package auth

nydus-snapshotter – github.com/containerd/nydus-snapshotter/pkg/auth Index | Files

import "github.com/containerd/nydus-snapshotter/pkg/auth"

Index ¶

Constants
Variables
func AddImageProxy(ctx context.Context, rpc *grpc.Server, imageServiceAddress string)
func InitKubeSecretListener(ctx context.Context, kubeconfigPath string) error
type KubeSecretListener

func (kubelistener *KubeSecretListener) GetCredentialsStore(host string) *PassKeyChain
func (kubelistener *KubeSecretListener) SyncKubeSecrets(ctx context.Context, clientset *kubernetes.Clientset) error

type PassKeyChain

func FromBase64(str string) (PassKeyChain, error)
func FromCRI(host, ref string) (*PassKeyChain, error)
func FromDockerConfig(host string) *PassKeyChain
func FromKubeSecretDockerConfig(host string) *PassKeyChain
func FromLabels(labels map[string]string) *PassKeyChain
func GetKeyChainByRef(ref string, labels map[string]string) (*PassKeyChain, error)
func GetRegistryKeyChain(host, ref string, labels map[string]string) *PassKeyChain
func (kc PassKeyChain) Resolve(_ authn.Resource) (authn.Authenticator, error)
func (kc PassKeyChain) ToBase64() string
func (kc PassKeyChain) TokenBase() bool

Constants ¶

const DefaultImageServiceAddress = "/run/containerd/containerd.sock"

Variables ¶

var Credentials []resolver.Credential = make([]resolver.Credential, 0, 8)

Should be concurrency safe

Functions ¶

func AddImageProxy ¶

func AddImageProxy(ctx context.Context, rpc *grpc.Server, imageServiceAddress string)

from stargz-snapshotter/cmd/containerd-stargz-grpc/main.go#main

func InitKubeSecretListener ¶

func InitKubeSecretListener(ctx context.Context, kubeconfigPath string) error

Types ¶

type KubeSecretListener ¶

type KubeSecretListener struct {
	// contains filtered or unexported fields
}

func (*KubeSecretListener) GetCredentialsStore ¶

func (kubelistener *KubeSecretListener) GetCredentialsStore(host string) *PassKeyChain

func (*KubeSecretListener) SyncKubeSecrets ¶

func (kubelistener *KubeSecretListener) SyncKubeSecrets(ctx context.Context, clientset *kubernetes.Clientset) error

type PassKeyChain ¶

type PassKeyChain struct {
	Username string
	Password string
}

PassKeyChain is user/password based key chain

func FromBase64 ¶

func FromBase64(str string) (PassKeyChain, error)

func FromCRI ¶

func FromCRI(host, ref string) (*PassKeyChain, error)

func FromDockerConfig ¶

func FromDockerConfig(host string) *PassKeyChain

FromDockerConfig finds auth for a given host in docker's config.json settings.

func FromKubeSecretDockerConfig ¶

func FromKubeSecretDockerConfig(host string) *PassKeyChain

func FromLabels ¶

func FromLabels(labels map[string]string) *PassKeyChain

FromLabels finds image pull username and secret from snapshot labels. Returned `nil` means no valid username and secret is passed, it should not override input nydusd configuration.

func GetKeyChainByRef ¶

func GetKeyChainByRef(ref string, labels map[string]string) (*PassKeyChain, error)

func GetRegistryKeyChain ¶

func GetRegistryKeyChain(host, ref string, labels map[string]string) *PassKeyChain

GetRegistryKeyChain get image pull keychain from (ordered): 1. username and secrets labels 2. cri request 3. docker config 4. k8s docker config secret

func (PassKeyChain) Resolve ¶

func (kc PassKeyChain) Resolve(_ authn.Resource) (authn.Authenticator, error)

func (PassKeyChain) ToBase64 ¶

func (kc PassKeyChain) ToBase64() string

func (PassKeyChain) TokenBase ¶

func (kc PassKeyChain) TokenBase() bool

TokenBase check if PassKeyChain is token based, when username is empty and password is not empty then password is registry token

Source Files ¶

docker.go image_proxy.go keychain.go kubesecret.go

Version: v0.15.1 (latest)
Published: Jan 26, 2025
Platform: linux/amd64
Imports: 32 packages
Last checked: 1 week ago –

Tools for package owners.

?	: This menu
/	: Search site
f	: Jump to identifier
g then g	: Go to top of page
g then b	: Go to end of page
G	: Go to end of page
g then i	: Go to index
g then e	: Go to examples