Software Bill of Materials (SBOM)
Version: 1.1.0 Generated: 2024-12-15 Format: Custom Markdown (CycloneDX-compatible structure)
Overview
This SBOM documents all software components, dependencies, and third-party resources used in the e6data Kubernetes Platform.
System Components
| Component | Type | Purpose | Repository |
| e6-operator | Kubernetes Operator | CRD management, reconciliation | e6-operator/ |
| e6-apiserver | REST API Server | CRUD operations on CRDs | e6-apiserver/ |
| e6-ui | Web UI | Management console | e6-ui/ |
| envoy-xds | xDS Control Plane | Envoy configuration management | envoy-xds/ |
Container Images
Base Images
| Image | Version | Architecture | Purpose |
golang:1.24 | 1.24 | linux/amd64, linux/arm64 | Build stage (cross-compilation) |
node:20-alpine | 20-alpine | linux/amd64 | UI build stage |
gcr.io/distroless/static:nonroot | latest | amd64, arm64 | Final runtime image |
Built Images
| Image | Registry | Description |
e6-operator | us-docker.pkg.dev/e6data-analytics/e6data | Kubernetes operator |
e6-console | us-docker.pkg.dev/e6data-analytics/e6data | Combined API + UI server |
xds-control-plane | us-docker.pkg.dev/e6data-analytics/e6data | Envoy xDS control plane |
Third-Party Components (Deployed by Operator)
Core Infrastructure
| Component | Version | License | Purpose |
| Envoy Proxy | v1.31+ | Apache-2.0 | gRPC traffic routing |
| Pomerium | v0.27+ | Apache-2.0 | Authentication gateway (AuthGateway CRD) |
| Vector | 0.34+ | MPL-2.0 | Log and metrics collection (MonitoringServices CRD) |
| GreptimeDB | 0.9+ | Apache-2.0 | Time-series database for query history |
| cert-manager | 1.10+ | Apache-2.0 | TLS certificate management |
| Karpenter | 0.32+ | Apache-2.0 | Node auto-provisioning (optional) |
External Catalog Integrations
| Catalog Type | Integration | License |
| AWS Glue | AWS SDK | Apache-2.0 |
| Hive Metastore | Thrift | Apache-2.0 |
| Databricks Unity | REST API | Proprietary |
| Apache Iceberg | REST Catalog | Apache-2.0 |
| Delta Lake | REST API | Apache-2.0 |
Go Dependencies
e6-operator (Primary Module)
Go Version: 1.24.0
Direct Dependencies
| Package | Version | License | Purpose |
k8s.io/api | v0.28.3 | Apache-2.0 | Kubernetes API types |
k8s.io/apimachinery | v0.28.3 | Apache-2.0 | Kubernetes API machinery |
k8s.io/client-go | v0.28.3 | Apache-2.0 | Kubernetes client |
sigs.k8s.io/controller-runtime | v0.16.3 | Apache-2.0 | Controller framework |
github.com/gin-gonic/gin | v1.11.0 | MIT | HTTP framework |
github.com/robfig/cron/v3 | v3.0.1 | MIT | Cron expression parsing |
github.com/stretchr/testify | v1.11.1 | MIT | Testing framework |
k8s.io/utils | v0.0.0-... | Apache-2.0 | Kubernetes utilities |
Key Transitive Dependencies
| Package | Version | License | Purpose |
github.com/prometheus/client_golang | v1.19.1 | Apache-2.0 | Prometheus metrics |
go.uber.org/zap | v1.25.0 | MIT | Structured logging |
google.golang.org/protobuf | v1.36.9 | BSD-3-Clause | Protocol buffers |
gopkg.in/yaml.v3 | v3.0.1 | MIT | YAML parsing |
github.com/go-playground/validator/v10 | v10.27.0 | MIT | Struct validation |
e6-apiserver
Go Version: 1.24.0
Additional Direct Dependencies
| Package | Version | License | Purpose |
github.com/gin-contrib/cors | v1.6.0 | MIT | CORS middleware |
github.com/e6data/e6-operator | local | Proprietary | Shared CRD types |
envoy-xds
Go Version: 1.24.0
Direct Dependencies
| Package | Version | License | Purpose |
github.com/envoyproxy/go-control-plane | v0.11.1 | Apache-2.0 | Envoy xDS API |
google.golang.org/grpc | v1.58.3 | Apache-2.0 | gRPC framework |
google.golang.org/protobuf | v1.36.9 | BSD-3-Clause | Protocol buffers |
k8s.io/api | v0.28.3 | Apache-2.0 | Kubernetes API types |
k8s.io/apimachinery | v0.28.3 | Apache-2.0 | Kubernetes API machinery |
