenium_tests/yourls.side b/community_images/yourls/official/selenium_tests/yourls.side deleted file mode 100644 index 6ea793c4cf..0000000000 --- a/community_images/yourls/official/selenium_tests/yourls.side +++ /dev/null @@ -1,239 +0,0 @@ -{ - "id": "40f624e5-ae70-4038-a2d6-6ded16d3fcf6", - "version": "2.0", - "name": "YoURLs", - "url": "http://localhost", - "tests": [{ - "id": "617109e7-f2a4-411c-baaf-682dc4a5dee3", - "name": "yourls-ui-test", - "commands": [{ - "id": "6c895219-dd4e-49de-8268-24a1c5a10602", - "comment": "", - "command": "open", - "target": "/admin/install.php", - "targets": [], - "value": "" - }, { - "id": "bab11ed8-0cf9-4493-aa6c-ac19000116ec", - "comment": "", - "command": "setWindowSize", - "target": "533x876", - "targets": [], - "value": "" - }, { - "id": "f728ffb2-a560-48f0-905a-bc4a1017b241", - "comment": "", - "command": "click", - "target": "name=install", - "targets": [ - ["name=install", "name"], - ["css=.button", "css:finder"], - ["xpath=//input[@name='install']", "xpath:attributes"], - ["xpath=//div[@id='login']/form/p[2]/input", "xpath:idRelative"], - ["xpath=//input", "xpath:position"] - ], - "value": "" - }, { - "id": "cf9f87b7-da40-400b-a3ba-dcde1b4eb7b8", - "comment": "", - "command": "click", - "target": "linkText=YOURLS Administration Page", - "targets": [ - ["linkText=YOURLS Administration Page", "linkText"], - ["css=p:nth-child(3) > a", "css:finder"], - ["xpath=//a[contains(text(),'YOURLS Administration Page')]", "xpath:link"], - ["xpath=//div[@id='login']/form/p[2]/a", "xpath:idRelative"], - ["xpath=//a[@href='http://localhost/admin/']", "xpath:href"], - ["xpath=//a", "xpath:position"], - ["xpath=//a[contains(.,'YOURLS Administration Page')]", "xpath:innerText"] - ], - "value": "" - }, { - "id": "a5c46454-6663-40a0-9db1-c4a3d84e25d4", - "comment": "", - "command": "type", - "target": "id=username", - "targets": [ - ["id=username", "id"], - ["name=username", "name"], - ["css=#username", "css:finder"], - ["xpath=//input[@id='username']", "xpath:attributes"], - ["xpath=//div[@id='login']/form/p[2]/input", "xpath:idRelative"], - ["xpath=//input", "xpath:position"] - ], - "value": "rapidfortbot" - }, { - "id": "daa9154c-fb66-4048-b00e-41eb2f0bf04f", - "comment": "", - "command": "type", - "target": "id=password", - "targets": [ - ["id=password", "id"], - ["name=password", "name"], - ["css=#password", "css:finder"], - ["xpath=//input[@id='password']", "xpath:attributes"], - ["xpath=//div[@id='login']/form/p[3]/input", "xpath:idRelative"], - ["xpath=//p[3]/input", "xpath:position"] - ], - "value": "rapidpassword" - }, { - "id": "a9f9c533-e873-49d2-ab5f-cf8367a49958", - "comment": "", - "command": "click", - "target": "id=submit", - "targets": [ - ["id=submit", "id"], - ["name=submit", "name"], - ["css=#submit", "css:finder"], - ["xpath=//input[@id='submit']", "xpath:attributes"], - ["xpath=//div[@id='login']/form/p[4]/input[2]", "xpath:idRelative"], - ["xpath=//input[2]", "xpath:position"] - ], - "value": "" - }, { - "id": "2d15cca1-02da-42aa-a159-85b6df5eb8bc", - "comment": "", - "command": "type", - "target": "id=add-url", - "targets": [ - ["id=add-url", "id"], - ["name=url", "name"], - ["css=#add-url", "css:finder"], - ["xpath=//input[@id='add-url']", "xpath:attributes"], - ["xpath=//form[@id='new_url_form']/div/input", "xpath:idRelative"], - ["xpath=//input", "xpath:position"] - ], - "value": "https://www.rapidfort.com" - }, { - "id": "2d3493aa-7149-41fe-826b-922cc6f3129b", - "comment": "", - "command": "click", - "target": "id=add-button", - "targets": [ - ["id=add-button", "id"], - ["name=add-button", "name"], - ["css=#add-button", "css:finder"], - ["xpath=//input[@id='add-button']", "xpath:attributes"], - ["xpath=//form[@id='new_url_form']/div/input[4]", "xpath:idRelative"], - ["xpath=//input[4]", "xpath:position"] - ], - "value": "" - }, { - "id": "ecacd173-08a1-4cfd-9ad5-76088b53d401", - "comment": "", - "command": "click", - "target": "linkText=Manage Plugins", - "targets": [ - ["linkText=Manage Plugins", "linkText"], - ["css=#admin_menu_plugins_link > a", "css:finder"], - ["xpath=//a[contains(text(),'Manage Plugins')]", "xpath:link"], - ["xpath=//li[@id='admin_menu_plugins_link']/a", "xpath:idRelative"], - ["xpath=//a[@href='http://localhost/admin/plugins.php']", "xpath:href"], - ["xpath=//li[4]/a", "xpath:position"], - ["xpath=//a[contains(.,'Manage Plugins')]", "xpath:innerText"] - ], - "value": "" - }, { - "id": "84f5ca71-15ea-43fe-b8dc-4dbc4fe341b3", - "comment": "", - "command": "click", - "target": "linkText=Activate", - "targets": [ - ["linkText=Activate", "linkText"], - ["css=.plugin:nth-child(2) > .plugin_actions > a", "css:finder"], - ["xpath=(//a[contains(text(),'Activate')])[2]", "xpath:link"], - ["xpath=//table[@id='main_table']/tbody/tr[2]/td[5]/a", "xpath:idRelative"], - ["xpath=//a[@href='http://localhost/admin/plugins.php?action=activate&plugin=random-bg&nonce=b6773e6af9']", "xpath:href"], - ["xpath=//tr[2]/td[5]/a", "xpath:position"] - ], - "value": "" - }, { - "id": "2325bbc1-1814-4b11-a244-a4f50b1be2f6", - "comment": "", - "command": "click", - "target": "linkText=Tools", - "targets": [ - ["linkText=Tools", "linkText"], - ["css=#admin_menu_tools_link > a", "css:finder"], - ["xpath=//a[contains(text(),'Tools')]", "xpath:link"], - ["xpath=//li[@id='admin_menu_tools_link']/a", "xpath:idRelative"], - ["xpath=//a[@href='http://localhost/admin/tools.php']", "xpath:href"], - ["xpath=//li[3]/a", "xpath:position"], - ["xpath=//a[contains(.,'Tools')]", "xpath:innerText"] - ], - "value": "" - }, { - "id": "afae400e-11a2-45e8-bf52-1212f0a5cee7", - "comment": "", - "command": "click", - "target": "linkText=Admin interface", - "targets": [ - ["linkText=Admin interface", "linkText"], - ["css=#admin_menu_admin_link > a", "css:finder"], - ["xpath=//a[contains(text(),'Admin interface')]", "xpath:link"], - ["xpath=//li[@id='admin_menu_admin_link']/a", "xpath:idRelative"], - ["xpath=(//a[@href='http://localhost/admin/index.php'])[2]", "xpath:href"], - ["xpath=//li[2]/a", "xpath:position"], - ["xpath=//a[contains(.,'Admin