Provide a private docker repository as a source of the 'docker' image used with the -p option about ksniff HOT 18 OPEN

Currently reviewing #113

Thanks @kdihalas!

from ksniff.

image option already there but failed to pull corfr/tcpdump

from ksniff.

Yes @bostrt I am required to provide an image pull secret as well as define a private registry (endpoint, path and version) like:

<server>.<domain>/foo/<image_name>:<tag>

This would be very helpful.

from ksniff.

As a small workaround. Could we maybe at least change the pullpolicy to IfNotPresent?
So we could load manually the needed image on the nodes and it would be fetch locally

from ksniff.

Yeah, I think this is a good idea. I work with a lot people using offline or somehow network-restricted clusters and copying dependent images around to satisfy a tool can be a huge pain or not an option.

ksniff would need to be modified to check the given container image has the necessary binaries (tcpdump, docker, nsenter, i think that's it).

from ksniff.

I'll work on this after some other higher priority changes (around new cri-o support) are being wrapped up.

from ksniff.

Hi!
@bostrt @segeva @eldadru
Are there any updates on this one? This would really needed for us, as we might have some restrictions of pulling images from Docker Hub, which makes us problems to use the "-p" option (that we sometime need to use).
So I really hope that this could solve that for us.
So please @bostrt @segeva @eldadru , if you have any updates on this one! ;-)
Cheers and thanks alot! :-)

from ksniff.

Hi @Makusi75, we've recently wrapped up some of the bigger changes I mentioned back in December. I'll start taking a look at this one. Its been making ksniff unusable for me too in some lab environments.

from ksniff.

Hello all,

I'd like to get some more input:

Ksniff has a 3 images that are either hard-coded in to either use docker.io or no way to override the repo name. There's potentially a 4th image coming as microk8s support is considered.

We could add options for each (e.g. --docker-client-image, --containerd-image, --tcpdump-image), but this seems a little unwieldy for both ksniff developer and users alike.

Is any one aware of more clever solutions?
Are you using private mirror registries or building alternative images yourself?
Would users need to override hostname (docker.io), repo, image name, and potentially tag?

from ksniff.

Yes, directing to a private repository would be very helpful. It might require the ability to apply a image pull secret as well.

from ksniff.

It might require the ability to apply a image pull secret as well.

Yes good point. Thanks for mentioning that.

from ksniff.

Would it be possible to edit the manifest once the ksniff pod was created?

from ksniff.

I am required to provide an image pull secret as well as define a private registry

@jeffcouch21 thanks for the reminder about pull secret. That will be included in the feature.

Would it be possible to edit the manifest once the ksniff pod was created?

Since the ksniff Pod is deployed as Pod (not a Depoyment, etc) we can't edit it live. A viable option would be to have ksniff export Pod YAML so the user can create it manually but I'm not a fan of that at least for now. It would require considerable reworking in other parts of ksniff.

As a small workaround. Could we maybe at least change the pullpolicy to IfNotPresent?
So we could load manually the needed image on the nodes and it would be fetch locally

Yeah, I'll keep this in consideration. Right now, there's a mix-and-match of pull policies and unifying this make lead to a better experience.

Just posting this for reference: https://kubernetes.io/docs/concepts/containers/images/#updating-images

from ksniff.

Hi! @bostrt Any news about this one? When this might be implemented in some release? ;-)
Thanks! :-)

from ksniff.

Yeah. Facing the same problem with maintained/tcpdump:latest image.

from ksniff.

Hi @Makusi75 @szihai, sorry for the delay. I'm coming back around to this after recent change in day-job and long vacation :)

from ksniff.

#113 has been merged!

I would appreciate more testing from anyone else with access to environments like AKS or EKS to test.

from ksniff.

@bostrt any progress in this?
Was it more testing that was needed?
Or anybody else that got a working solution for this?

from ksniff.