Categorygithub.com/mattmoor/k8schain
modulepackage
0.0.0-20180715140035-6b8334ad9b97
Repository: https://github.com/mattmoor/k8schain.git
Documentation: pkg.go.dev
Overview
Versions
1
Dependencies
11
Dependents
7
Files
122 SLOC

# README

k8schain

This is an implementation of the github.com/google/go-containerregistry library's authn.Keychain interface based on the authentication semantics used by the Kubelet when performing the pull of a Pod's images.

Usage

Creating a keychain

A k8schain keychain can be built via one of:

// client is a kubernetes.Interface
kc, err := k8schain.New(client, k8schain.Options{})
...

// This method is suitable for use by controllers or other in-cluster processes.
kc, err := k8schain.NewInCluster(k8schain.Options{})
...

Using the keychain

The k8schain keychain can be used directly as an authn.Keychain, e.g.

	auth, err := kc.Resolve(registry)
	if err != nil {
		...
	}

Or, it can be used to override the default keychain used by this process, which by default follows Docker's keychain semantics:

func init() {
	// Override the default keychain used by this process to follow the
	// Kubelet's keychain semantics.
	authn.DefaultKeychain = kc
}

# Packages

No description provided by the author

# Functions

New returns a new authn.Keychain suitable for resolving image references as scoped by the provided Options.
NewInCluster returns a new authn.Keychain suitable for resolving image references as scoped by the provided Options, constructing a kubernetes.Interface based on in-cluster authentication.
NewNoClient returns a new authn.Keychain that supports the portion of the K8s keychain that don't read ImagePullSecrets.

# Structs

Options holds configuration data for guiding credential resolution.