interface')]", "xpath:innerText"] - ], - "value": "" - }, { - "id": "f77415ea-02ea-4b43-afdf-320260ae914c", - "comment": "", - "command": "click", - "target": "id=statlink-yid1", - "targets": [ - ["id=statlink-yid1", "id"], - ["linkText=Stats", "linkText"], - ["css=#statlink-yid1", "css:finder"], - ["xpath=//a[contains(text(),'Stats')]", "xpath:link"], - ["xpath=//a[@id='statlink-yid1']", "xpath:attributes"], - ["xpath=//td[@id='actions-yid1']/a", "xpath:idRelative"], - ["xpath=//a[@href='http://localhost/1+']", "xpath:href"], - ["xpath=//td[6]/a", "xpath:position"], - ["xpath=//a[contains(.,'Stats')]", "xpath:innerText"] - ], - "value": "" - }, { - "id": "dd850ef7-5d80-4d43-84c7-79876656b438", - "comment": "", - "command": "click", - "target": "linkText=Admin interface", - "targets": [ - ["linkText=Admin interface", "linkText"], - ["css=#admin_menu_admin_link > a", "css:finder"], - ["xpath=//a[contains(text(),'Admin interface')]", "xpath:link"], - ["xpath=//li[@id='admin_menu_admin_link']/a", "xpath:idRelative"], - ["xpath=(//a[@href='http://localhost/admin/index.php'])[2]", "xpath:href"], - ["xpath=//li[2]/a", "xpath:position"], - ["xpath=//a[contains(.,'Admin interface')]", "xpath:innerText"] - ], - "value": "" - }, { - "id": "83ce2aba-276c-40aa-b163-44f9e4acca28", - "comment": "", - "command": "click", - "target": "linkText=Logout", - "targets": [ - ["linkText=Logout", "linkText"], - ["css=#admin_menu_logout_link > a", "css:finder"], - ["xpath=//a[contains(text(),'Logout')]", "xpath:link"], - ["xpath=//li[@id='admin_menu_logout_link']/a", "xpath:idRelative"], - ["xpath=//a[@href='http://localhost/admin/index.php?action=logout&nonce=ae3ed1ca03']", "xpath:href"], - ["xpath=//li/a", "xpath:position"], - ["xpath=//a[contains(.,'Logout')]", "xpath:innerText"] - ], - "value": "" - }] - }], - "suites": [{ - "id": "83e2fb36-2b0f-4b83-ba57-d3c49028ce5c", - "name": "Default Suite", - "persistSession": false, - "parallel": false, - "timeout": 300, - "tests": ["617109e7-f2a4-411c-baaf-682dc4a5dee3"] - }], - "urls": ["http://localhost/"], - "plugins": [] -} \ No newline at end of file diff --git a/community_images/yugabyte/yugabytedb/README.md b/community_images/yugabyte/yugabytedb/README.md deleted file mode 100755 index f44f41c292..0000000000 --- a/community_images/yugabyte/yugabytedb/README.md +++ /dev/null @@ -1,150 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for Yugabyte - -RapidFort’s container optimization process hardened this Yugabyte container. This container is free to use and has no license limitations. - -It is the same as the [yugabyteDB Yugabyte][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is Yugabyte? - -> YugabyteDB is a high-performance, cloud-native, distributed SQL database that aims to support all PostgreSQL features. It is best suited for cloud-native OLTP (i.e., real-time, business-critical) applications that need absolute data correctness and require at least one of the following: scalability, high tolerance to failures, or globally-distributed deployments. - - -[Overview of Yugabyte](https://www.yugabyte.com/) - -Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - - -## How do I use this hardened Yugabyte image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -$ helm repo add yugabytedb https://charts.yugabyte.com - -# install mariadb, just replace repository with RapidFort registry -$ helm install yb-demo yugabytedb/yugabyte \ - --set image.repository=rapidfort/yugabyte - --version 2.15.3 \ - --set resource.master.requests.cpu=0.5,resource.master.requests.memory=0.5Gi,\ - resource.tserver.requests.cpu=0.5,resource.tserver.requests.memory=0.5Gi,\ - replicas.master=1,replicas.tserver=1 --namespace yb-demo - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [yugabyteDB Yugabyte][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [yugabyteDB Yugabyte][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/yugabyte][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links -* [`2.17`, `latest` (2.17/centos/Dockerfile)](https://github.com/yugabyte/build-infra/blob/master/docker_images/centos7/Dockerfile) -* [`2.16`, (2.16/centos/Dockerfile)](https://github.com/yugabyte/build-infra/blob/master/docker_images/centos7/Dockerfile) -* [`2.15`, (2.15/centos/Dockerfile)](https://github.com/yugabyte/build-infra/blob/master/docker_images/centos7/Dockerfile) -* [`2.14`, (2.14/centos/Dockerfile)](https://github.com/yugabyte/build-infra/blob/master/docker_images/centos7/Dockerfile) - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=yugabyte&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fyugabytedb%2Fyugabyte?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=yugabyte&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fyugabytedb%2Fyugabyte?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=yugabyte&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fyugabytedb%2Fyugabyte?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=yugabyte&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fyugabytedb%2Fyugabyte?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=yugabyte&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fyugabytedb%2Fyugabyte?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=yugabyte&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/yugabyte?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/yugabyte?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/yugabyte/yugabytedb/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/yugabyte/yugabytedb/assets/cve_reduction.webp - -[source-image-repo-link]: https://hub.docker.com/r/yugabytedb/yugabyte -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/yugabyte diff --git a/community_images/yugabyte/yugabytedb/assets/cve_reduction.webp b/community_images/yugabyte/yugabytedb/assets/cve_reduction.webp deleted file mode 100644 index 75b48050d1..0000000000 Binary files a/community_images/yugabyte/yugabytedb/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/yugabyte/yugabytedb/assets/metrics.webp b/community_images/yugabyte/yugabytedb/assets/metrics.webp deleted file mode 100644 index 6227738b1a..0000000000 Binary files a/community_images/yugabyte/yugabytedb/assets/metrics.webp and /dev/null differ diff --git a/community_images/yugabyte/yugabytedb/dc_coverage.sh b/community_images/yugabyte/yugabytedb/dc_coverage.sh deleted file mode 100755 index eea0c38769..0000000000 --- a/community_images/yugabyte/yugabytedb/dc_coverage.sh +++ /dev/null @@ -1,46 +0,0 @@ -#!