Product Docs
- Overview
- FAQs
- Verifying Images
- How to Use
- Going Distroless
- grafana-operator
- grafana-operator-fips
- kubeflow-katib-suggestion-nas-darts
- litestream
- step-issuer
- step-issuer-fips
- vertical-pod-autoscaler-fips-admission-controller
- vertical-pod-autoscaler-fips-recommender
- vertical-pod-autoscaler-fips-updater
- prometheus-pushgateway-bitnami-bitnami
- redis-bitnami-cluster-bitnami
- redis-bitnami-sentinel-bitnami
- redis-bitnami-server-bitnami
- tesseract-fips
- kubernetes-autoscaler-addon-resizer
- kubernetes-autoscaler-addon-resizer-fips
- node-feature-discovery
- laravel
- argocd-extension-installer-fips
- cortex-fips
- hubble-ui-backend
- step-ca
- step-cli
- tekton-chains-fips
- tekton-cli-fips
- tekton-controller-fips
- tekton-entrypoint-fips
- tekton-events-fips
- tekton-nop-fips
- tekton-resolvers-fips
- tekton-sidecarlogresults-fips
- tekton-webhook-fips
- tekton-workingdirinit-fips
- kyverno-fips-background-controller
- kyverno-fips-cleanup-controller
- kyverno-fips-cli
- kyverno-fips-reports-controller
- kyverno-fipspre
- aws-volume-modifier-for-k8s-fips
- azure-aad-pod-identity-mic
- azure-aad-pod-identity-nmi
- chainguard-base
- chainguard-base-fips
- configurable-http-proxy-fips
- dex-k8s-authenticator
- eks-distro-coredns
- eks-distro-kubernetes-csi-external-attacher
- eks-distro-kubernetes-csi-external-provisioner
- eks-distro-kubernetes-csi-external-resizer
- eks-distro-kubernetes-csi-external-snapshot-controller
- eks-distro-kubernetes-csi-external-snapshot-validation-webhook
- eks-distro-kubernetes-csi-external-snapshotter
- eks-distro-kubernetes-csi-livenessprobe
- eks-distro-kubernetes-csi-node-driver-registrar
- elasticsearch
- glibc-openssl
- glibc-openssl-fips
- gpu-operator
- grafana-operator-fips-bitnami
- hubble-ui
- hubble-ui-backend-fips
- hubble-ui-fips
- jdk-fips
- jre-fips
- jupyterhub-k8s-hub-fips
- k8ssandra-system-logger-fips
- keycloak-fips
- kiam
- kots
- kube-oidc-proxy
- kube-rbac-proxy-fips
- kubeflow-pipelines
- kubernetes-csi-external-snapshotter-snaphot-validation-webhook
- kubernetes-dashboard-metrics-scraper
- kubernetes-event-exporter-bitnami
- kyvernopre
- memcached-bitnami
- mongodb
- mongodb-bitnami
- mongodb-fips
- mysql
- postgres-bitnami
- postgres-bitnami-fips
- prometheus-beat-exporter-fips
- prometheus-bitnami
- prometheus-elasticsearch-exporter-bitnami
- prometheus-mongodb-exporter-bitnami
- prometheus-node-exporter-bitnami
- prometheus-postgres-exporter-bitnami
- prometheus-pushgateway-exporter
- prometheus-pushgateway-exporter-bitnami
- prometheus-pushgateway-fips
- pulumi-kubernetes-operator
- python-fips
- rabbitmq-fips
- renovate
- spark-bitnami
- vault-k8s-fips
- wavefront-collector-for-kubernetes
- zookeeper-bitnami
- apko
- argo-cli
- argo-cli-fips
- argo-exec
- argo-exec-fips
- argo-workflowcontroller
- argo-workflowcontroller-fips
- argocd
- argocd-extension-installer
- argocd-fips
- argocd-fips-repo-server
- argocd-repo-server
- aspnet-runtime
- aspnet-runtime-fips
- atlantis
- atlantis-fips
- aws-cli
- aws-cli-fips
- aws-cli-v2
- aws-cli-v2-fips
- aws-ebs-csi-driver
- aws-ebs-csi-driver-fips
- aws-efs-csi-driver
- aws-for-fluent-bit
- aws-load-balancer-controller
