package k8schain
import "github.com/google/go-containerregistry/pkg/authn/k8schain"
Package k8schain exposes an implementation of the authn.Keychain interface based on the semantics the Kubelet follows when pulling the images for a Pod in Kubernetes.
Index ¶
- func New(client kubernetes.Interface, opt Options) (authn.Keychain, error)
- func NewInCluster(opt Options) (authn.Keychain, error)
- func NewNoClient() (authn.Keychain, error)
- type Options
Functions ¶
func New ¶
New returns a new authn.Keychain suitable for resolving image references as scoped by the provided Options. It speaks to Kubernetes through the provided client interface.
func NewInCluster ¶
NewInCluster returns a new authn.Keychain suitable for resolving image references as scoped by the provided Options, constructing a kubernetes.Interface based on in-cluster authentication.
func NewNoClient ¶
NewNoClient returns a new authn.Keychain that supports the portions of the K8s keychain that don't read ImagePullSecrets. This limits it to roughly the Node-identity-based authentication schemes in Kubernetes pkg/credentialprovider. This version of the k8schain drops the requirement that we run as a K8s serviceaccount with access to all of the on-cluster secrets. This drop in fidelity also diminishes its value as a stand-in for Kubernetes authentication, but this actually targets a different use-case. What remains is an interesting sweet spot: this variant can serve as a credential provider for all of the major public clouds, but in library form (vs. an executable you exec).
Types ¶
type Options ¶
type Options struct {
// Namespace holds the namespace inside of which we are resolving the
// image reference. If empty, "default" is assumed.
Namespace string
// ServiceAccountName holds the serviceaccount as which the container
// will run (scoped to Namespace). If empty, "default" is assumed.
ServiceAccountName string
// ImagePullSecrets holds the names of the Kubernetes secrets (scoped to
// Namespace) containing credential data to use for the image pull.
ImagePullSecrets []string
}
Options holds configuration data for guiding credential resolution.
Source Files ¶
doc.go k8schain.go k8schain_aws.go k8schain_azure.go k8schain_gcp.go
Directories ¶
| Path | Synopsis |
|---|---|
| pkg/authn/k8schain/tests | |
| pkg/authn/k8schain/tests/explicit | |
| pkg/authn/k8schain/tests/implicit | |
| pkg/authn/k8schain/tests/noauth | |
| pkg/authn/k8schain/tests/serviceaccount |
- Version
- v0.1.0
- Published
- Jun 3, 2020
- Platform
- js/wasm
- Imports
- 13 packages
- Last checked
- 47 seconds ago –
Tools for package owners.