k8s.io/client-go | v0.28.3 | Apache-2.0 | Kubernetes client |
Key Transitive Dependencies
| Package | Version | License | Purpose |
github.com/cncf/xds/go | v0.0.0-... | Apache-2.0 | xDS protocol types |
github.com/envoyproxy/protoc-gen-validate | v1.0.2 | Apache-2.0 | Protobuf validation |
Frontend Dependencies (e6-ui)
Node Version: 20.x Package Manager: npm
Production Dependencies
| Package | Version | License | Purpose |
react | ^19.2.0 | MIT | UI framework |
react-dom | ^19.2.0 | MIT | React DOM renderer |
react-router-dom | ^7.10.1 | MIT | Client-side routing |
@tanstack/react-query | ^5.90.12 | MIT | Data fetching/caching |
axios | ^1.13.2 | MIT | HTTP client |
@headlessui/react | ^2.2.9 | MIT | Accessible UI components |
@heroicons/react | ^2.2.0 | MIT | Icon library |
Development Dependencies
| Package | Version | License | Purpose |
vite | ^7.2.4 | MIT | Build tool |
typescript | ~5.9.3 | Apache-2.0 | Type checking |
tailwindcss | ^4.1.17 | MIT | CSS framework |
@tailwindcss/forms | ^0.5.10 | MIT | Form styling |
@vitejs/plugin-react | ^5.1.1 | MIT | React plugin for Vite |
eslint | ^9.39.1 | MIT | Linting |
postcss | ^8.5.6 | MIT | CSS processing |
autoprefixer | ^10.4.22 | MIT | CSS autoprefixer |
Custom Resource Definitions (CRDs)
API Group: e6data.io
| CRD | API Version | Short Names | Purpose |
NamespaceConfig | v1alpha1 | nsconfig, nsc | Namespace infrastructure settings |
MetadataServices | v1alpha1 | mds, metadata | Storage and Schema services |
QueryService | v1alpha1 | qs, cluster | Query execution cluster |
E6Catalog | v1alpha1 | e6cat | External catalog registration |
CatalogRefresh | v1alpha1 | cr, catalogref | One-time catalog refresh |
CatalogRefreshSchedule | v1alpha1 | crs, refreshschedule | Scheduled catalog refresh |
Pool | v1alpha1 | pool | Shared compute resources |
Governance | v1alpha1 | gov, governance | Data access policies |
GreptimeDBCluster | v1alpha1 | gdb, greptime | Time-series database |
MonitoringServices | v1alpha2 | ms, monitoring | Logs and metrics collection |
TrafficInfra | v1alpha2 | ti | xDS + Envoy traffic routing |
AuthGateway | v1alpha1 | ag | Pomerium authentication gateway |
E6Console | v1alpha1 | e6c, console | Management console deployment |
Security Considerations
Container Security
- All final images use
gcr.io/distroless/static:nonroot base - Containers run as non-root user (UID 65532)
- No shell available in production images
- Multi-stage builds minimize attack surface
Network Security
- TLS support for AuthGateway (manual secret or cert-manager)
- mTLS between Envoy proxies and backends (h2c for internal)
- gRPC traffic encrypted at ingress via Pomerium
RBAC
- Operator uses least-privilege ClusterRole
- Namespace-scoped resources where possible
- Service accounts per component type
Kubernetes Compatibility
| Component | Minimum K8s | Tested K8s | Notes |
| e6-operator | 1.24 | 1.28-1.31 | Uses controller-runtime v0.16 |
| CRDs | 1.24 | 1.28-1.31 | apiextensions/v1 |
| Webhooks | 1.24 | 1.28-1.31 | Requires cert-manager |
Cloud Provider Support
| Cloud | Object Storage | Metastore | Node Provisioning |
| AWS | S3 (s3a://) | Glue, Hive | Karpenter |
| GCP | GCS (gs://) | Hive, BigQuery | Karpenter |
| Azure | Blob (abfs://) | Hive, Unity | Karpenter |
| Linode | S3-compatible | Hive | LKE Pools |
License Summary
| License | Count | Notable Packages |
| Apache-2.0 | 45+ | Kubernetes, Envoy, gRPC, Prometheus |
| MIT | 30+ | React, Gin, Tailwind, Vite |
| BSD-3-Clause | 5+ | Protocol Buffers, Go stdlib |
| MPL-2.0 | 1 | Vector |
Version History
| Version | Date | Changes |
| 1.1.0 | 2024-12-15 | Added AuthGateway TLS, E6Console, TrafficInfra v1alpha2 |
| 1.0.0 | 2024-11-01 | Initial SBOM |
References