/bin/bash - -set -x -set -e - -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -# shellcheck disable=SC1091 -. "${SCRIPTPATH}"/../../common/scripts/bash_helper.sh - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" - -PROJECT_NAME=$(jq -r '.project_name' < "$JSON_PARAMS") -CONTAINER_NAME="${PROJECT_NAME}"-yugabyte-1 -YB_HOST=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' "${CONTAINER_NAME}") - - -# Sleep -sleep 100 - -# log for debugging -docker inspect "${CONTAINER_NAME}" - -# wait for container to be up -docker exec -i "${CONTAINER_NAME}" ./bin/yugabyted status - -# copy test.psql into container -docker cp "${SCRIPTPATH}"/../../common/tests/test.psql "${CONTAINER_NAME}":/tmp/test.psql - -# run script -docker exec -i "${CONTAINER_NAME}" ysqlsh -h "${YB_HOST}" -p 5433 -U yugabyte -d yugabyte -f /tmp/test.psql - -# ysqlsh and ycqlsh -docker exec -i "${CONTAINER_NAME}" ysqlsh --version -docker exec -i "${CONTAINER_NAME}" ycqlsh --version - -# exercise all webpages -UI_PORT=$(docker inspect "${CONTAINER_NAME}" | jq -r ".[].NetworkSettings.Ports.\"15433/tcp\"[0].HostPort") -HTML_DIR="${SCRIPTPATH}"/html_output -mkdir -p "${HTML_DIR}" -httrack http://"${YB_HOST}":"${UI_PORT}" -O "${HTML_DIR}" -rm -rf "${HTML_DIR}" diff --git a/community_images/yugabyte/yugabytedb/docker-compose.yml b/community_images/yugabyte/yugabytedb/docker-compose.yml deleted file mode 100755 index c799cbd72c..0000000000 --- a/community_images/yugabyte/yugabytedb/docker-compose.yml +++ /dev/null @@ -1,18 +0,0 @@ -version: '3' - -services: - yugabyte: - image: ${YUGABYTE_IMAGE_REPOSITORY}:${YUGABYTE_IMAGE_TAG} - cap_add: - - SYS_PTRACE - ports: - - "0.0.0.0::7000" - - "0.0.0.0::9000" - - "0.0.0.0::5433" - - "0.0.0.0::15433" - - "0.0.0.0::9042" - command: - - /bin/bash - - -c - - | - ./bin/yugabyted start --daemon=false \ No newline at end of file diff --git a/community_images/yugabyte/yugabytedb/image.yml b/community_images/yugabyte/yugabytedb/image.yml deleted file mode 100755 index 80c56dbd1a..0000000000 --- a/community_images/yugabyte/yugabytedb/image.yml +++ /dev/null @@ -1,55 +0,0 @@ -name: yugabyte -official_name: Yugabyte -official_website: https://www.yugabyte.com/ -source_image_provider: yugabyteDB -source_image_repo: docker.io/yugabytedb/yugabyte -source_image_repo_link: https://hub.docker.com/r/yugabytedb/yugabyte -source_image_readme: https://github.com/yugabyte/yugabyte-db/blob/master/README.md -rf_docker_link: rapidfort/yugabyte -image_workflow_name: yugabyte_yugabytedb -github_location: yugabyte/yugabytedb -report_url: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fyugabytedb%2Fyugabyte -usage_instructions: | - $ helm repo add yugabytedb https://charts.yugabyte.com - - # install mariadb, just replace repository with RapidFort registry - $ helm install yb-demo yugabytedb/yugabyte \ - --set image.repository=rapidfort/yugabyte - --version 2.15.3 \ - --set resource.master.requests.cpu=0.5,resource.master.requests.memory=0.5Gi,\ - resource.tserver.requests.cpu=0.5,resource.tserver.requests.memory=0.5Gi,\ - replicas.master=1,replicas.tserver=1 --namespace yb-demo -what_is_text: | - YugabyteDB is a high-performance, cloud-native, distributed SQL database that aims to support all PostgreSQL features. It is best suited for cloud-native OLTP (i.e., real-time, business-critical) applications that need absolute data correctness and require at least one of the following: scalability, high tolerance to failures, or globally-distributed deployments. -disclaimer: | - Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. -docker_links: - - "[`2.17`, `latest` (2.17/centos/Dockerfile)](https://github.com/yugabyte/build-infra/blob/master/docker_images/centos7/Dockerfile)" - - "[`2.16`, (2.16/centos/Dockerfile)](https://github.com/yugabyte/build-infra/blob/master/docker_images/centos7/Dockerfile)" - - "[`2.15`, (2.15/centos/Dockerfile)](https://github.com/yugabyte/build-infra/blob/master/docker_images/centos7/Dockerfile)" - - "[`2.14`, (2.14/centos/Dockerfile)](https://github.com/yugabyte/build-infra/blob/master/docker_images/centos7/Dockerfile)" -input_registry: - registry: docker.io - account: yugabytedb -repo_sets: - - yugabyte: - input_base_tag: "2.18.*" - - yugabyte: - input_base_tag: "2.17.*" - - yugabyte: - input_base_tag: "2.16.*" - - yugabyte: - input_base_tag: "2.15.*" - - yugabyte: - input_base_tag: "2.14.*" -runtimes: - - type: docker_compose - script: dc_coverage.sh - compose_file: docker-compose.yml - tls_certs: - generate: true - out_dir: certs - image_keys: - yugabyte: - repository: "YUGABYTE_IMAGE_REPOSITORY" - tag: "YUGABYTE_IMAGE_TAG" diff --git a/community_images/zookeeper/bitnami/.rfignore b/community_images/zookeeper/bitnami/.rfignore deleted file mode 100644 index 06fdfb567e..0000000000 --- a/community_images/zookeeper/bitnami/.rfignore +++ /dev/null @@ -1,4 +0,0 @@ -opt/bitnami/common/licenses -opt/bitnami/zookeeper/licenses -opt/bitnami/licenses -usr/share/common-licenses diff --git a/community_images/zookeeper/bitnami/README.md b/community_images/zookeeper/bitnami/README.md deleted file mode 100644 index 74bbfeeccb..0000000000 --- a/community_images/zookeeper/bitnami/README.md +++ /dev/null @@ -1,144 +0,0 @@ - -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for Zookeeper - -RapidFort’s container optimization process hardened this Zookeeper container. This container is free to use and has no license limitations. - -It is the same as the [Bitnami Zookeeper][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is Zookeeper? - -> Apache ZooKeeper provides a reliable, centralized register of configuration data and services for distributed applications. - - -[Overview of Zookeeper](https://zookeeper.apache.org/) - -Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - - -## How