- aws-load-balancer-controller-fips
- az
- az-fips
- bank-vaults
- bank-vaults-fips
- bash
- bazel
- bincapz
- boring-registry
- boring-registry-fips
- buck2
- buildkit
- bun
- busybox
- busybox-fips
- caddy
- caddy-fips
- cadvisor
- cadvisor-fips
- calico
- calico-calicoctl
- calico-calicoctl-fips
- calico-cni
- calico-cni-fips
- calico-csi
- calico-csi-fips
- calico-kube-controllers
- calico-kube-controllers-fips
- calico-node
- calico-node-driver-registrar
- calico-node-driver-registrar-fips
- calico-node-fips
- calico-pod2daemon
- calico-pod2daemon-flexvol
- calico-pod2daemon-flexvol-fips
- calico-typha
- calico-typha-fips
- calicoctl
- cass-config-builder
- cass-operator
- cass-operator-fips
- cassandra
- cassandra-medusa
- cassandra-medusa-fips
- cassandra-reaper
- cc-dynamic
- cedar
- cert-exporter
- cert-exporter-fips
- cert-manager-acmesolver
- cert-manager-acmesolver-fips
- cert-manager-cainjector
- cert-manager-cainjector-fips
- cert-manager-cmctl
- cert-manager-cmctl-fips
- cert-manager-controller
- cert-manager-controller-fips
- cert-manager-webhook
- cert-manager-webhook-fips
- cert-manager-webhook-pdns
- cert-manager-webhook-pdns-fips
- cfssl
- chromium
- cilium-agent
- cilium-agent-fips
- cilium-hubble-relay
- cilium-hubble-relay-fips
- cilium-hubble-ui
- cilium-hubble-ui-backend
- cilium-hubble-ui-backend-fips
- cilium-hubble-ui-fips
- cilium-operator-generic
- cilium-operator-generic-fips
- clang
- clickhouse
- cluster-autoscaler
- cluster-autoscaler-fips
- cluster-proportional-autoscaler
- conda
- conda-fips
- configmap-reload
- configmap-reload-fips
- confluent-kafka
- consul
- consul-fips
- coredns
- coredns-fips
- cortex
- cosign
- cosign-fips
- crane
- crossplane
- crossplane-aws
- crossplane-aws-cloudfront
- crossplane-aws-cloudwatchlogs
- crossplane-aws-dynamodb
- crossplane-aws-ec2
- crossplane-aws-eks
- crossplane-aws-firehose
- crossplane-aws-iam
- crossplane-aws-kms
- crossplane-aws-lambda
- crossplane-aws-rds
- crossplane-aws-s3
- crossplane-aws-sns
- crossplane-aws-sqs
- crossplane-azure
- crossplane-azure-authorization
- crossplane-azure-managedidentity
- crossplane-azure-sql
- crossplane-azure-storage
- crossplane-xfn
- ctlog-trillian-ctserver
- ctlog-trillian-ctserver-fips
- curl
- dask-gateway
- dask-gateway-dask-gateway
- dask-gateway-dask-gateway-server
- dask-gateway-server
- datadog-agent
- datadog-agent-fips
- deno
- dependency-track
- dex
- dex-fips
- dive
- docker-cli
- docker-selenium
- doppler-kubernetes-operator
- dotnet-runtime
- dotnet-runtime-fips
- dotnet-sdk
- dotnet-sdk-fips
- dragonfly
- dynamic-localpv-provisioner
- envoy
- envoy-fips
- envoy-ratelimit
- envoy-ratelimit-fips
- erlang
- erlang-fips
- etcd
- etcd-fips
- external-dns
- external-dns-fips
- external-secrets
- external-secrets-fips
- falco-no-driver
- falco-no-driver-fips
- falcoctl
- falcoctl-fips
- falcosidekick
- falcosidekick-fips
- ffmpeg
- filebeat
- filebeat-fips
- fluent-bit
- fluent-bit-fips
- fluentd
- fluentd-fips
- flux
- flux-helm-controller
- flux-image-automation-controller
- flux-image-reflector-controller
- flux-kustomize-controller
- flux-notification-controller
- flux-source-controller
- fulcio
- fulcio-fips
