cleanstart/argo-workflow-exec

Verified Publisher

By CleanStart

Updated about 1 hour ago

Secure by Design, Built for Speed, Hardened Container Images on a minimal base CleanStart OS.

Image
Integration & delivery
0

10K+

cleanstart/argo-workflow-exec repository overview

Overview

The Argo Workflow Executor container provides a runtime environment for executing individual steps within Argo Workflows. It includes the necessary tooling to run workflow tasks, handle artifacts, manage script execution, and interface with the Argo Workflows controller. This container is designed to be lightweight yet capable of running diverse workloads as part of workflow automation.

📌 CleanStart Foundation: Security-hardened, minimal base OS designed for enterprise containerized environments.

Key Features
  • Built-in artifact handling (S3, Git, HTTP, etc)
  • Native script execution support (Python, Shell, JavaScript)
  • Workflow step isolation and security boundaries
  • Resource usage metrics collection
  • Security hardened: Non-root, minimal attack surface
  • FIPS compliance: Available with -fips tag
Common Use Cases
  • Running individual tasks within Argo Workflows
  • Executing data processing and transformation steps
  • Handling artifact transfers between workflow steps
  • Running CI/CD pipeline tasks
# Pull commands
docker pull cleanstart/argo-workflow-exec:latest
docker pull cleanstart/argo-workflow-exec:latest-dev

Quick Start

Basic Production Deployment

This container runs only the argoexec binary - typically managed by Argo Workflows controller

docker run --rm cleanstart/argo-workflow-exec:latest version

Container displays available argoexec commands and exits. Requires Kubernetes context for actual workflow operations.

Docker Compose

version: '3.8'
services:
  argo-workflow-exec:
    image: cleanstart/argo-workflow-exec:latest
    container_name: argo-workflow-exec
    command: ["version"]
    environment:
      - ARGO_NAMESPACE=default
    volumes:
      - ./artifacts:/tmp/artifacts
    security_opt:
      - no-new-privileges:true
    read_only: true
    tmpfs:
      - /tmp

Configuration

Environment Variables
VariableDefaultDescription
ARGO_TEMPLATE/templates/workflow.yamlPath to the workflow template file
ARGO_ARTIFACT_REPOSITORYdefaultArtifact repository configuration to use
Command Arguments

Common command line arguments

docker run cleanstart/argo-workflow-exec:latest --template /templates/workflow.yaml
Common Flags
  • --template: Specify the workflow template path
  • --artifact-repository: Configure artifact repository
  • --debug: Enable debug logging

Security & Best Practices

securityContext:
  runAsNonRoot: true
  runAsUser: 1000
  runAsGroup: 1000
  readOnlyRootFilesystem: true
  allowPrivilegeEscalation: false
  capabilities:
    drop: ["ALL"]
Best Practices
  • Use specific image tags for production (avoid latest)
  • Configure resource limits: memory: 1Gi, cpu: 500m
  • Enable read-only root filesystem
  • Regularly update container images
  • Implement artifact repository access controls
  • Monitor container metrics for anomalies

Architecture Support

Multi-Platform Images
docker pull --platform linux/amd64 cleanstart/argo-workflow-exec:latest
docker pull --platform linux/arm64 cleanstart/argo-workflow-exec:latest

Resources & Documentation


Vulnerability Disclaimer

CleanStart offers Docker images that include third-party open-source libraries and packages maintained by independent contributors. While CleanStart maintains these images and applies industry-standard security practices, it cannot guarantee the security or integrity of upstream components beyond its control.

Users acknowledge and agree that open-source software may contain undiscovered vulnerabilities or introduce new risks through updates. CleanStart shall not be liable for security issues originating from third-party libraries, including but not limited to zero-day exploits, supply chain attacks, or contributor-introduced risks.

Security remains a shared responsibility: CleanStart provides updated images and guidance where possible, while users are responsible for evaluating deployments and implementing appropriate controls.

Tag summary

Content type

Image

Digest

sha256:7cccbab7a

Size

100.5 MB

Last updated

about 1 hour ago

docker pull cleanstart/argo-workflow-exec:4.0.7-amd64-dev