Package/Container Scanners
  • 27 Sep 2021
  • 2 Minutes to read
  • Dark
  • PDF

Package/Container Scanners

  • Dark
  • PDF

ProGet can connect to an external resource such as Otter or Kubernetes to collect and display where your Docker container images are used.

Configuring a Container Scanners

To begin displaying container usage, you must first configure a container scanner; this is done on the Manage Feed > Usage & Scanning page.

Container scanners are an extensible component, which means you can create your own extension.

  • Otter
  • Kubernetes

Configuring Otter

Otter can be configured to collect container usage from your servers. See server packages in the Otter documentation for instructions on configuring this feature.

Once Otter has been configured to collect container data, you will need to create an API key that allows access to the Package/Container Usage API.

Once this key has been created, you are ready to add the Otter scanner to ProGet.

Configuring Kubernetes

ProGet can scan your Kubernetes cluster and identify which Docker container images stored in ProGet are currently in use. It does this by connecting to Kubernetes via the Kubernetes API.

Kubernetes API

ProGet uses the Kubernetes Web API to scan for running images on your infrastructure. The Kubernetes API is not always enabled by default. In order to enable access to the Kubernetes API, you will need to run the following command.

kubectl proxy --port=8080

The port specifies which port the API is listening to requests on.

Kubernetes API Authentication

There are many ways to setup authentication. You can see more information on authorizing the Kubernetes API in the authorization documentation. Currently ProGet supports Basic Authentication and Bearer Tokens.

Creating The Kubernetes Scanner

To enable ProGet to scan the Kubernetes cluster, you must first install the Kubernetes extension under Administration->Extensions.

When you create your source, you will need to enter the Kubernetes API URL and select what type of authentication is required to connect to the API. Please note that the User Name and Password fields are only used when selecting Basic Authentication. If you select the Bearer Token authentication type, you will need to supply a Bearer Token.

Adding The Kubernetes Scanner To A Feed

A Kubernetes Scanner can be used for one or more container registries. To add the scanner to your registry, navigate to the feed you would like to add the scanner to. Then, click the Manage Feed button in the upper right corner and then click the Usage tab. You can then add then add the scanner to the registry by clicking the add link at the top of the Feed Container Usage Scanner Sources table.

Viewing Container Usage

Once data has been collected, container images in ProGet will now have a Usage tab. Click this tab to display a list of every server that is using the image, along with other relevant information such as container name and status.

Was this article helpful?