do I use this hardened Zookeeper image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -$ helm repo add bitnami https://charts.bitnami.com/bitnami - -# install zookeeper, just replace repository with RapidFort registry -$ helm install my-zookeeper bitnami/zookeeper --set image.repository=rapidfort/zookeeper - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [Bitnami Zookeeper][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [Bitnami Zookeeper][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/zookeeper][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links -* [`3.9`, `3.9-debian-11`, `3.9.1`, `3.9.1-debian-11-r` (3.9/debian-11/Dockerfile)](https://github.com/bitnami/containers/tree/main/bitnami/zookeeper/3.9/debian-11/Dockerfile) -* [`3.8`, `3.8-debian-11`, `3.8.3`, `3.8.3-debian-11-r` (3.8/debian-11/Dockerfile)](https://github.com/bitnami/containers/tree/main/bitnami/zookeeper/3.8/debian-11/Dockerfile) -* [`3.7`, `3.7-debian-11`, `3.7.2`, `3.7.2-debian-11-r` (3.7/debian-11/Dockerfile)](https://github.com/bitnami/containers/tree/main/bitnami/zookeeper/3.7/debian-11/Dockerfile) - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=zookeeper&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fzookeeper?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=zookeeper&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fzookeeper?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=zookeeper&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fzookeeper?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=zookeeper&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fzookeeper?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=zookeeper&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fzookeeper?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=zookeeper&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/zookeeper?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/zookeeper?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/zookeeper/bitnami/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/zookeeper/bitnami/assets/cve_reduction.webp - -[source-image-repo-link]: https://hub.docker.com/r/bitnami/zookeeper -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/zookeeper diff --git a/community_images/zookeeper/bitnami/assets/cve_reduction.webp b/community_images/zookeeper/bitnami/assets/cve_reduction.webp deleted file mode 100644 index 0429e7daae..0000000000 Binary files a/community_images/zookeeper/bitnami/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/zookeeper/bitnami/assets/metrics.webp b/community_images/zookeeper/bitnami/assets/metrics.webp deleted file mode 100644 index 1b0f4370ec..0000000000 Binary files a/community_images/zookeeper/bitnami/assets/metrics.webp and /dev/null differ diff --git a/community_images/zookeeper/bitnami/coverage.sh b/community_images/zookeeper/bitnami/coverage.sh deleted file mode 100755 index 2c70b3d279..0000000000 --- a/community_images/zookeeper/bitnami/coverage.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash - -set -e -set -x - -function test_zookeeper() { - CONTAINER_NAME=$1 - NAMESPACE=$2 - USE_KUBECTL=$3 - - CMD="docker exec -i ${CONTAINER_NAME} bash -c /opt/bitnami/scripts/coverage_script.sh" - - if [[ "${USE_KUBECTL}" == "yes" ]]; then - CMD="kubectl exec -i ${CONTAINER_NAME} -n ${NAMESPACE} -- bash /opt/bitnami/scripts/coverage_script.sh" - fi - - $CMD -} \ No newline at end of file diff --git a/community_images/zookeeper/bitnami/dc_coverage.sh b/community_images/zookeeper/bitnami/dc_coverage.sh deleted file mode 100755 index b58a6da45f..0000000000 --- a/community_images/zookeeper/bitnami/dc_coverage.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/bash - -set -x -set -e - -# shellcheck disable=SC1091 -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -# shellcheck disable=SC1091 -. "${SCRIPTPATH}"/coverage.sh - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" - -NAMESPACE=$(jq -r '.namespace_name' < "$JSON_PARAMS") -PROJECT_NAME=$(jq -r '.project_name' < "$JSON_PARAMS") -# Container name for consul-node1 -CONTAINER_NAME="${PROJECT_NAME}"-zookeeper1-1 - -test_zookeeper "${CONTAINER_NAME}" "${NAMESPACE}" "no" diff --git a/community_images/zookeeper/bitnami/docker-compose.yml b/community_images/zookeeper/bitnami/docker-compose.yml deleted file mode 100644 index c2f6776fa4..0000000000 --- a/community_images/zookeeper/bitnami/docker-compose.yml +++ /dev/null @@ -1,16 +0,0 @@ -version: '2' - -services: - zookeeper1: - image: ${ZOOKEEPER_IMAGE_REPOSITORY}:${ZOOKEEPER_IMAGE_TAG} - restart: always - user: root - cap_add: - - SYS_PTRACE - ports: - - 2181 - volumes: - - $ZOOKEEPER_HOME:/bitnami/zookeeper - - ./scripts/zookeeper_coverage_script.sh:/opt/bitnami/scripts/coverage_script.sh - environment: - - ALLOW_ANONYMOUS_LOGIN=yes \ No newline at end of file diff --git a/community_images/zookeeper/bitnami/docker.env b/community_images/zookeeper/bitnami/docker.env deleted file mode 100644 index c6964db7e0..0000000000 --- a/community_images/zookeeper/bitnami/docker.env +++ /dev/null @@ -1 +0,0 @@ -ZOOKEEPER_HOME=/tmp diff --git a/community_images/zookeeper/bitnami/docker_coverage.sh b/community_images/zookeeper/bitnami/docker_coverage.sh deleted file mode 100755 index 87c7ba3798..0000000000 --- a/community_images/zookeeper/bitnami/docker_coverage.