kubernetes-microservice
This module provides a high-level abstraction for working with container imagestailored for Kubernetes microservices, using Dagger as the execution engine.
It offers two primary functions:
- BakeImage: Builds and optionally pushes a Docker image from source code
with support for extra build directories and custom Dockerfile paths.
- StageImage: Stages (copies) an existing image between registries, optionally
using Docker config authentication or username/password pairs.
Supports insecure registries and custom platforms.
Typical usage scenarios include:
- Building a microservice image in CI/CD pipelines and pushing directly to a registry
- Promoting (staging) images between registries (e.g., dev -> staging -> prod)
- Supporting custom build contexts through additional directories
Internally, this module delegates to the 'Docker' module for building/pushing images,
and the 'Crane' module for staging images between registries.
Example workflows:
- Bake a microservice image and push to a dev registry
- Stage a built image to a production registry using secure or insecure connections
This module is designed for integration in CI pipelines, platform automation, or
developer tooling around Kubernetes microservices.
Installation
dagger install github.com/stuttgart-things/blueprints/kubernetes-microservice@v1.51.0Entrypoint
Return Type
KubernetesMicroserviceExample
dagger -m github.com/stuttgart-things/blueprints/kubernetes-microservice@e925e4794eeb85f9397463a707ea72d80143119c call \
func (m *MyModule) Example() *dagger.KubernetesMicroservice {
return dag.
KubernetesMicroservice()
}@function
def example() -> dagger.KubernetesMicroservice:
return (
dag.kubernetes_microservice()
)@func()
example(): KubernetesMicroservice {
return dag
.kubernetesMicroservice()
}Types
KubernetesMicroservice 🔗
runStaticStage() 🔗
Return Type
File !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| src | Directory ! | - | the src directory |
| pathToDockerfile | String | "" | No description provided |
| nameDockerfile | String | "Dockerfile" | No description provided |
| severity | String | "HIGH,CRITICAL" | No description provided |
| trivyVersion | String | "0.64.1" | No description provided |
| threshold | String | - | The failure threshold |
Example
dagger -m github.com/stuttgart-things/blueprints/kubernetes-microservice@e925e4794eeb85f9397463a707ea72d80143119c call \
run-static-stage --src DIR_PATHfunc (m *MyModule) Example(src *dagger.Directory) *dagger.File {
return dag.
KubernetesMicroservice().
RunStaticStage(src)
}@function
def example(src: dagger.Directory) -> dagger.File:
return (
dag.kubernetes_microservice()
.run_static_stage(src)
)@func()
example(src: Directory): File {
return dag
.kubernetesMicroservice()
.runStaticStage(src)
}runBakeStage() 🔗
Return Type
String !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| src | Directory ! | - | The source directory |
| repositoryName | String ! | - | The repository name |
| tag | String ! | - | tag |
| registryUsername | Secret | - | The registry username |
| registryPassword | Secret | - | The registry password |
| registryUrl | String ! | - | The registry URL |
| dockerfile | String | "Dockerfile" | The Dockerfile path |
| withDirectories | [Directory ! ] | - | Set extra directories |
Example
dagger -m github.com/stuttgart-things/blueprints/kubernetes-microservice@e925e4794eeb85f9397463a707ea72d80143119c call \
run-bake-stage --src DIR_PATH --repository-name string --tag string --registry-url stringfunc (m *MyModule) Example(ctx context.Context, src *dagger.Directory, repositoryName string, tag string, registryUrl string) string {
return dag.
KubernetesMicroservice().
RunBakeStage(ctx, src, repositoryName, tag, registryUrl)
}@function
async def example(src: dagger.Directory, repository_name: str, tag: str, registry_url: str) -> str:
return await (
dag.kubernetes_microservice()
.run_bake_stage(src, repository_name, tag, registry_url)
)@func()
async example(src: Directory, repositoryName: string, tag: string, registryUrl: string): Promise<string> {
return dag
.kubernetesMicroservice()
.runBakeStage(src, repositoryName, tag, registryUrl)
}scanImage() 🔗
Return Type
File !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| imageRef | String ! | - | Fully qualified image reference (e.g., "ttl.sh/my-repo:1.0.0") |
| registryUser | Secret | - | No description provided |
| registryPassword | Secret | - | No description provided |
| severity | String | "HIGH,CRITICAL" | No description provided |
| trivyVersion | String | "0.64.1" | No description provided |
Example
dagger -m github.com/stuttgart-things/blueprints/kubernetes-microservice@e925e4794eeb85f9397463a707ea72d80143119c call \
scan-image --image-ref stringfunc (m *MyModule) Example(imageRef string) *dagger.File {
return dag.
