Add Image.yml and README.md for thanos, prometheus and airflow (#965)

* add files Signed-off-by: Vandit Singh <[email protected]> * use rapidfort redis and postgres Signed-off-by: Vandit Singh <[email protected]> --------- Signed-off-by: Vandit Singh <[email protected]>
rapidfort · Jan 13, 2025 · 2f16010 · 2f16010
1 parent 11f176d
commit 2f16010
Show file tree

Hide file tree

Showing 9 changed files with 1,989 additions and 0 deletions.
diff --git a/README.md b/README.md
diff --git a/community_images/airflow/airflow/ironbank/README.md b/community_images/airflow/airflow/ironbank/README.md
@@ -0,0 +1,248 @@
+[![RapidFort][rapidfort-logo-header-svg]][rapidfort-logo-header-link]
+
+<br>
+
+
+[![rf-h][rf-h-badge]][rf-view-report-button]
+[![DH Image][dh-rf-badge]][rf-dh-image-link]
+[![Slack][slack-badge]][slack-link]
+[![FOSSA Status][fossa-badge]][fossa-link]
+
+
+[![Zero cve images][zero-cve-images-svg]][zero-cve-images-link]
+<br />
+
+
+# RapidFort hardened image for Apache Airflow Ironbank
+
+
+RapidFort has optimized and hardened this Apache Airflow Ironbank container image. This container is free to use and has no license limitations.
+
+
+This optimized image is functionally equivalent to [Platform One Apache Airflow Ironbank][source-image-repo-link] image but more secure with a significantly smaller software attack surface.
+
+[![Vulnerabilities by severity][vulns-chart-svg]][vulns-chart-link]
+
+[![Original vs. this image][savings-svg]][savings-link]
+
+[![View Report][full-report-svg]][full-report-link]
+
+<br>
+<br>
+
+
+Every day, RapidFort automatically optimizes and hardens a growing bank of Docker Hub’s most important container images. 
+
+Check out our [entire library of secured container images.](https://hub.docker.com/u/rapidfort)
+<br>
+
+[Get the full report here or click on the image below][rf-view-report-link]
+
+## What is Apache Airflow Ironbank?
+
+> Apache Airflow (or simply Airflow) is a platform to programmatically author, schedule, and monitor workflows.
+
+When workflows are defined as code, they become more maintainable, versionable, testable, and collaborative.
+
+Use Airflow to author workflows as directed acyclic graphs (DAGs) of tasks. The Airflow scheduler executes your tasks on an array of workers while following the specified dependencies. Rich command line utilities make performing complex surgeries on DAGs a snap. The rich user interface makes it easy to visualize pipelines running in production, monitor progress, and troubleshoot issues when needed.
+
+
+[Overview of Apache Airflow Ironbank](https://airflow.apache.org/)
+
+Disclaimer: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement.
+
+
+## How do I use this hardened Apache Airflow Ironbank image?
+
+
+
+The runtime instructions for this hardened container image are the same as the official release. Follow the instructions provided with the [Platform One Apache Airflow Ironbank][source-image-repo-link].
+
+
+[![View Detailed Instructions](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/view_details.svg)](https://repo1.dso.mil/dsop/opensource/apache/airflow/airflow/-/blob/development/README.md)
+
+<br>
+<br>
+
+```sh
+# Create a network
+docker network create airflow-tier
+
+# Create a volume for PostgreSQL persistence and create a PostgreSQL container
+docker volume create --name postgresql_data
+docker run -d --name postgresql \
+  -e POSTGRESQL_USERNAME=rf_airflow \
+  -e POSTGRESQL_PASSWORD=rapidfort1 \
+  -e POSTGRESQL_DATABASE=rapidfort_airflow \
+  --net airflow-tier \
+  --volume postgresql_data:/bitnami/postgresql \
+  bitnami/postgresql:latest
+
+# Create a volume for Redis(R) persistence and create a Redis(R) container
