k8schain – github.com/google/go-containerregistry/pkg/authn/k8schain Index | Files | Directories

package k8schain

import "github.com/google/go-containerregistry/pkg/authn/k8schain"

Package k8schain exposes an implementation of the authn.Keychain interface based on the semantics the Kubelet follows when pulling the images for a Pod in Kubernetes.

Index

Functions

func New 

func New(ctx context.Context, client kubernetes.Interface, opt Options) (authn.Keychain, error)

New returns a new authn.Keychain suitable for resolving image references as scoped by the provided Options. It speaks to Kubernetes through the provided client interface.

func NewFromPullSecrets 

func NewFromPullSecrets(ctx context.Context, pullSecrets []corev1.Secret) (authn.Keychain, error)

NewFromPullSecrets returns a new authn.Keychain suitable for resolving image references as scoped by the pull secrets.

func NewInCluster 

func NewInCluster(ctx context.Context, opt Options) (authn.Keychain, error)

NewInCluster returns a new authn.Keychain suitable for resolving image references as scoped by the provided Options, constructing a kubernetes.Interface based on in-cluster authentication.

func NewNoClient 

func NewNoClient(ctx context.Context) (authn.Keychain, error)

NewNoClient returns a new authn.Keychain that supports the portions of the K8s keychain that don't read ImagePullSecrets. This limits it to roughly the Node-identity-based authentication schemes in Kubernetes pkg/credentialprovider. This version of the k8schain drops the requirement that we run as a K8s serviceaccount with access to all of the on-cluster secrets. This drop in fidelity also diminishes its value as a stand-in for Kubernetes authentication, but this actually targets a different use-case. What remains is an interesting sweet spot: this variant can serve as a credential provider for all of the major public clouds, but in library form (vs. an executable you exec).

Types

type Options 

type Options = kauth.Options

Options holds configuration data for guiding credential resolution.

Source Files

doc.go k8schain.go

Directories

PathSynopsis
tests
tests/explicit
tests/implicit
tests/noauth
tests/serviceaccount
Version
v0.0.0-20250521000321-4eb8c4d84ef0 (latest)
Published
May 21, 2025
Platform
js/wasm
Imports
10 packages
Last checked
now

Tools for package owners.