Try   HackMD

Using WhiteSource Renovate for your Docker Projects

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

Photo by Sigmund on Unsplash

What is Docker?

Docker makes it super easy for developers to create, deploy, and run applications using Docker containers. Docker lets developers containerize applications into a package containing all that is needed to run them.

You can think of a Docker container as a complete environment that can run your applications. A container can be managed using a CLI-for example, CircleCI or Docker API-or the cloud-for example, Azure or On-Premises. Docker containers can run on Windows and Linux OS.

Containerized applications use fewer resources than virtual machines as they start and stop faster, making Docker an efficient choice.

Run your Python Flask app with Docker

In the next series of steps, you will create the flask app in Python and write the requirements.txt and Dockerfile. If you want to skip to the running with Docker part directly, go directly to step 4 after cloning.

Clone repository from GitHub:

git clone <https://github.com/soumi7/renovate-docker.git>
cd renovate-docker

Let's create a simple flask API and run it with Docker

1. Create an app.py folder in the root folder:

from flask import Flask, request, jsonify, render_template, url_for

app = Flask(__name__)

@app.route('/')
def home():
    return 'Hello World'

@app.route('/predict_api', methods=["GET","POST"])
def list_post():
    json_body = request.get_json()
    predictions = 2 * json_body[0]   
    predictions = list(predictions)
    return jsonify(results = predictions)

if __name__ == '__main__':
    app.run(host='0.0.0.0',port=5000)

2. Create a Dockerfile in the root folder:

FROM python:3.6-slim
COPY ./app.py /deploy/
COPY ./requirements.txt /deploy/
WORKDIR /deploy/
RUN pip3 install --no-cache-dir -r requirements.txt
EXPOSE 80
ENTRYPOINT ["python", "app.py"]

3. Create a requirements.txt file with the dependencies, which in our simple app, is just flask:

Flask==1.1.1

4. Install Docker:

Remove the existing docker versions:

sudo apt-get remove docker docker-engine docker.io containerd runc

Install Docker:

sudo apt-get update

sudo apt-get install docker-ce docker-ce-cli containerd.io

You can verify the installation success by running the hello-world image:

sudo docker run hello-world

5. To get a docker image:

sudo docker build -t app-test .

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

6. The image is built and ready to run. We can do this using the command:

sudo docker run -p 5000:5000 app-test .

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

Open the link in your browser. The app is running perfectly! Push all this code to a Repository on your GitHub.

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

What are Open Source Security Vulnerabilities?

Now that your application is built and containerized with Docker, you are ready to host it. However, you forgot about one thing! The dependencies in your application! As new versions of open source libraries get released, the older versions deprecate. These versions become vulnerable to security issues like DDoS attacks. You, as the maintainer, will have to keep, check, and update these dependencies constantly. That's time consuming, right?

There are several developer tools to tackle open source vulnerabilities. These save time and reduce risk. Some of them include Node Security Project (NSP) which identifies threats in node.js applications, OSSIndex which covers NET/C#, Java and JavaScript, Gemnasium for python, Java, Go, and more.

For this article, I'll be using WhiteSource Renovate, which identifies potential security vulnerabilities in applications. It detects the level of security threats that the application presently has and suggests fixes automatically as Pull Requests on Github, for e.g. dependency updates. It identifies the dependency manager automatically and suggests major or minor changes.

Renovate continuously runs in real time to identify the latest available versions. It is available free for NPM and as a Github App for both public and private repositories.

Self Hosting Renovate with Docker

WhiteSource Renovate is available for Docker here: renovate/renovate.

How it Works

  1. Renovate will search for any files matching each manager's configured fileMatch pattern(s) in each repository.
  2. It parses the matching files. Renovate will check the files for any Docker image references, e.g., FROM lines in the Dockerfile.
  3. If the image tag used looks like a version, Renovate will check the Docker registry for upgrades.

Preservation of Version Precision

Renovate preserves the precision level laid out in the Docker images by default. If the existing image is pinned at img:1.1, Renovate will not propose upgrades to img:1.2.0 or img:1.3.0. Renovate will only propose upgrades to img:1.2 and img:1.3.

Now, lets go ahead and self host Renovate with Docker:

Create a config.js file:

module.exports = {
    endpoint: 'https://api.github.com/',
    token: GITHUB_ACCESS_TOKEN,
    platform: 'github',
    logLevel: 'debug',
    onboardingConfig: {
        extends: ['config:base'],
    },
    
    repositories: ['YOUR_USERNAME/YOUR_REPO_NAME],
    renovateFork: true,
    gitAuthor: "YOUR_NAME <YOUR_EMAIL_ID>",
    username: "YOUR_GITHUB_USERNAME",
    onboarding: false,
    printConfig: true,
    requireConfig: false,
};

Now before you add the access token, you will need to generate one:

Go to Settings on your GitHub profile, then go to Developer tools and Personal access tokens and finally click on Generate new token:

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

Copy and save it somewhere to get back to it.