+docker volume create --name redis_data
+docker run -d --name redis \
+  -e ALLOW_EMPTY_PASSWORD=yes \
+  --net airflow-tier \
+  --volume redis_data:/bitnami \
+  bitnami/redis:latest
+
+# Launch the Apache Airflow web container
+docker run -d --name airflow -p 8080:8080 \
+  -e AIRFLOW_FERNET_KEY=46BKJoQYlPPOexq0OhDZnIlNepKFf87WFwLbfzqDDho= \
+  -e AIRFLOW_SECRET_KEY=a25mQ1FHTUh3MnFRSk5KMEIyVVU2YmN0VGRyYTVXY08= \
+  -e AIRFLOW_EXECUTOR=CeleryExecutor \
+  -e AIRFLOW_DATABASE_NAME=rapidfort_airflow \
+  -e AIRFLOW_DATABASE_USERNAME=rf_airflow \
+  -e AIRFLOW_DATABASE_PASSWORD=rapidfort1 \
+  -e AIRFLOW_LOAD_EXAMPLES=yes \
+  -e AIRFLOW_PASSWORD=rapidfort123 \
+  -e AIRFLOW_USERNAME=user \
+  -e [email protected] \
+  --net airflow-tier \
+  rapidfort/airflow-ib:latest
+
+# Launch the Apache Airflow scheduler container
+docker run -d --name airflow-scheduler \
+  -e AIRFLOW_COMPONENT_TYPE=scheduler \
+  -e AIRFLOW_FERNET_KEY=46BKJoQYlPPOexq0OhDZnIlNepKFf87WFwLbfzqDDho= \
+  -e AIRFLOW_SECRET_KEY=a25mQ1FHTUh3MnFRSk5KMEIyVVU2YmN0VGRyYTVXY08= \
+  -e AIRFLOW_EXECUTOR=CeleryExecutor \
+  -e AIRFLOW_DATABASE_NAME=rapidfort_airflow \
+  -e AIRFLOW_DATABASE_USERNAME=rf_airflow \
+  -e AIRFLOW_DATABASE_PASSWORD=rapidfort1 \
+  -e AIRFLOW_LOAD_EXAMPLES=yes \
+  -e AIRFLOW_WEBSERVER_HOST=airflow \
+  --net airflow-tier \
+  rapidfort/airflow-ib:latest
+
+# Launch the Apache Airflow worker container
+docker run -d --name airflow-worker \
+  -e AIRFLOW_COMPONENT_TYPE=worker \
+  -e AIRFLOW_FERNET_KEY=46BKJoQYlPPOexq0OhDZnIlNepKFf87WFwLbfzqDDho= \
+  -e AIRFLOW_SECRET_KEY=a25mQ1FHTUh3MnFRSk5KMEIyVVU2YmN0VGRyYTVXY08= \
+  -e AIRFLOW_EXECUTOR=CeleryExecutor \
+  -e AIRFLOW_DATABASE_NAME=rapidfort_airflow \
+  -e AIRFLOW_DATABASE_USERNAME=rf_airflow \
+  -e AIRFLOW_DATABASE_PASSWORD=rapidfort1 \
+  -e AIRFLOW_WEBSERVER_HOST=airflow \
+  --net airflow-tier \
+  rapidfort/airflow-ib:latest
+
+```
+
+## What is a hardened image?
+
+A hardened container image is a functionally equivalent copy of a container image that has been optimized by removing unnecessary software components, significantly reducing its software attack surface and improving its security. Removing unnecessary software components is a critical practice to protect your infrastructure from attacks and limiting the blast radius of any attacks.
+
+This image is a hardened version of the official [Platform One Apache Airflow Ironbank][source-image-repo-link] image on Docker Hub.
+
+RapidFort is the pioneering Software Attack Surface Management (SASM) platform in the market. Many container images can be reduced by 60-90%, have far fewer vulnerabilities, and load much faster because of their reduced size. Learn more at [RapidFort.com][rf-link].
+
+Vulnerability reports for RapidFort's hardened images are updated daily to include newly discovered vulnerabilities and fixes.
+
+
+[![View on GitHub](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/view_github.svg)](https://github.com/rapidfort/community-images/tree/main/community_images/airflow/airflow/ironbank)
+<br>
+<br>
+
+## What’s the difference between the official [Platform One Apache Airflow Ironbank][source-image-repo-link] image and this hardened image?
+RapidFort’s hardened [rapidfort/airflow-ib][rf-dh-image-link] image has been optimized by RapidFort's SASM platform and is functionally equivalent to the original image.
+
+We are big fans of open-source software and secure software development. RapidFort's community images are our way of giving back to the community and helping reduce the burden on security and development teams.
+
+## Supported tags and respective `Dockerfile` links
+
+## Need support
+
+Join our slack community for any questions.