- gatekeeper
- gatekeeper-fips
- gcc-glibc
- git
- gitlab-exporter
- gitlab-kas
- gitlab-pages
- gitlab-shell
- gitness
- glibc-dynamic
- go
- go-fips
- go-ipfs
- go-ipfs-fips
- google-cloud-sdk
- gotenberg
- gptscript
- graalvm-native
- gradle
- grafana
- grafana-agent-operator
- grafana-fips
- grype
- guacamole-server
- haproxy
- haproxy-fips
- haproxy-ingress
- harbor-core
- harbor-fips-core
- harbor-fips-jobservice
- harbor-fips-portal
- harbor-fips-registry
- harbor-fips-registryctl
- harbor-fips-trivy-adapter
- harbor-jobservice
- harbor-portal
- harbor-registry
- harbor-registryctl
- harbor-trivy-adapter
- helm
- helm-chartmuseum
- helm-fips
- helm-operator
- helm-operator-fips
- http-echo
- hugo
- influxdb
- ingress-nginx-controller
- ingress-nginx-controller-fips
- ip-masq-agent
- istio-install-cni
- istio-install-cni-fips
- istio-operator
- istio-operator-fips
- istio-pilot
- istio-pilot-fips
- istio-proxy
- istio-proxy-fips
- jdk
- jdk-lts
- jellyfin
- jenkins
- jre
- jre-lts
- k3s
- k3s-allinone
- k8s-sidecar
- k8s-sidecar-fips
- k8sgpt
- k8sgpt-operator
- k8ssandra-operator
- k8ssandra-operator-fips
- kafka
- karpenter
- keda
- keda-adapter
- keda-adapter-fips
- keda-admission-webhooks
- keda-admission-webhooks-fips
- keda-fips
- keycloak
- ko
- kor
- kube-bench
- kube-bench-fips
- kube-downscaler
- kube-fluentd-operator
- kube-logging-operator
- kube-logging-operator-fluentd
- kube-state-metrics
- kube-state-metrics-fips
- kube-webhook-certgen
- kubectl
- kubectl-fips
- kubeflow-centraldashboard
- kubeflow-jupyter-web-app
- kubeflow-katib-controller
- kubeflow-katib-db-manager
- kubeflow-katib-earlystopping-medianstop
- kubeflow-katib-file-metrics-collector
- kubeflow-katib-suggestion-darts
- kubeflow-katib-suggestion-goptuna
- kubeflow-katib-suggestion-hyperband
- kubeflow-katib-suggestion-hyperopt
- kubeflow-katib-suggestion-optuna
- kubeflow-katib-suggestion-pbt
- kubeflow-katib-suggestion-skopt
- kubeflow-pipelines-api-server
- kubeflow-pipelines-cache-deployer
- kubeflow-pipelines-cache-server
- kubeflow-pipelines-frontend
- kubeflow-pipelines-metadata-envoy
- kubeflow-pipelines-metadata-writer
- kubeflow-pipelines-persistenceagent
- kubeflow-pipelines-scheduledworkflow
- kubeflow-pipelines-viewer-crd-controller
- kubeflow-pipelines-visualization-server
- kubeflow-volumes-web-app
- kuberay-operator
- kubernetes-csi-external-attacher
- kubernetes-csi-external-attacher-fips
- kubernetes-csi-external-provisioner
- kubernetes-csi-external-resizer
- kubernetes-csi-external-resizer-fips
- kubernetes-csi-external-snapshot-controller
- kubernetes-csi-external-snapshot-validation-webhook
- kubernetes-csi-external-snapshotter
- kubernetes-csi-livenessprobe
- kubernetes-csi-livenessprobe-fips
- kubernetes-csi-node-driver-registrar
- kubernetes-csi-node-driver-registrar-fips
- kubernetes-dashboard
- kubernetes-dashboard-fips
- kubernetes-dns-node-cache
- kubernetes-event-exporter
- kubernetes-ingress-defaultbackend
- kubewatch
- kyverno
- kyverno-background-controller
- kyverno-background-controller-fips
- kyverno-cleanup-controller
- kyverno-cleanup-controller-fips
- kyverno-cli
- kyverno-cli-fips
- kyverno-fips
- kyverno-policy-reporter
