cleanstart/cadvisor

Verified Publisher

By CleanStart

•Updated about 12 hours ago

Secure by Design, Built for Speed, Hardened Container Images on a minimal base CleanStart OS.

Image
Web analytics
0

50K+

cleanstart/cadvisor repository overview

CleanStart Container for cAdvisor

cAdvisor (Container Advisor) provides container users with resource usage and performance characteristics of running containers. It is a running daemon that collects, aggregates, processes, and exports information about running containers. Specifically, for each container it keeps resource isolation parameters, historical resource usage, histograms of complete historical resource usage and network statistics. This container includes enterprise-grade security hardening and monitoring capabilities optimized for production deployments.

šŸ“Œ CleanStart Foundation: Security-hardened, minimal base OS designed for enterprise containerized environments.

Key Features

  • Real-time container resource monitoring and metrics collection
  • Native Prometheus metrics endpoint integration
  • Historical performance data analysis and storage
  • Enterprise-grade security with RBAC support

Common Use Cases

  • Container resource usage monitoring in production environments
  • Performance analysis and capacity planning for containerized applications
  • Resource utilization tracking for Kubernetes clusters
  • Container metrics collection for observability platforms

Quick Start

Pull Latest Image Download the container image from the registry

docker pull cleanstart/cadvisor:latest
docker pull cleanstart/cadvisor:latest-dev

Basic Run Run the container with basic configuration

docker run -d --name cadvisor -v /:/rootfs:ro -v /var/run:/var/run:ro -v /sys:/sys:ro -v /var/lib/docker/:/var/lib/docker:ro -v /dev/disk/:/dev/disk:ro -p 8080:8080 cleanstart/cadvisor:latest

Production Deployment Deploy with production security settings

docker run -d --name cadvisor-prod \
  --read-only \
  --security-opt=no-new-privileges \
  --user 1000:1000 \
  -v /:/rootfs:ro \
  -v /var/run:/var/run:ro \
  -v /sys:/sys:ro \
  -v /var/lib/docker/:/var/lib/docker:ro \
  -v /dev/disk/:/dev/disk:ro \
  -p 8080:8080 \
  cleanstart/cadvisor:latest

Volume Mount Mount required system directories for monitoring

docker run -d -v /:/rootfs:ro -v /var/run:/var/run:ro -v /sys:/sys:ro cleanstart/cadvisor:latest

Port Forwarding Run with metrics endpoint exposed

docker run -d -p 8080:8080 cleanstart/cadvisor:latest

Configuration

Environment Variables

VariableDefaultDescription
PATH/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/binSystem PATH configuration
CADVISOR_PORT8080Port for the cAdvisor metrics endpoint
CADVISOR_STORAGE_DURATION2m0sHow long to keep data in memory

Security & Best Practices

Recommended Security Context

securityContext:
  runAsNonRoot: true
  runAsUser: 1000
  runAsGroup: 1000
  readOnlyRootFilesystem: true
  allowPrivilegeEscalation: false
  capabilities:
    drop: ['ALL']

Best Practices

  • Use specific image tags for production (avoid latest)
  • Configure resource limits: memory and CPU constraints
  • Enable read-only root filesystem when possible
  • Run containers with non-root user (--user 1000:1000)
  • Use --security-opt=no-new-privileges flag
  • Regularly update container images for security patches
  • Implement proper network segmentation
  • Monitor container metrics for anomalies

Architecture Support

Multi-Platform Images

docker pull --platform linux/amd64 cleanstart/cadvisor:latest
docker pull --platform linux/arm64 cleanstart/cadvisor:latest

⁠Documentation Resources

Essential links and resources for further information

CleanStart Images: https://images.cleanstart.com/⁠

Community Images:
Docker Hub: https://hub.docker.com/u/cleanstart⁠
GitHub: https://github.com/cleanstart-containers⁠
AWS ECR Public Gallery: https://gallery.ecr.aws/cleanstart/⁠

Presence on Social Media:
Community: https://www.linkedin.com/groups/18324021/⁠
YouTube: https://www.youtube.com/@CleanStartOfficial⁠

Contribute to Container Use Cases: https://github.com/cleanstart-dev/cleanstart-use-cases/⁠

⁠Vulnerability Disclaimer

CleanStart offers Docker images that include third-party open-source libraries and packages maintained by independent contributors. While CleanStart maintains these images and applies industry-standard security practices, it cannot guarantee the security or integrity of upstream components beyond its control.

Users acknowledge and agree that open-source software may contain undiscovered vulnerabilities or introduce new risks through updates. CleanStart shall not be liable for security issues originating from third-party libraries, including but not limited to zero-day exploits, supply chain attacks, or contributor-introduced risks.

Security remains a shared responsibility: CleanStart provides updated images and guidance where possible, while users are responsible for evaluating deployments and implementing appropriate controls.

Tag summary

Content type

Image

Digest

sha256:38c3f89ea…

Size

31.7 MB

Last updated

about 12 hours ago

docker pull cleanstart/cadvisor:0.60.5-amd64