Chainguard Container for jaeger-fips

Chainguard Containers are regularly-updated, secure-by-default container images.

Download this Container Image

For those with access, this container image is available on cgr.dev:

docker pull cgr.dev/ORGANIZATION/jaeger-fips:latest

Be sure to replace the ORGANIZATION placeholder with the name used for your organization's private repository within the Chainguard Registry.

Components

Jaeger provides multiple components;

jaeger-fips-agent
jaeger-fips-all-in-one
jaeger-fips-anonymizer
jaeger-fips-collector
jaeger-fips-es-index-cleaner
jaeger-fips-ingester
jaeger-fips-query
jaeger-fips-remote-storage
jaeger-fips-tracegen

Using Jaeger

Jaeger provides docker images and a helm chart for installation. It can be installed separately with all its components or using a single image with all components bundled in. The bundled component is referred to as All-In-One

Jaeger All In One

This image, designed as a bundle, launches the Jaeger UI, collector, query, and agent, with an in memory storage component. jaeger-all-in-one

Either component can be run directly as docker containers or deployed to Kubernetes with helm. Helm chart is located here https://jaegertracing.github.io/helm-charts. To use them, simply replace the appropriate image: path with the Chainguard specific Jaeger image. Below is an example values file for doing this with helm:

allInOne:
    enabled: true
    image:
    repository: cgr.dev/chainguard/jaeger-fips-all-in-one
    tag: latest
agent:
    enabled: false
collector:
    enabled: false
query:
    enabled: false
storage:
    type: "memory"
# Hotrod is a test application
hotrod:
    enabled: true

Using the above values, the helm commands become, to install Jaeger All In One:

helm repo add jaegertracing https://jaegertracing.github.io/helm-charts

helm upgrade --install jaeger jaegertracing/jaeger \
  --history-max 3 \
  --set provisionDataStore.cassandra=false \
  --set allInOne.enabled=true \
  --set storage.type=memory \
  --set agent.enabled=false \
  --set collector.enabled=false \
  --set query.enabled=false \
  --values jaeger-values.yaml

Jaeger Standalone Components:

agent:
    image:
    repository: cgr.dev/chainguard/jaeger-fips-agent
    tag: latest
collector:
    image:
    repository: cgr.dev/chainguard/jaeger-fips-collector
    tag: latest
query:
    image:
    repository: cgr.dev/chainguard/jaeger-fips-query
    tag: latest
storage:
    type: "memory"
hotrod:
    enabled: true
cassandra:
    config:
    cluster_size: 1

Using the above values, the helm commands become, to install Jaeger with standalone components:

helm repo add jaegertracing https://jaegertracing.github.io/helm-charts

helm upgrade --install jaeger jaegertracing/jaeger \
  --create-namespace \
  --namespace jaeger \
  --history-max 3 \
  --set hotrod.enabled=true \
  --set storage.type=memory  --set cassandra.config.cluster_size=1 \
  --values jaeger-values.yaml

For more configuration options in installing the jaeger helm chart, please refer to the helm upstream doc

NOTE: Setting the tag to "latest" is not recommended, and only shown for illustrative purposes.

What are Chainguard Containers?

Chainguard Containers are minimal container images that are secure by default.

In many cases, the Chainguard Containers tagged as :latest contain only an open-source application and its runtime dependencies. These minimal container images typically do not contain a shell or package manager. Chainguard Containers are built with Wolfi, our Linux undistro designed to produce container images that meet the requirements of a more secure software supply chain.

The main features of Chainguard Containers include:

• Minimal design, without unnecessary software bloat
• Daily builds to ensure container images are up-to-date with available security patches
• High quality build-time SBOMs attesting to the provenance of all artifacts within the image
• Verifiable signatures provided by Sigstore
• Reproducible builds with Cosign and apko (read more about reproducibility)

For cases where you need container images with shells and package managers to build or debug, most Chainguard Containers come paired with a -dev variant.

Although the -dev container image variants have similar security features as their more minimal versions, they feature additional software that is typically not necessary in production environments. We recommend using multi-stage builds to leverage the -dev variants, copying application artifacts into a final minimal container that offers a reduced attack surface that won’t allow package installations or logins.

Learn More

To better understand how to work with Chainguard Containers, please visit Chainguard Academy and Chainguard Courses.

In addition to Containers, Chainguard offers VMs and Libraries. Contact Chainguard to access additional products.

Trademarks

This software listing is packaged by Chainguard. The trademarks set forth in this offering are owned by their respective companies, and use of them does not imply any affiliation, sponsorship, or endorsement by such companies.