- kyverno-policy-reporter-plugin
- kyverno-policy-reporter-reporter
- kyverno-policy-reporter-ui
- kyverno-pre-fips
- kyverno-reports-controller
- kyverno-reports-controller-fips
- logstash-oss-with-opensearch-output-plugin
- loki
- management-api-for-apache-cassandra
- mariadb
- maven
- mdbook
- meilisearch
- melange
- memcached
- memcached-exporter
- memcached-exporter-bitnami
- metacontroller
- metallb-controller
- metallb-controller-fips
- metallb-speaker
- metallb-speaker-fips
- metrics-server
- metrics-server-fips
- min-toolkit-debug
- minio
- minio-client
- minio-client-fips
- minio-fips
- ml-metadata-store-server
- multus-cni
- multus-cni-fips
- nats
- nemo
- netcat
- neuvector-prometheus-exporter
- neuvector-prometheus-exporter-fips
- newrelic-fluent-bit-output
- newrelic-infrastructure-bundle
- newrelic-infrastructure-k8s
- newrelic-k8s-events-forwarder
- newrelic-kube-events
- newrelic-kubernetes
- newrelic-nri-statsd
- newrelic-prometheus
- newrelic-prometheus-configurator
- nfs-subdir-external-provisioner
- nfs-subdir-external-provisioner-fips
- nginx
- nginx-fips
- node
- node-fips
- node-lts
- node-problem-detector
- nodetaint
- ntia-conformance-checker
- ntpd-rs
- nvidia-device-plugin
- oauth2-proxy
- openai
- opensearch
- opensearch-dashboards
- opensearch-dashboards-fips
- opentelemetry-collector-contrib
- opentelemetry-collector-contrib-fips
- opentf
- opentofu
- paranoia
- pgbouncer
- pgbouncer-fips
- php
- php-fpm_exporter
- postgres
- postgres-fips
- postgres-helm-compat
- postgres-operator
- postgres-operator-fips
- powershell
- prometheus
- prometheus-adapter
- prometheus-adapter-fips
- prometheus-alertmanager
- prometheus-alertmanager-fips
- prometheus-blackbox-exporter
- prometheus-cloudwatch-exporter
- prometheus-config-reloader
- prometheus-config-reloader-fips
- prometheus-elasticsearch-exporter
- prometheus-elasticsearch-exporter-fips
- prometheus-fips
- prometheus-logstash-exporter
- prometheus-logstash-exporter-fips
- prometheus-mongodb-exporter
- prometheus-mongodb-exporter-fips
- prometheus-mysqld-exporter
- prometheus-node-exporter
- prometheus-node-exporter-fips
- prometheus-operator
- prometheus-operator-fips
- prometheus-postgres-exporter
- prometheus-postgres-exporter-fips
- prometheus-pushgateway
- prometheus-pushgateway-bitnami
- prometheus-redis-exporter
- prometheus-redis-exporter-fips
- prometheus-statsd-exporter
- prometheus-statsd-exporter-fips
- promtail
- proxysql
- pulumi
- python
- pytorch-cuda12
- qdrant
- r-base
- rabbitmq
- rabbitmq-cluster-operator
- rabbitmq-messaging-topology-operator
- redis
- redis-cluster-bitnami
- redis-fips
- redis-sentinel
- redis-sentinel-bitnami
- redis-server-bitnami
- rekor-backfill-redis
- rekor-backfill-redis-fips
- rekor-cli
- rekor-cli-fips
- rekor-server
- rekor-server-fips
- rqlite
- rstudio
- rstudio-fips
- ruby
- rust
- secrets-store-csi-driver
- secrets-store-csi-driver-provider-gcp
- semgrep
- shadowsocks-rust-sslocal
- shadowsocks-rust-ssserver
- sigstore-policy-controller
- sigstore-policy-controller-fips
- sigstore-scaffolding-cloudsqlproxy
- sigstore-scaffolding-cloudsqlproxy-fips
- sigstore-scaffolding-ctlog-createctconfig
- sigstore-scaffolding-ctlog-createctconfig-fips