+
+[![RapidFort Community Slack][slack-png]][slack-link]
+
+## 🌟 Support this project
+
+[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers)
+
+### [⏫⭐️ Scroll to the star button](#start-of-content)
+
+If you find this project useful, please star this repo just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) have.
+
+## Have questions?
+
+[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/logo_light.svg)][rf-rapidfort-footer-logo-link]
+
+
+Learn more about RapidFort's pioneering Software Attack Surface Management platform at [RapidFort.com][rf-link].
+
+<br>
+<br>
+
+[rapidfort-logo-header-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fapache%2Fairflow%2Fairflow?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=airflow-ib&utm_content=rapidfort_logo
+
+[rapidfort-logo-header-svg]: https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/logo_light.svg
+
+
+[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker
+
+[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield
+
+[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield
+
+[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=airflow-ib&utm_content=rapidfort_have_questions
+
+[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fapache%2Fairflow%2Fairflow?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=airflow-ib&utm_content=rapidfort_footer_logo
+
+[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fapache%2Fairflow%2Fairflow?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=airflow-ib&utm_content=view_report_button
+
+[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fapache%2Fairflow%2Fairflow?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=airflow-ib&utm_content=view_report_link
+
+[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fapache%2Fairflow%2Fairflow?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=airflow-ib&utm_content=image_metrics_link
+
+[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fapache%2Fairflow%2Fairflow?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=airflow-ib&utm_content=image_cve_reduction_link
+
+[rf-image-savings-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fapache%2Fairflow%2Fairflow?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=airflow-ib&utm_content=image_savings_link
+
+[rf-image-vulns-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fapache%2Fairflow%2Fairflow?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=airflow-ib&utm_content=vulns_link
+
+[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/airflow-ib?logo=docker&logoColor=white&sort=semver
+
+[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/airflow-ib?logo=docker&logoColor=white
+
+[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B
+
+[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q
+
+[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII=
+
+[source-image-repo-link]: https://registry1.dso.mil/harbor/projects/3/repositories/opensource%2Fapache%2Fairflow%2Fairflow
+
+[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/airflow-ib
+
+
+[savings-svg]: https://github.com/rapidfort/community-images/raw/main/community_images/airflow/airflow/ironbank/assets/savings.svg
+
+[savings-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fapache%2Fairflow%2Fairflow?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=airflow-ib&utm_content=image_savings_link
+
+[vulns-chart-svg]: https://github.com/rapidfort/community-images/raw/main/community_images/airflow/airflow/ironbank/assets/vulns_charts.svg
+
+[vulns-chart-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fapache%2Fairflow%2Fairflow?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=airflow-ib&utm_content=vulns_charts
+
+[full-report-svg]: https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/full_report.svg
+
+[full-report-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fapache%2Fairflow%2Fairflow?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=airflow-ib&utm_content=get_full_report_button
+
+[instructions-svg]: https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/view_details.svg
+
+[zero-cve-images-link]: https://hub.rapidfort.com/repositories?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=airflow-ib&utm_content=zero_vulns_cve
+
+[zero-cve-images-svg]: https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/zero_cve_images_link.svg
