Containerd provider¶
About¶
The Containerd provider allows you to analyze containers from a containerd instance through its gRPC API socket to extract images found and check for updates on the registry.
Quick start¶
Here we use a single Containerd provider with a minimum configuration to analyze
labeled containers in the default namespace of your local containerd instance.
watch:
workers: 20
schedule: "0 */6 * * *"
providers:
containerd: {}
If Diun runs from the Docker image, mount the containerd socket:
services:
diun:
image: crazymax/diun:latest
command: serve
volumes:
- "./data:/data"
- "/run/containerd/containerd.sock:/run/containerd/containerd.sock"
- "./diun.yml:/diun.yml:ro"
environment:
- "TZ=Europe/Paris"
- "LOG_LEVEL=info"
restart: always
Then run a labeled container with nerdctl:
nerdctl run -d --name redis --label diun.enable=true redis:6.2.3-alpine
Configuration¶
Hint
Environment variable DIUN_PROVIDERS_CONTAINERD=true can be used to enable this provider with default values.
endpoint¶
Containerd gRPC socket to connect to. Local containerd socket if empty.
File
providers:
containerd:
endpoint: "/run/containerd/containerd.sock"
Environment variables
DIUN_PROVIDERS_CONTAINERD_ENDPOINT
namespaces¶
Containerd namespaces to query (default default).
File
providers:
containerd:
namespaces:
- default
- production
Environment variables
DIUN_PROVIDERS_CONTAINERD_NAMESPACES
watchByDefault¶
Enable watch by default. If false, containers that don't have diun.enable=true label will be ignored (default false).
File
providers:
containerd:
watchByDefault: false
Environment variables
DIUN_PROVIDERS_CONTAINERD_WATCHBYDEFAULT
watchStopped¶
Include stopped containers too (default false).
File
providers:
containerd:
watchStopped: false
Environment variables
DIUN_PROVIDERS_CONTAINERD_WATCHSTOPPED
Containerd labels¶
You can configure more finely the way to analyze the image of your container through containerd labels:
| Name | Default | Description |
|---|---|---|
diun.enable |
Set to true to enable image analysis of this container | |
diun.regopt |
Registry options name to use | |
diun.watch_repo |
false |
Watch all tags of this container image (be careful with this setting) |
diun.notify_on |
new;update |
Semicolon separated list of status to be notified: new, update |
diun.sort_tags |
reverse |
Sort tags method if diun.watch_repo enabled. One of default, reverse, semver, lexicographical |
diun.max_tags |
0 |
Maximum number of tags to watch if diun.watch_repo enabled. 0 means all of them |
diun.include_tags |
Semicolon separated list of regular expressions to include tags. If set, replaces defaults.includeTags for this image. Can be useful if you enable diun.watch_repo |
|
diun.exclude_tags |
Semicolon separated list of regular expressions to exclude tags. If set, replaces defaults.excludeTags for this image. Can be useful if you enable diun.watch_repo |
|
diun.hub_link |
automatic | Set registry hub link for this image |
diun.platform |
automatic | Platform to use (e.g. linux/amd64) |
diun.metadata.* |
See below | Additional metadata that can be used in notification template (e.g. diun.metadata.foo=bar) |
Default metadata¶
| Key | Description |
|---|---|
diun.metadata.ctn_id |
Container ID |
diun.metadata.ctn_name |
Container name |
diun.metadata.ctn_image |
Container image |
diun.metadata.ctn_namespace |
Container namespace |
diun.metadata.ctn_createdat |
Container created at |
diun.metadata.ctn_updatedat |
Container updated at |
diun.metadata.ctn_runtime |
Container runtime |
diun.metadata.ctn_snapshotter |
Snapshotter name |
diun.metadata.ctn_snapshot_key |
Snapshot key |
diun.metadata.ctn_status |
Task status |