Add your details appropriately in the config.js file:

module.exports = {
    endpoint: 'https://api.github.com/',
    token: GITHUB_ACCESS_TOKEN,
    platform: 'github',
    logLevel: 'debug',
    onboardingConfig: {
        extends: ['config:base'],
    },

    repositories: ['YOUR_USERNAME/YOUR_REPO_NAME],
    renovateFork: true,
    gitAuthor: "YOUR_NAME <YOUR_EMAIL_ID>",
    username: "YOUR_GITHUB_USERNAME",
    onboarding: false,
    printConfig: true,
    requireConfig: false,
};

Now you are ready to go! You will first need to migrate your config.js. Type this in your terminal:

docker run --rm -v "/home/USER_NAME/REPO_NAME/.github/config.js:/usr/src/app/config.js" renovate/renovate

This will also pull the latest version of Renovate.

If you mistakenly push your config to GitHub, GitHub will automatically revoke that token, and you will have to generate another one.

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

Voila! It is working! If any of your dependencies are not updated, a PR will be created to your GitHub repository! Here, since Renovate identifies the Dockerfile as the dependency manager, it identifies open source vulnerabilities in your Dockerfile.

Now we will remove the Dockerfile. We only have a requirements.txt file for managing dependencies now.  Don't forget to push this change to GitHub; otherwise, the changes in the following steps will not be visible.

The flask version is 1.1.1 in the requirements.txt. Run Renovate with Docker again:

docker run --rm -v "/home/[YOURSYSTEM]/renovate-docker/.github/config.js:/usr/src/app/config.js" renovate/renovate:25.18.4

Notice how the requirements file is identified as the dependency manager now. PRs will now be made to requirements.txt. Now you will see this PR created to your repository on GitHub.

That's it! I hope this article helped.

Last changed by 
leviboroditsky
0
2069

Read more

Kubernetes Cost Optimization: Strategies for Reducing Cluster Spend

Kubernetes offers unmatched scalability and flexibility, but improper management can lead to escalating costs, especially in large-scale projects. Kubernetes cost optimization is essential to ensure efficiency without overspending. This article explores practical tips for reducing Kubernetes expenses, including optimizing resource allocation, scaling effectively, and eliminating unnecessary overheads. 1. Rightsize Your Pods and Nodes One of the most effective ways to reduce Kubernetes costs is to ensure that your pods and nodes are appropriately sized for their workloads. Over-provisioning resources leads to wasted compute power and higher costs, while under-provisioning can cause performance issues. Request and Limit Settings: Set resource requests and limits for each pod accurately. Requests specify the minimum resources needed, while limits define the maximum amount that can be consumed. By setting these values correctly, you can prevent resources from being over-allocated, which results in Kubernetes cost optimization. Vertical Pod Autoscaler (VPA): VPA automatically adjusts resource requests and limits based on real-time usage. It helps keep pods running efficiently without wasting resources. Implement VPA to dynamically adjust your workloads and reduce unnecessary resource allocation. Node Sizing: Choose the correct instance types for your nodes based on workload requirements. Avoid using large nodes for small workloads or vice versa, as this can lead to resource inefficiencies and higher Kubernetes costs. 2. Autoscaling

Dec 30, 2024
Microservices Architecture: A Modern Approach to Software Development

Introduction In the world of software development, Microservices Architecture stands tall as a modern approach that&apos;s gaining popularity day by day. It&apos;s a way of building software where big applications are divided into small, independent services. Each service does its own special job and runs independently. This approach brings flexibility, scalability, and resilience to the software development process. What is Microservices Architecture? Microservices architecture is a software development methodology in which applications are built using small, autonomous services that interact via clearly defined APIs. Each service focuses on a distinct business function, enabling separate development, deployment, and scaling. This contrasts with monolithic architecture, where the entire application is developed and deployed as one entity. Benefits of Microservices Architecture By embracing microservices architecture, software development becomes more flexible and scalable, allowing teams to adapt quickly to changing needs. This modular approach improves resilience and makes maintenance easier, ensuring smoother operation of complex systems. Scalability

May 3, 2024
API Security Made Easy With OpenAPI

Introduction APIs back the connectivity of digital services by enabling custom, out-of-the-box implementations built on the language of choice. APIs are universal and are brilliant at doing what they are, which is accepting a pre-determined payload, performing the necessary operations, and returning the response. The behavior of APIs largely proves beneficial but also poses unknown vulnerabilities and security flaws when designed and built from scratch without considering API necessities. The ground truth is that anything developed without considering battle-tested frameworks and specifications with industry best practices lacks security and reliability. An inevitable consideration when API security and efficiency are involved is OpenAPI. Let&apos;s explore that in detail. Why OpenAPI? A misconception among engineers and developers is that the cloud covers all security aspects. All they need to consider is implementing API security best practices while developing and integrating the APIs. But, there is much more involved in API design and development than what meets the eye. Design, testing, governance, monitoring, optimizations, and more aspects are involved in shaping reliable APIs. OpenAPI encapsulates the abstractions, making API design and development effortless. OpenAPI is a highly adopted API specification language that guarantees performance with advanced security and straightforward implementations with detailed documentation. What is OpenAPI security and how it outperforms traditional API security practices are vital aspects to understand for architecting performant and resilient APIs.

Dec 26, 2023
Extracting Value from Your Data: Key Strategies to Implement

In today’s data-driven world, businesses that harness the power of their data gain a competitive advantage. Extracting value from data isn’t just about collecting vast amounts of information; it’s about making sense of it, uncovering insights, and using those insights to drive informed decision-making. In this article, we’ll explore key strategies for extracting value from your data and provide examples to illustrate these strategies.

Nov 28, 2023
Read more from leviboroditsky
Published on HackMD