+
+[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q
+
+[slack-png]: https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_banner.png
+
+
+
+
+
+
+
diff --git a/community_images/airflow/airflow/ironbank/image.yml b/community_images/airflow/airflow/ironbank/image.yml
@@ -0,0 +1,86 @@
+name: airflow-ib
+official_name: Apache Airflow Ironbank
+official_website: https://airflow.apache.org/
+source_image_provider: Platform One
+source_image_repo: registry1.dso.mil/ironbank/opensource/apache/airflow/airflow
+source_image_repo_link: https://registry1.dso.mil/harbor/projects/3/repositories/opensource%2Fapache%2Fairflow%2Fairflow
+source_image_readme: https://repo1.dso.mil/dsop/opensource/apache/airflow/airflow/-/blob/development/README.md
+rf_docker_link: rapidfort/airflow-ib
+image_workflow_name: airflow_airflow_ironbank
+github_location: airflow/airflow/ironbank
+report_url: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fapache%2Fairflow%2Fairflow
+usage_instructions: |
+  # Create a network
+  docker network create airflow-tier
+  
+  # Create a volume for PostgreSQL persistence and create a PostgreSQL container
+  docker volume create --name postgresql_data
+  docker run -d --name postgresql \
+    -e POSTGRESQL_USERNAME=rf_airflow \
+    -e POSTGRESQL_PASSWORD=rapidfort1 \
+    -e POSTGRESQL_DATABASE=rapidfort_airflow \
+    --net airflow-tier \
+    --volume postgresql_data:/bitnami/postgresql \
+    rapidfort/postgresql:latest
+  
+  # Create a volume for Redis(R) persistence and create a Redis(R) container
+  docker volume create --name redis_data
+  docker run -d --name redis \
+    -e ALLOW_EMPTY_PASSWORD=yes \
+    --net airflow-tier \
+    --volume redis_data:/bitnami \
+    rapidfort/redis:latest
+  
+  # Launch the Apache Airflow web container
+  docker run -d --name airflow -p 8080:8080 \
+    -e AIRFLOW_FERNET_KEY=46BKJoQYlPPOexq0OhDZnIlNepKFf87WFwLbfzqDDho= \
+    -e AIRFLOW_SECRET_KEY=a25mQ1FHTUh3MnFRSk5KMEIyVVU2YmN0VGRyYTVXY08= \
+    -e AIRFLOW_EXECUTOR=CeleryExecutor \
+    -e AIRFLOW_DATABASE_NAME=rapidfort_airflow \
+    -e AIRFLOW_DATABASE_USERNAME=rf_airflow \
+    -e AIRFLOW_DATABASE_PASSWORD=rapidfort1 \
+    -e AIRFLOW_LOAD_EXAMPLES=yes \
+    -e AIRFLOW_PASSWORD=rapidfort123 \
+    -e AIRFLOW_USERNAME=user \
+    -e [email protected] \
+    --net airflow-tier \
+    rapidfort/airflow-ib:latest
+  
+  # Launch the Apache Airflow scheduler container
+  docker run -d --name airflow-scheduler \
+    -e AIRFLOW_COMPONENT_TYPE=scheduler \
+    -e AIRFLOW_FERNET_KEY=46BKJoQYlPPOexq0OhDZnIlNepKFf87WFwLbfzqDDho= \
+    -e AIRFLOW_SECRET_KEY=a25mQ1FHTUh3MnFRSk5KMEIyVVU2YmN0VGRyYTVXY08= \
+    -e AIRFLOW_EXECUTOR=CeleryExecutor \
+    -e AIRFLOW_DATABASE_NAME=rapidfort_airflow \
+    -e AIRFLOW_DATABASE_USERNAME=rf_airflow \
+    -e AIRFLOW_DATABASE_PASSWORD=rapidfort1 \
+    -e AIRFLOW_LOAD_EXAMPLES=yes \
+    -e AIRFLOW_WEBSERVER_HOST=airflow \
+    --net airflow-tier \
+    rapidfort/airflow-ib:latest
+  
+  # Launch the Apache Airflow worker container
+  docker run -d --name airflow-worker \
+    -e AIRFLOW_COMPONENT_TYPE=worker \
+    -e AIRFLOW_FERNET_KEY=46BKJoQYlPPOexq0OhDZnIlNepKFf87WFwLbfzqDDho= \
+    -e AIRFLOW_SECRET_KEY=a25mQ1FHTUh3MnFRSk5KMEIyVVU2YmN0VGRyYTVXY08= \
+    -e AIRFLOW_EXECUTOR=CeleryExecutor \
+    -e AIRFLOW_DATABASE_NAME=rapidfort_airflow \
+    -e AIRFLOW_DATABASE_USERNAME=rf_airflow \
+    -e AIRFLOW_DATABASE_PASSWORD=rapidfort1 \
+    -e AIRFLOW_WEBSERVER_HOST=airflow \
+    --net airflow-tier \
+    rapidfort/airflow-ib:latest
+what_is_text: |
+  Apache Airflow (or simply Airflow) is a platform to programmatically author, schedule, and monitor workflows.
+
+  When workflows are defined as code, they become more maintainable, versionable, testable, and collaborative.
+
+  Use Airflow to author workflows as directed acyclic graphs (DAGs) of tasks. The Airflow scheduler executes your tasks on an array of workers while following the specified dependencies. Rich command line utilities make performing complex surgeries on DAGs a snap. The rich user interface makes it easy to visualize pipelines running in production, monitor progress, and troubleshoot issues when needed.
+disclaimer: |
+  Disclaimer: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement.
+is_locked: "False"
+input_registry:
+  registry: registry1.dso.mil
+  account: ironbank