KubernetesMicroservice().
ScanImage(imageRef)
}@function
def example(image_ref: str) -> dagger.File:
return (
dag.kubernetes_microservice()
.scan_image(image_ref)
)@func()
example(imageRef: string): File {
return dag
.kubernetesMicroservice()
.scanImage(imageRef)
}scanFilesystem() 🔗
Return Type
File !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| src | Directory ! | - | No description provided |
| severity | String | "HIGH,CRITICAL" | No description provided |
| trivyVersion | String | "0.64.1" | No description provided |
Example
dagger -m github.com/stuttgart-things/blueprints/kubernetes-microservice@e925e4794eeb85f9397463a707ea72d80143119c call \
scan-filesystem --src DIR_PATHfunc (m *MyModule) Example(src *dagger.Directory) *dagger.File {
return dag.
KubernetesMicroservice().
ScanFilesystem(src)
}@function
def example(src: dagger.Directory) -> dagger.File:
return (
dag.kubernetes_microservice()
.scan_filesystem(src)
)@func()
example(src: Directory): File {
return dag
.kubernetesMicroservice()
.scanFilesystem(src)
}bakeImage() 🔗
Return Type
String !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| src | Directory ! | - | The source directory |
| repositoryName | String ! | - | The repository name |
| tag | String ! | - | tag |
| registryUsername | Secret | - | The registry username |
| registryPassword | Secret | - | The registry password |
| registryUrl | String ! | - | The registry URL |
| dockerfile | String | "Dockerfile" | The Dockerfile path |
| withDirectories | [Directory ! ] | - | Set extra directories |
Example
dagger -m github.com/stuttgart-things/blueprints/kubernetes-microservice@e925e4794eeb85f9397463a707ea72d80143119c call \
bake-image --src DIR_PATH --repository-name string --tag string --registry-url stringfunc (m *MyModule) Example(ctx context.Context, src *dagger.Directory, repositoryName string, tag string, registryUrl string) string {
return dag.
KubernetesMicroservice().
BakeImage(ctx, src, repositoryName, tag, registryUrl)
}@function
async def example(src: dagger.Directory, repository_name: str, tag: str, registry_url: str) -> str:
return await (
dag.kubernetes_microservice()
.bake_image(src, repository_name, tag, registry_url)
)@func()
async example(src: Directory, repositoryName: string, tag: string, registryUrl: string): Promise<string> {
return dag
.kubernetesMicroservice()
.bakeImage(src, repositoryName, tag, registryUrl)
}bakeAndScanImage() 🔗
BakeAndScanImage builds, pushes, and scans an image, returning the scan result file
Return Type
File !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| src | Directory ! | - | The source directory |
| repositoryName | String ! | - | The repository name |
| tag | String ! | - | tag |
| registryUsername | Secret | - | The registry username |
| registryPassword | Secret | - | The registry password |
| registryUrl | String ! | - | The registry URL |
| dockerfile | String | "Dockerfile" | The Dockerfile path |
| withDirectories | [Directory ! ] | - | Set extra directories |
| scanSeverity | String | "HIGH,CRITICAL" | Severity levels to scan for |
| trivyVersion | String | "0.64.1" | Trivy version to use for scanning |
Example
dagger -m github.com/stuttgart-things/blueprints/kubernetes-microservice@e925e4794eeb85f9397463a707ea72d80143119c call \
bake-and-scan-image --src DIR_PATH --repository-name string --tag string --registry-url stringfunc (m *MyModule) Example(src *dagger.Directory, repositoryName string, tag string, registryUrl string) *dagger.File {
return dag.
KubernetesMicroservice().