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash - -set -x -set -e - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker coverage = $JSON" - -# NETWORK_NAME=$(jq -r '.network_name' < "$JSON_PARAMS") -# ENVOY_HOST=$(jq -r '.container_details.envoy.ip_address' < "$JSON_PARAMS") diff --git a/community_images/zookeeper/bitnami/image.yml b/community_images/zookeeper/bitnami/image.yml deleted file mode 100644 index 1898328319..0000000000 --- a/community_images/zookeeper/bitnami/image.yml +++ /dev/null @@ -1,60 +0,0 @@ -name: zookeeper -official_name: Zookeeper -official_website: https://zookeeper.apache.org/ -source_image_provider: Bitnami -source_image_repo: docker.io/bitnami/zookeeper -source_image_repo_link: https://hub.docker.com/r/bitnami/zookeeper -source_image_readme: https://github.com/bitnami/containers/blob/main/bitnami/zookeeper/README.md -rf_docker_link: rapidfort/zookeeper -image_workflow_name: zookeeper_bitnami -github_location: zookeeper/bitnami -report_url: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fzookeeper -usage_instructions: | - $ helm repo add bitnami https://charts.bitnami.com/bitnami - - # install zookeeper, just replace repository with RapidFort registry - $ helm install my-zookeeper bitnami/zookeeper --set image.repository=rapidfort/zookeeper -what_is_text: | - Apache ZooKeeper provides a reliable, centralized register of configuration data and services for distributed applications. -disclaimer: | - Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. -input_registry: - registry: docker.io - account: bitnami -repo_sets: - - zookeeper: - input_base_tag: "3.9.1-debian-11-r" - - zookeeper: - input_base_tag: "3.8.2-debian-11-r" - - zookeeper: - input_base_tag: "3.7.2-debian-11-r" -runtimes: - - type: k8s - script: k8s_coverage.sh - helm: - repo: bitnami - repo_url: https://charts.bitnami.com/bitnami - chart: zookeeper - # disabling persistence otherwise PVC creation fails for data dir - helm_additional_params: - persistence.enabled: false - replicaCount: 3 - auth.enabled: false - allowAnonymousLogin: true - image_keys: - zookeeper: - repository: "image.repository" - tag: "image.tag" - override_file: "overrides.yml" - - type: docker_compose - script: dc_coverage.sh - compose_file: docker-compose.yml - image_keys: - zookeeper: - repository: "ZOOKEEPER_IMAGE_REPOSITORY" - tag: "ZOOKEEPER_IMAGE_TAG" - - type: docker - script: docker_coverage.sh - zookeeper: - environment: - ALLOW_ANONYMOUS_LOGIN: yes diff --git a/community_images/zookeeper/bitnami/k8s_coverage.sh b/community_images/zookeeper/bitnami/k8s_coverage.sh deleted file mode 100755 index 12336a01cf..0000000000 --- a/community_images/zookeeper/bitnami/k8s_coverage.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/bash - -set -x -set -e - -# shellcheck disable=SC1091 -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -# shellcheck disable=SC1091 -. "${SCRIPTPATH}"/coverage.sh - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for k8s coverage = $JSON" - -NAMESPACE=$(jq -r '.namespace_name' < "$JSON_PARAMS") -RELEASE_NAME=$(jq -r '.release_name' < "$JSON_PARAMS") - -# wait for the zookeeper ensemble to come online -sleep 60 - -CONTAINER_NAME="${RELEASE_NAME}-0" -# copy over the script to the pod -kubectl cp "${SCRIPTPATH}"/scripts/zookeeper_coverage_script.sh "${CONTAINER_NAME}":/opt/bitnami/scripts/coverage_script.sh -n "${NAMESPACE}" - -test_zookeeper "${CONTAINER_NAME}" "${NAMESPACE}" "yes" diff --git a/community_images/zookeeper/bitnami/overrides.yml b/community_images/zookeeper/bitnami/overrides.yml deleted file mode 100644 index f201e68505..0000000000 --- a/community_images/zookeeper/bitnami/overrides.yml +++ /dev/null @@ -1,18 +0,0 @@ -image: - pullSecrets: ["rf-regcred"] - pullPolicy: Always -containerSecurityContext: - enabled: true - runAsUser: 1001 - allowPrivilegeEscalation: true - capabilities: - add: ["SYS_PTRACE"] -extraEnvVars: - - name: "RF_VERBOSE" - value: "0" -livenessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 -readinessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 diff --git a/community_images/zookeeper/bitnami/scripts/zookeeper_coverage_script.sh b/community_images/zookeeper/bitnami/scripts/zookeeper_coverage_script.sh deleted file mode 100755 index 12820cfee1..0000000000 --- a/community_images/zookeeper/bitnami/scripts/zookeeper_coverage_script.sh +++ /dev/null @@ -1,47 +0,0 @@ -#!/bin/bash - -set -e -set -x - -# get the server version number -zkServer.sh version - -# print the help message for transactin log command -zkTxnLogToolkit.sh --help || true - -# print the help message for snapshot comparison command -zkSnapshotComparer.sh --help || true - -# print the help message for cleanup command -zkCleanup.sh --help || true - -# run zookeeper specific commands for coverage -zkCli.sh < -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for Zookeeper IronBank - -RapidFort’s container optimization process hardened this Zookeeper IronBank container. This container is free to use and has no license limitations. - -It is the same as the [Platform One Zookeeper IronBank][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is Zookeeper IronBank? - -> Apache ZooKeeper provides a reliable, centralized register of configuration data and services for distributed applications. - - -[Overview of Zookeeper IronBank](https://zookeeper.apache.org/) - -Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - - -## How do I use this hardened Zookeeper IronBank image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -$ docker run --name some-zk -d rapidfort/zookeeper-ib:latest - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [Platform One Zookeeper IronBank][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [Platform One Zookeeper IronBank][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/zookeeper-ib][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=zookeeper-ib&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fapache%2Fzookeeper?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=zookeeper-ib&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fapache%2Fzookeeper?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=zookeeper-ib&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fapache%2Fzookeeper?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=zookeeper-ib&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fapache%2Fzookeeper?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=zookeeper-ib&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fapache%2Fzookeeper?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=zookeeper-ib&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/zookeeper-ib?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/zookeeper-ib?