- sigstore-scaffolding-ctlog-managectroots
- sigstore-scaffolding-ctlog-managectroots-fips
- sigstore-scaffolding-ctlog-verifyfulcio
- sigstore-scaffolding-ctlog-verifyfulcio-fips
- sigstore-scaffolding-fulcio-createcerts
- sigstore-scaffolding-fulcio-createcerts-fips
- sigstore-scaffolding-getoidctoken
- sigstore-scaffolding-getoidctoken-fips
- sigstore-scaffolding-rekor-createsecret
- sigstore-scaffolding-rekor-createsecret-fips
- sigstore-scaffolding-trillian-createdb
- sigstore-scaffolding-trillian-createdb-fips
- sigstore-scaffolding-trillian-createtree
- sigstore-scaffolding-trillian-createtree-fips
- sigstore-scaffolding-trillian-updatetree
- sigstore-scaffolding-trillian-updatetree-fips
- sigstore-scaffolding-tsa-createcertchain
- sigstore-scaffolding-tsa-createcertchain-fips
- sigstore-scaffolding-tuf-createsecret
- sigstore-scaffolding-tuf-createsecret-fips
- sigstore-scaffolding-tuf-server
- sigstore-scaffolding-tuf-server-fips
- skaffold
- slim-toolkit-debug
- smarter-device-manager
- smarter-device-manager-fips
- solr
- spark-operator
- spire-agent
- spire-agent-fips
- spire-oidc-discovery-provider
- spire-oidc-discovery-provider-fips
- spire-server
- spire-server-fips
- sqlpad
- sqlpad-fips
- squid-proxy
- squid-proxy-fips
- stakater-reloader
- static
- statsd
- stunnel
- tekton-chains
- tekton-cli
- tekton-controller
- tekton-entrypoint
- tekton-events
- tekton-nop
- tekton-resolvers
- tekton-sidecarlogresults
- tekton-webhook
- tekton-workingdirinit
- telegraf
- tempo
- temporal-admin-tools
- temporal-admin-tools-fips
- temporal-server
- temporal-server-fips
- temporal-ui-server
- temporal-ui-server-fips
- terraform
- tesseract
- thanos
- thanos-fips
- thanos-operator
- thanos-operator-fips
- tigera-operator
- tigera-operator-fips
- timestamp-authority-cli
- timestamp-authority-server
- timoni
- tomcat
- traefik
- traefik-fips
- trillian-logserver
- trillian-logserver-fips
- trillian-logsigner
- trillian-logsigner-fips
- trino
- trust-manager
- trust-manager-fips
- vault
- vault-fips
- vault-k8s
- vector
- vela-cli
- velero
- velero-fips
- velero-plugin-for-aws
- velero-plugin-for-aws-fips
- velero-plugin-for-csi
- velero-plugin-for-csi-fips
- velero-restore-helper
- velero-restore-helper-fips
- vertical-pod-autoscaler-admission-controller
- vertical-pod-autoscaler-recommender
- vertical-pod-autoscaler-updater
- vt
- wait-for-it
- wasmer
- wasmtime
- wavefront-proxy
- wazero
- weaviate
- wolfi-base
- yara
- zig
- zookeeper
- zot
- How Images are Tested
- Product Release Lifecycle
- Debugging
- chainctl
- chainctl auth
- chainctl auth configure-docker
- chainctl auth login
- chainctl auth logout
- chainctl auth status
- chainctl config
- chainctl config edit
- chainctl config reset
- chainctl config save
- chainctl config set
- chainctl config unset
- chainctl config validate
- chainctl config view
- chainctl events
- chainctl events subscriptions
- chainctl events subscriptions create
- chainctl events subscriptions delete
- chainctl events subscriptions list
- chainctl iam
- chainctl iam account-associations
- chainctl iam account-associations check
- chainctl iam account-associations check aws
