Chainguard Container for argo-cli

Argo is a collection of tools for Kubernetes that help users to run workflows and manage clusters.

Chainguard Containers are regularly-updated, secure-by-default container images.

Download this Container Image

For those with access, this container image is available on cgr.dev:

docker pull cgr.dev/ORGANIZATION/argo-cli:latest

Be sure to replace the ORGANIZATION placeholder with the name used for your organization's private repository within the Chainguard Registry.

Compatibility Notes

Chainguard's Argo image group is composed of multiple container images:

docker pull cgr.dev/ORGANIZATION/argo-exec
docker pull cgr.dev/ORGANIZATION/argo-cli
docker pull cgr.dev/ORGANIZATION/argo-workflowcontroller
docker pull cgr.dev/ORGANIZATION/argo-events

These images are comparable to the images used for various Argo components, including Argo CD, Argo Workflows, and Argo Events.

Getting Started

Argo provides two upstream methods for installing: Helm and raw manifests. The Chainguard container images for Argo are designed to be a drop-in replacement for either method. To use them, replace the appropriate image: path with the Chainguard Argo image.

Chainguard's Argo images can be deployed separately, but are typically deployed together leveraging the Argo Helm charts.

The following is an example values file for deploying these images with Helm:

images:
  tag: "latest"
controller:
  image:
    # -- Registry to use for the controller
    registry: cgr.dev
    # -- Registry to use for the controller
    repository: ORGANIZATION/argo-workflowcontroller
executor:
  image:
    # -- Registry to use for the Workflow Executors
    registry: cgr.dev
    # -- Repository to use for the Workflow Executors
    repository: ORGANIZATION/argo-exec
server:
  # -- Deploy the Argo Server
  image:
    # -- Registry to use for the server
    registry: cgr.dev
    # -- Repository to use for the server
    repository: ORGANIZATION/argo-cli

Assuming this values file is named argo.yaml, you could execute the following helm commands to install Argo Workflows:

helm repo add argo https://argoproj.github.io/argo-helm

helm install argo-workflows argo/argo-workflows \
	--namespace argo-workflows \
	--create-namespace \
  -f argo.yaml

The following values file will only deploy the Argo Events image:

images:
  tag: "latest"
global:
  image:
    # -- Registry to use for the events
    repository: cgr.dev/ORGANIZATION/argo-events
    tag: "latest"

Assuming this values file is named events.yaml, you could run the following Helm commands to deploy the Argo Events image:

helm repo add argo https://argoproj.github.io/argo-helm

helm install argo-workflows argo/argo-events \
	--namespace argo-events \
	--create-namespace \
	-f events.yaml

Setting the tag to "latest" is not recommended, and only shown for illustrative purposes.

What are Chainguard Containers?

Chainguard's free tier of Starter container images are built with Wolfi, our minimal Linux undistro.

All other Chainguard Containers are built with Chainguard OS, Chainguard's minimal Linux operating system designed to produce container images that meet the requirements of a more secure software supply chain.

The main features of Chainguard Containers include:

• Minimal design, without unnecessary software bloat
• Daily builds to ensure container images are up-to-date with available security patches
• High quality build-time SBOMs attesting to the provenance of all artifacts within the image
• Verifiable signatures provided by Sigstore
• Reproducible builds with Cosign and apko (read more about reproducibility)

For cases where you need container images with shells and package managers to build or debug, most Chainguard Containers come paired with a development, or -dev, variant.

In all other cases, including Chainguard Containers tagged as :latest or with a specific version number, the container images include only an open-source application and its runtime dependencies. These minimal container images typically do not contain a shell or package manager.

Although the -dev container image variants have similar security features as their more minimal versions, they include additional software that is typically not necessary in production environments. We recommend using multi-stage builds to copy artifacts from the -dev variant into a more minimal production image.

Need additional packages?

To improve security, Chainguard Containers include only essential dependencies. Need more packages? Chainguard customers can use Custom Assembly to add packages, either through the Console, chainctl, or API.

To use Custom Assembly in the Chainguard Console: navigate to the image you'd like to customize in your Organization's list of images, and click on the Customize image button at the top of the page.

Learn More

Refer to our Chainguard Containers documentation on Chainguard Academy. Chainguard also offers VMs and Libraries — contact us for access.

Trademarks

This software listing is packaged by Chainguard. The trademarks set forth in this offering are owned by their respective companies, and use of them does not imply any affiliation, sponsorship, or endorsement by such companies.