BakeAndScanImage(src, repositoryName, tag, registryUrl)
}@function
def example(src: dagger.Directory, repository_name: str, tag: str, registry_url: str) -> dagger.File:
return (
dag.kubernetes_microservice()
.bake_and_scan_image(src, repository_name, tag, registry_url)
)@func()
example(src: Directory, repositoryName: string, tag: string, registryUrl: string): File {
return dag
.kubernetesMicroservice()
.bakeAndScanImage(src, repositoryName, tag, registryUrl)
}analyzeHelmfile() 🔗
AnalyzeHelmfile reads a helmfile and uses AI to analyze what cluster resources it references, then queries those resources and provides validation/recommendations
Return Type
File !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| src | Directory ! | - | The helmfile directory to analyze |
| helmfilePath | String | "helmfile.yaml" | Path to the helmfile within the directory |
| kubeConfig | Secret ! | - | Kubeconfig for cluster queries |
| model | String | "claude-3-5-sonnet-20241022" | No description provided |
| outputFile | String | "helmfile-analysis.yaml" | No description provided |
Example
dagger -m github.com/stuttgart-things/blueprints/kubernetes-microservice@e925e4794eeb85f9397463a707ea72d80143119c call \
analyze-helmfile --src DIR_PATH --kube-config env:MYSECRETfunc (m *MyModule) Example(src *dagger.Directory, kubeConfig *dagger.Secret) *dagger.File {
return dag.
KubernetesMicroservice().
AnalyzeHelmfile(src, kubeConfig)
}@function
def example(src: dagger.Directory, kube_config: dagger.Secret) -> dagger.File:
return (
dag.kubernetes_microservice()
.analyze_helmfile(src, kube_config)
)@func()
example(src: Directory, kubeConfig: Secret): File {
return dag
.kubernetesMicroservice()
.analyzeHelmfile(src, kubeConfig)
}config() 🔗
Return Type
File !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| promptScope | String ! | - | The scope/prompt that defines what cluster information to gather |
| kubeConfig | Secret ! | - | No description provided |
| model | String | "claude-3-5-sonnet-20241022" | No description provided |
| namespace | String | - | No description provided |
| outputFile | String | "cluster-analysis.yaml" | No description provided |
| contextFile | File | - | Additional context file (e.g., helmfile, manifest) to validate against cluster state |
Example
dagger -m github.com/stuttgart-things/blueprints/kubernetes-microservice@e925e4794eeb85f9397463a707ea72d80143119c call \
config --prompt-scope string --kube-config env:MYSECRETfunc (m *MyModule) Example(promptScope string, kubeConfig *dagger.Secret) *dagger.File {
return dag.
KubernetesMicroservice().
Config(promptScope, kubeConfig)
}@function
def example(prompt_scope: str, kube_config: dagger.Secret) -> dagger.File:
return (
dag.kubernetes_microservice()
.config(prompt_scope, kube_config)
)@func()
example(promptScope: string, kubeConfig: Secret): File {
return dag
.kubernetesMicroservice()
.config(promptScope, kubeConfig)
}stageImage() 🔗
Return Type
String !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| source | String ! | - | No description provided |
| target | String ! | - | No description provided |
| sourceRegistry | String | - | No description provided |
| sourceUsername | String | - | No description provided |
| sourcePassword | Secret | - | No description provided |
| targetRegistry | String | - | No description provided |
| targetUsername | String | - | No description provided |
| targetPassword | Secret | - | No description provided |
| insecure | Boolean | false | No description provided |
| platform | String | "linux/amd64" | No description provided |
| dockerConfigSecret | Secret | - | No description provided |
Example
dagger -m github.com/stuttgart-things/blueprints/kubernetes-microservice@e925e4794eeb85f9397463a707ea72d80143119c call \
stage-image --source string --target stringfunc (m *MyModule) Example(ctx context.Context, source string, target string) string {
return dag.
KubernetesMicroservice().
StageImage(ctx, source, target)
}@function
async def example(source: str, target: str) -> str:
return await (
dag.kubernetes_microservice()
.stage_image(source, target)
)@func()
async example(source: string, target: string): Promise<string> {
return dag
.kubernetesMicroservice()
.stageImage(source, target)
}lintDockerfile() 🔗
Return Type
String !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| src | Directory ! | - | the src directory |
| dockerfile | String | - | The dockerfile path |
| threshold | String | - | The failure threshold |
Example
dagger -m github.com/stuttgart-things/blueprints/kubernetes-microservice@e925e4794eeb85f9397463a707ea72d80143119c call \
lint-dockerfile --src DIR_PATHfunc (m *MyModule) Example(ctx context.Context, src *dagger.Directory) string {
return dag.
KubernetesMicroservice().
LintDockerfile(ctx, src)
}@function
async def example(src: dagger.Directory) -> str:
return await (
dag.kubernetes_microservice()
.lint_dockerfile(src)
)@func()
async example(src: Directory): Promise<string> {
return dag
.kubernetesMicroservice()
.lintDockerfile(src)
}