- chainctl iam account-associations check gcp
- chainctl iam account-associations describe
- chainctl iam account-associations set
- chainctl iam account-associations set aws
- chainctl iam account-associations set gcp
- chainctl iam account-associations unset
- chainctl iam account-associations unset aws
- chainctl iam account-associations unset gcp
- chainctl iam folders
- chainctl iam folders delete
- chainctl iam folders describe
- chainctl iam folders list
- chainctl iam folders update
- chainctl iam identities
- chainctl iam identities create
- chainctl iam identities create github
- chainctl iam identities create gitlab
- chainctl iam identities delete
- chainctl iam identities describe
- chainctl iam identities list
- chainctl iam identities update
- chainctl iam identity-providers
- chainctl iam identity-providers create
- chainctl iam identity-providers delete
- chainctl iam identity-providers list
- chainctl iam identity-providers update
- chainctl iam invites
- chainctl iam invites create
- chainctl iam invites delete
- chainctl iam invites list
- chainctl iam organizations
- chainctl iam organizations describe
- chainctl iam organizations list
- chainctl iam role-bindings
- chainctl iam role-bindings create
- chainctl iam role-bindings delete
- chainctl iam role-bindings list
- chainctl iam role-bindings update
- chainctl iam roles
- chainctl iam roles capabilities
- chainctl iam roles capabilities list
- chainctl iam roles create
- chainctl iam roles delete
- chainctl iam roles list
- chainctl iam roles update
- chainctl images
- chainctl images diff
- chainctl images list
- chainctl images repos
- chainctl images repos list
- chainctl update
- chainctl version
Open Source
Education
Image Overview: haproxy
A minimal haproxy base image rebuilt every night from source.
Download this Image
The image is available on cgr.dev
:
docker pull cgr.dev/chainguard/haproxy:latest
Usage
Similar to the docker-library/haproxy
image, this image does not come with any default configuration.
Please refer to upstream’s excellent (and comprehensive) documentation on the subject of configuring HAProxy for your needs.
Let say you have a haproxy.cfg
config file is current working directory. To test that configuration file, you can run the following command
docker run -it --rm -v "$(pwd):/etc/haproxy" --name haproxy-syntax-check cgr.dev/chainguard/haproxy haproxy -c -f /etc/haproxy/haproxy.cfg
In order for the container to work, you need to mount your custom haproxy.cfg
file in the container. The following example runs HAProxy with a custom configuration file:
docker run -it --rm -v "$(pwd):/etc/haproxy" cgr.dev/chainguard/haproxy haproxy -f /etc/haproxy/haproxy.cfg
Helm install
When installing in Kubernetes, securityContexts
that drop [ "ALL" ]
capabilities interfere with the setcap
privileged haproxy
. In order to support Kubernetes based installs which default to dropping ALL
capabilities, the necessary modifications must be made to add back NET_ADMIN
capabilities.
For example, in the ha-redis
chart used by argocd
, the values.yaml
becomes:
# values.yaml
haproxy:
enabled: true
containerSecurityContext:
capabilities:
add:
- NET_BIND_SERVICE
Last updated: 2024-04-11 12:38