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/zookeeper/ironbank/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/zookeeper/ironbank/assets/cve_reduction.webp - -[source-image-repo-link]: https://registry1.dso.mil/harbor/projects/3/repositories/opensource%2Fapache%2Fzookeeper -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/zookeeper-ib diff --git a/community_images/zookeeper/ironbank/assets/cve_reduction.webp b/community_images/zookeeper/ironbank/assets/cve_reduction.webp deleted file mode 100644 index 6c061060cd..0000000000 Binary files a/community_images/zookeeper/ironbank/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/zookeeper/ironbank/assets/metrics.webp b/community_images/zookeeper/ironbank/assets/metrics.webp deleted file mode 100644 index 0205e3d9a1..0000000000 Binary files a/community_images/zookeeper/ironbank/assets/metrics.webp and /dev/null differ diff --git a/community_images/zookeeper/ironbank/coverage.sh b/community_images/zookeeper/ironbank/coverage.sh deleted file mode 100755 index d4921fd99b..0000000000 --- a/community_images/zookeeper/ironbank/coverage.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash - -set -e -set -x - -function test_zookeeper() { - CONTAINER_NAME=$1 - - CMD="docker exec -i ${CONTAINER_NAME} bash -c /tmp/coverage_script.sh" - $CMD -} \ No newline at end of file diff --git a/community_images/zookeeper/ironbank/dc_coverage.sh b/community_images/zookeeper/ironbank/dc_coverage.sh deleted file mode 100755 index 13c5d48f91..0000000000 --- a/community_images/zookeeper/ironbank/dc_coverage.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/bash - -set -x -set -e - -# shellcheck disable=SC1091 -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -# shellcheck disable=SC1091 -. "${SCRIPTPATH}"/coverage.sh - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker compose coverage = $JSON" - -PROJECT_NAME=$(jq -r '.project_name' < "$JSON_PARAMS") -# Container name for consul-node1 -CONTAINER_NAME="${PROJECT_NAME}"-zookeeper1-1 - -test_zookeeper "${CONTAINER_NAME}" diff --git a/community_images/zookeeper/ironbank/docker-compose.yml b/community_images/zookeeper/ironbank/docker-compose.yml deleted file mode 100644 index 022f3022ec..0000000000 --- a/community_images/zookeeper/ironbank/docker-compose.yml +++ /dev/null @@ -1,16 +0,0 @@ -version: '2' - -services: - zookeeper1: - image: ${ZOOKEEPER_IMAGE_REPOSITORY}:${ZOOKEEPER_IMAGE_TAG} - restart: always - user: root - cap_add: - - SYS_PTRACE - ports: - - 2181 - volumes: - - $ZOOKEEPER_HOME:/tmp/zookeeper - - ./scripts/zookeeper_coverage_script.sh:/tmp/coverage_script.sh - environment: - - ALLOW_ANONYMOUS_LOGIN=yes \ No newline at end of file diff --git a/community_images/zookeeper/ironbank/docker.env b/community_images/zookeeper/ironbank/docker.env deleted file mode 100644 index c6964db7e0..0000000000 --- a/community_images/zookeeper/ironbank/docker.env +++ /dev/null @@ -1 +0,0 @@ -ZOOKEEPER_HOME=/tmp diff --git a/community_images/zookeeper/ironbank/docker_coverage.sh b/community_images/zookeeper/ironbank/docker_coverage.sh deleted file mode 100755 index 87c7ba3798..0000000000 --- a/community_images/zookeeper/ironbank/docker_coverage.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash - -set -x -set -e - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker coverage = $JSON" - -# NETWORK_NAME=$(jq -r '.network_name' < "$JSON_PARAMS") -# ENVOY_HOST=$(jq -r '.container_details.envoy.ip_address' < "$JSON_PARAMS") diff --git a/community_images/zookeeper/ironbank/image.yml b/community_images/zookeeper/ironbank/image.yml deleted file mode 100644 index 5e23b4d803..0000000000 --- a/community_images/zookeeper/ironbank/image.yml +++ /dev/null @@ -1,36 +0,0 @@ -name: zookeeper-ib -official_name: Zookeeper IronBank -official_website: https://zookeeper.apache.org/ -source_image_provider: Platform One -source_image_repo: registry1.dso.mil/ironbank/opensource/apache/zookeeper -source_image_repo_link: https://registry1.dso.mil/harbor/projects/3/repositories/opensource%2Fapache%2Fzookeeper -source_image_readme: https://repo1.dso.mil/dsop/opensource/apache/zookeeper/-/blob/development/README.md -rf_docker_link: rapidfort/zookeeper-ib -image_workflow_name: zookeeper_ironbank -github_location: zookeeper/ironbank -report_url: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fapache%2Fzookeeper -usage_instructions: | - $ docker run --name some-zk -d rapidfort/zookeeper-ib:latest -what_is_text: | - Apache ZooKeeper provides a reliable, centralized register of configuration data and services for distributed applications. -disclaimer: | - Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. -input_registry: - registry: registry1.dso.mil - account: ironbank -repo_sets: - - opensource/apache/zookeeper: - input_base_tag: "3.8." - output_repo: zookeeper-ib - - opensource/apache/zookeeper: - input_base_tag: "3.7." - output_repo: zookeeper-ib -runtimes: - - type: docker_compose - script: dc_coverage.sh - compose_file: docker-compose.yml - image_keys: - zookeeper-ib: - repository: "ZOOKEEPER_IMAGE_REPOSITORY" - tag: "ZOOKEEPER_IMAGE_TAG" - diff --git a/community_images/zookeeper/ironbank/k8s_coverage.sh b/community_images/zookeeper/ironbank/k8s_coverage.sh deleted file mode 100755 index 12336a01cf..0000000000 --- a/community_images/zookeeper/ironbank/k8s_coverage.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/bash - -set -x -set -e - -# shellcheck disable=SC1091 -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -# shellcheck disable=SC1091 -. "${SCRIPTPATH}"/coverage.sh - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for k8s coverage = $JSON" - -NAMESPACE=$(jq -r '.namespace_name' < "$JSON_PARAMS") -RELEASE_NAME=$(jq -r '.release_name' < "$JSON_PARAMS") - -# wait for the zookeeper ensemble to come online -sleep 60 - -CONTAINER_NAME="${RELEASE_NAME}-0" -# copy over the script to the pod -kubectl cp "${SCRIPTPATH}"/scripts/zookeeper_coverage_script.sh "${CONTAINER_NAME}":/opt/bitnami/scripts/coverage_script.sh -n "${NAMESPACE}" - -test_zookeeper "${CONTAINER_NAME}" "${NAMESPACE}" "yes" diff --git a/community_images/zookeeper/ironbank/overrides.yml b/community_images/zookeeper/ironbank/overrides.yml deleted file mode 100644 index f201e68505..0000000000 --- a/community_images/zookeeper/ironbank/overrides.yml +++ /dev/null @@ -1,18 +0,0 @@ -image: - pullSecrets: ["rf-regcred"] - pullPolicy: Always -containerSecurityContext: - enabled: true - runAsUser: 1001 - allowPrivilegeEscalation: true - capabilities: - add: ["SYS_PTRACE"] -extraEnvVars: - - name: "RF_VERBOSE" - value: "0" -livenessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 -readinessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 diff --git a/community_images/zookeeper/ironbank/scripts/zookeeper_coverage_script.sh b/community_images/zookeeper/ironbank/scripts/zookeeper_coverage_script.sh deleted file mode 100755 index 12820cfee1..0000000000 --- a/community_images/zookeeper/ironbank/scripts/zookeeper_coverage_script.sh +++ /dev/null @@ -1,47 +0,0 @@ -#!