package kubernetes
import "github.com/google/go-containerregistry/pkg/authn/kubernetes"
Index ¶
- Constants
- func New(ctx context.Context, client kubernetes.Interface, opt Options) (authn.Keychain, error)
- func NewFromPullSecrets(ctx context.Context, secrets []corev1.Secret) (authn.Keychain, error)
- func NewInCluster(ctx context.Context, opt Options) (authn.Keychain, error)
- type Options
Constants ¶
const ( // NoServiceAccount is a constant that can be passed via ServiceAccountName // to tell the keychain that looking up the service account is unnecessary. // This value cannot collide with an actual service account name because // service accounts do not allow spaces. NoServiceAccount = "no service account" )
Functions ¶
func New ¶
New returns a new authn.Keychain suitable for resolving image references as scoped by the provided Options. It speaks to Kubernetes through the provided client interface.
func NewFromPullSecrets ¶
NewFromPullSecrets returns a new authn.Keychain suitable for resolving image references as scoped by the pull secrets.
func NewInCluster ¶
NewInCluster returns a new authn.Keychain suitable for resolving image references as scoped by the provided Options, constructing a kubernetes.Interface based on in-cluster authentication.
Types ¶
type Options ¶
type Options struct {
// Namespace holds the namespace inside of which we are resolving service
// account and pull secret references to access the image.
// If empty, "default" is assumed.
Namespace string
// ServiceAccountName holds the serviceaccount (within Namespace) as which a
// Pod might access the image. Service accounts may have image pull secrets
// attached, so we lookup the service account to complete the keychain.
// If empty, "default" is assumed. To avoid a service account lookup, pass
// NoServiceAccount explicitly.
ServiceAccountName string
// ImagePullSecrets holds the names of the Kubernetes secrets (scoped to
// Namespace) containing credential data to use for the image pull.
ImagePullSecrets []string
// UseMountSecrets determines whether or not mount secrets in the ServiceAccount
// should be considered. Mount secrets are those listed under the `.secrets`
// attribute of the ServiceAccount resource. Ignored if ServiceAccountName is set
// to NoServiceAccount.
UseMountSecrets bool
}
Options holds configuration data for guiding credential resolution.
Source Files ¶
- Version
- v0.0.0-20250521000321-4eb8c4d84ef0 (latest)
- Published
- May 21, 2025
- Platform
- linux/amd64
- Imports
- 15 packages
- Last checked
- now –
Tools for package owners.