Chainguard Container for argo

Argo is a collection of tools for Kubernetes that help users to run workflows and manage clusters.

Chainguard Containers are regularly-updated, secure-by-default container images.

Download this Container Image

For those with access, this container image is available on cgr.dev:

docker pull cgr.dev/ORGANIZATION/argo:latest

Be sure to replace the ORGANIZATION placeholder with the name used for your organization's private repository within the Chainguard Registry.

Compatibility Notes

Chainguard's Argo image group is composed of multiple container images:

docker pull cgr.dev/ORGANIZATION/argo-exec
docker pull cgr.dev/ORGANIZATION/argo-cli
docker pull cgr.dev/ORGANIZATION/argo-workflowcontroller
docker pull cgr.dev/ORGANIZATION/argo-events

These images are comparable to the images used for various Argo components, including Argo CD, Argo Workflows, and Argo Events.

Getting Started

Argo provides two upstream methods for installing: Helm and raw manifests. The Chainguard container images for Argo are designed to be a drop-in replacement for either method. To use them, replace the appropriate image: path with the Chainguard Argo image.

Chainguard's Argo images can be deployed separately, but are typically deployed together leveraging the Argo Helm charts.

The following is an example values file for deploying these images with Helm:

images:
  tag: "latest"
controller:
  image:
    # -- Registry to use for the controller
    registry: cgr.dev
    # -- Registry to use for the controller
    repository: ORGANIZATION/argo-workflowcontroller
executor:
  image:
    # -- Registry to use for the Workflow Executors
    registry: cgr.dev
    # -- Repository to use for the Workflow Executors
    repository: ORGANIZATION/argo-exec
server:
  # -- Deploy the Argo Server
  image:
    # -- Registry to use for the server
    registry: cgr.dev
    # -- Repository to use for the server
    repository: ORGANIZATION/argo-cli

Assuming this values file is named argo.yaml, you could execute the following helm commands to install Argo Workflows:

helm repo add argo https://argoproj.github.io/argo-helm

helm install argo-workflows argo/argo-workflows \
	--namespace argo-workflows \
	--create-namespace \
  -f argo.yaml

The following values file will only deploy the Argo Events image:

images:
  tag: "latest"
global:
  image:
    # -- Registry to use for the events
    repository: cgr.dev/ORGANIZATION/argo-events
    tag: "latest"

Assuming this values file is named events.yaml, you could run the following Helm commands to deploy the Argo Events image:

helm repo add argo https://argoproj.github.io/argo-helm

helm install argo-workflows argo/argo-events \
	--namespace argo-events \
	--create-namespace \
	-f events.yaml

Setting the tag to "latest" is not recommended, and only shown for illustrative purposes.

What are Chainguard Containers?

Chainguard Containers are minimal container images that are secure by default.

In many cases, the Chainguard Containers tagged as :latest contain only an open-source application and its runtime dependencies. These minimal container images typically do not contain a shell or package manager. Chainguard Containers are built with Wolfi, our Linux undistro designed to produce container images that meet the requirements of a more secure software supply chain.

The main features of Chainguard Containers include:

• Minimal design, without unnecessary software bloat
• Daily builds to ensure container images are up-to-date with available security patches
• High quality build-time SBOMs attesting to the provenance of all artifacts within the image
• Verifiable signatures provided by Sigstore
• Reproducible builds with Cosign and apko (read more about reproducibility)

For cases where you need container images with shells and package managers to build or debug, most Chainguard Containers come paired with a -dev variant.

Although the -dev container image variants have similar security features as their more minimal versions, they feature additional software that is typically not necessary in production environments. We recommend using multi-stage builds to leverage the -dev variants, copying application artifacts into a final minimal container that offers a reduced attack surface that won’t allow package installations or logins.

Learn More

To better understand how to work with Chainguard Containers, please visit Chainguard Academy and Chainguard Courses.

In addition to Containers, Chainguard offers VMs and Libraries. Contact Chainguard to access additional products.

Trademarks

This software listing is packaged by Chainguard. The trademarks set forth in this offering are owned by their respective companies, and use of them does not imply any affiliation, sponsorship, or endorsement by such companies.