/bin/bash - -set -e -set -x - -# get the server version number -zkServer.sh version - -# print the help message for transactin log command -zkTxnLogToolkit.sh --help || true - -# print the help message for snapshot comparison command -zkSnapshotComparer.sh --help || true - -# print the help message for cleanup command -zkCleanup.sh --help || true - -# run zookeeper specific commands for coverage -zkCli.sh < -RapidFort - - -
- -[![rf-h][rf-h-badge]][rf-view-report-button] -[![DH Image][dh-rf-badge]][rf-dh-image-link] -[![Slack][slack-badge]][slack-link] -[![FOSSA Status][fossa-badge]][fossa-link] - -# RapidFort hardened image for Zookeeper Official - -RapidFort’s container optimization process hardened this Zookeeper Official container. This container is free to use and has no license limitations. - -It is the same as the [The Docker Community Zookeeper Official][source-image-repo-link] image but more secure. - -Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. -
- -[Get the full report here or click on the image below][rf-view-report-link] - -[![Metrics][metrics-link]][rf-image-metrics-link] - -

Vulnerabilities: Original vs. Hardened - -

- -[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] - - -View Report - -
-
- - -## What is Zookeeper Official? - -> Apache ZooKeeper provides a reliable, centralized register of configuration data and services for distributed applications. - - -[Overview of Zookeeper Official](https://zookeeper.apache.org/) - -Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - - -## How do I use this hardened Zookeeper Official image? - -The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. - - -View Detailed Instructions - -
-
- -```sh -docker pull rapidfort/zookeeper-official:latest - -``` - -## What is a hardened image? - -A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. - -This image is a hardened version of the official [The Docker Community Zookeeper Official][source-image-repo-link] image on Docker Hub. - -RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. - -Our hardened images are updated daily using the latest vulnerability information available. - - -View on GitHub - -
-
- -## What’s the difference between the official [The Docker Community Zookeeper Official][source-image-repo-link] image and this hardened image? -RapidFort’s hardened [rapidfort/zookeeper-official][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. - -We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. - -## Supported tags and respective `Dockerfile` links -* [`3.8.1`, `3.8`, `3.8.1-temurin`, `3.8-temurin`, `latest`](https://github.com/31z4/zookeeper-docker/blob/b078affda60681e71b71760740e795328c9d1ab5/3.8.1/Dockerfile) -* [`3.7.1-temurin`, `3.7-temurin`](https://github.com/31z4/zookeeper-docker/blob/5cf119d9c5d61024fdba66f7be707413513a8b0d/3.7.1/Dockerfile) - -## Need support - -Join our slack community for any questions. - - -RapidFort Community Slack - - -## 🌟 Support this project - -[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) - -### [⏫⭐️ Scroll to the star button](#start-of-content) - -If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) -have. - -## Have questions? - -[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] - - -If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. - -
-
- - -[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker - -[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield -[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield - -[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=zookeeper-official&utm_content=rapidfort_have_questions - -[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fzookeeper?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=zookeeper-official&utm_content=rapidfort_footer_logo -[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fzookeeper?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=zookeeper-official&utm_content=view_report_button -[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fzookeeper?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=zookeeper-official&utm_content=view_report_link -[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fzookeeper?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=zookeeper-official&utm_content=image_metrics_link -[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fzookeeper?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=zookeeper-official&utm_content=image_cve_reduction_link - -[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/zookeeper-official?logo=docker&logoColor=white&sort=semver -[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/zookeeper-official?logo=docker&logoColor=white - -[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B -[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q - -[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= -[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/zookeeper/official/assets/metrics.webp -[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/zookeeper/official/assets/cve_reduction.webp - -[source-image-repo-link]: https://hub.docker.com/_/zookeeper -[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/zookeeper-official diff --git a/community_images/zookeeper/official/assets/cve_reduction.webp b/community_images/zookeeper/official/assets/cve_reduction.webp deleted file mode 100644 index 0cb029eddc..0000000000 Binary files a/community_images/zookeeper/official/assets/cve_reduction.webp and /dev/null differ diff --git a/community_images/zookeeper/official/assets/metrics.webp b/community_images/zookeeper/official/assets/metrics.webp deleted file mode 100644 index 172719b484..0000000000 Binary files a/community_images/zookeeper/official/assets/metrics.webp and /dev/null differ diff --git a/community_images/zookeeper/official/coverage.sh b/community_images/zookeeper/official/coverage.sh deleted file mode 100755 index 344e3287c5..0000000000 --- a/community_images/zookeeper/official/coverage.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash - -set -e -set -x - -function test_zookeeper() { - CONTAINER_NAME=$1 - NAMESPACE=$2 - USE_KUBECTL=$3 - - CMD="docker exec -i ${CONTAINER_NAME} bash -c /tmp/coverage_script.sh" - - if [[ "${USE_KUBECTL}" == "yes" ]]; then - CMD="kubectl exec -i ${CONTAINER_NAME} -n ${NAMESPACE} -- bash /tmp/coverage_script.sh" - fi - - $CMD -} \ No newline at end of file diff --git a/community_images/zookeeper/official/docker.env b/community_images/zookeeper/official/docker.env deleted file mode 100644 index c6964db7e0..0000000000 --- a/community_images/zookeeper/official/docker.env +++ /dev/null @@ -1 +0,0 @@ -ZOOKEEPER_HOME=/tmp diff --git a/community_images/zookeeper/official/docker_coverage.sh b/community_images/zookeeper/official/docker_coverage.sh deleted file mode 100755 index 109008160b..0000000000 --- a/community_images/zookeeper/official/docker_coverage.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -set -x -set -e - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for docker coverage = $JSON" diff --git a/community_images/zookeeper/official/image.yml b/community_images/zookeeper/official/image.yml deleted file mode 100644 index 6ffea3c828..0000000000 --- a/community_images/zookeeper/official/image.yml +++ /dev/null @@ -1,49 +0,0 @@ -name: zookeeper-official -official_name: Zookeeper Official -official_website: https://zookeeper.apache.org/ -source_image_provider: The Docker Community -source_image_repo: docker.io/library/zookeeper -source_image_repo_link: https://hub.docker.com/_/zookeeper -source_image_readme: https://github.com/31z4/zookeeper-docker/blob/master/README.md -rf_docker_link: rapidfort/zookeeper-official -image_workflow_name: zookeeper_official -github_location: zookeeper/official -report_url: https://us01.rapidfort.com/app/community/imageinfo/docker.io%2Flibrary%2Fzookeeper -usage_instructions: | - docker pull rapidfort/zookeeper-official:latest -what_is_text: | - Apache ZooKeeper provides a reliable, centralized register of configuration data and services for distributed applications. -disclaimer: | - Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. -docker_links: - - "[`3.8.1`, `3.8`, `3.8.1-temurin`, `3.8-temurin`, `latest`](https://github.com/31z4/zookeeper-docker/blob/b078affda60681e71b71760740e795328c9d1ab5/3.8.1/Dockerfile)" - - "[`3.7.1-temurin`, `3.7-temurin`](https://github.com/31z4/zookeeper-docker/blob/5cf119d9c5d61024fdba66f7be707413513a8b0d/3.7.1/Dockerfile)" -input_registry: - registry: docker.io - account: library -repo_sets: - - zookeeper: - input_base_tag: "3.8." - output_repo: zookeeper-official - - zookeeper: - input_base_tag: "3.7." - output_repo: zookeeper-official - - zookeeper: - input_base_tag: "3.6." - output_repo: zookeeper-official -runtimes: - - type: k8s - script: k8s_coverage.sh - use_helm: False - image_keys: - zookeeper-official: - repository: "image.repository" - tag: "image.tag" - override_file: "overrides.yml" - readiness_wait_pod_name_suffix: - - "" - - type: docker - script: docker_coverage.sh - zookeeper-official: - environment: - ALLOW_ANONYMOUS_LOGIN: yes diff --git a/community_images/zookeeper/official/k8s_coverage.sh b/community_images/zookeeper/official/k8s_coverage.sh deleted file mode 100755 index adac8a5948..0000000000 --- a/community_images/zookeeper/official/k8s_coverage.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/bash - -set -x -set -e - -# shellcheck disable=SC1091 -SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" - -# shellcheck disable=SC1091 -. "${SCRIPTPATH}"/coverage.sh - -JSON_PARAMS="$1" - -JSON=$(cat "$JSON_PARAMS") - -echo "Json params for k8s coverage = $JSON" - -NAMESPACE=$(jq -r '.namespace_name' < "$JSON_PARAMS") -RELEASE_NAME=$(jq -r '.release_name' < "$JSON_PARAMS") - -# wait for the zookeeper ensemble to come online -sleep 60 - -CONTAINER_NAME="${RELEASE_NAME}" -# copy over the script to the pod -kubectl cp "${SCRIPTPATH}"/scripts/zookeeper_coverage_script.sh "${CONTAINER_NAME}":/tmp/coverage_script.sh -n "${NAMESPACE}" - -test_zookeeper "${CONTAINER_NAME}" "${NAMESPACE}" "yes" diff --git a/community_images/zookeeper/official/overrides.yml b/community_images/zookeeper/official/overrides.yml deleted file mode 100644 index f201e68505..0000000000 --- a/community_images/zookeeper/official/overrides.yml +++ /dev/null @@ -1,18 +0,0 @@ -image: - pullSecrets: ["rf-regcred"] - pullPolicy: Always -containerSecurityContext: - enabled: true - runAsUser: 1001 - allowPrivilegeEscalation: true - capabilities: - add: ["SYS_PTRACE"] -extraEnvVars: - - name: "RF_VERBOSE" - value: "0" -livenessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 -readinessProbe: - initialDelaySeconds: 30 - timeoutSeconds: 30 diff --git a/community_images/zookeeper/official/scripts/zookeeper_coverage_script.sh b/community_images/zookeeper/official/scripts/zookeeper_coverage_script.sh deleted file mode 100755 index 12820cfee1..0000000000 --- a/community_images/zookeeper/official/scripts/zookeeper_coverage_script.sh +++ /dev/null @@ -1,47 +0,0 @@ -#!/bin/bash - -set -e -set -x - -# get the server version number -zkServer.sh version - -# print the help message for transactin log command -zkTxnLogToolkit.sh --help || true - -# print the help message for snapshot comparison command -zkSnapshotComparer.sh --help || true - -# print the help message for cleanup command -zkCleanup.sh --help || true - -# run zookeeper specific commands for coverage -zkCli.sh <