flux: github.com/fluxcd/flux/pkg/registry Index | Files | Directories

package registry

import "github.com/fluxcd/flux/pkg/registry"

This package has types for dealing with image registries (e.g., quay.io, DockerHub, Google Container Registry, ..).


Package Files

aws.go azure.go client.go client_factory.go credentials.go doc.go gcp.go monitoring.go registry.go


const (
    EKS_SYSTEM_ACCOUNT    = "602401143452"
    EKS_SYSTEM_ACCOUNT_CN = "918309763551"
const (
    LabelRequestKind    = "kind"
    RequestKindTags     = "tags"
    RequestKindMetadata = "metadata"


var (
    ErrNoImageData       = errors.New("image data not available")
    ErrImageScanDisabled = errors.New("cannot perfom operation, image scanning is disabled")

func GetGCPOauthToken Uses

func GetGCPOauthToken(host string) (creds, error)

func ImageCredsWithAWSAuth Uses

func ImageCredsWithAWSAuth(lookup func() ImageCreds, logger log.Logger, config AWSRegistryConfig) (func() error, func() ImageCreds)

ImageCredsWithAWSAuth wraps an image credentials func with another that adds two capabilities:

- it will include or exclude images from ECR accounts and regions
  according to the config given; and,

- if it can reach the AWS API, it will obtain credentials for ECR
  accounts from it, automatically refreshing them when necessary.

It also returns a "pre-flight check" that can be used to verify that the AWS API is available while starting up.

ECR registry URLs look like this:


i.e., they can differ in the account ID and in the region. It's possible to refer to any registry from any cluster (although, being AWS, there will be a cost incurred). The config supplied can restrict based on the region:

- if a region or regions are supplied, exactly those regions shall
  be included;
- if no region is supplied, but it can be detected, the detected
  region is included
- if no region is supplied _or_ detected, no region is included

.. and on the account ID:

- if account IDs to include are supplied, only those are included
  - otherwise, all account IDs are included
  - the supplied list may be empty
with the exception
- if account IDs to _exclude_ are supplied, those shall be not be

func ImageCredsWithDefaults Uses

func ImageCredsWithDefaults(lookup func() ImageCreds, configPath string) (func() ImageCreds, error)

type AWSRegistryConfig Uses

type AWSRegistryConfig struct {
    Regions    []string
    AccountIDs []string
    BlockIDs   []string

AWSRegistryConfig supplies constraints for scanning AWS (ECR) image registries. Fields may be left empty.

type Client Uses

type Client interface {
    Tags(context.Context) ([]string, error)
    Manifest(ctx context.Context, ref string) (ImageEntry, error)

Client is a remote registry client for a particular image repository (e.g., for docker.io/fluxcd/flux). It is an interface so we can wrap it in instrumentation, write fake implementations, and so on.

func NewInstrumentedClient Uses

func NewInstrumentedClient(next Client) Client

type ClientFactory Uses

type ClientFactory interface {
    ClientFor(image.CanonicalName, Credentials) (Client, error)

ClientFactory supplies Client implementations for a given repo, with credentials. This is an interface so we can provide fake implementations.

type Credentials Uses

type Credentials struct {
    // contains filtered or unexported fields

Credentials to a (Docker) registry.

func NoCredentials Uses

func NoCredentials() Credentials

NoCredentials returns a usable but empty credentials object.

func ParseCredentials Uses

func ParseCredentials(from string, b []byte) (Credentials, error)

func (Credentials) Hosts Uses

func (cs Credentials) Hosts() []string

Hosts returns all of the hosts available in these credentials.

func (Credentials) Merge Uses

func (cs Credentials) Merge(c Credentials)

func (Credentials) String Uses

func (cs Credentials) String() string

type Excluded Uses

type Excluded struct {
    ExcludedReason string `json:",omitempty"`

type ImageCreds Uses

type ImageCreds map[image.Name]Credentials

ImageCreds is a record of which images need which credentials, which is supplied to us (probably by interrogating the cluster)

type ImageEntry Uses

type ImageEntry struct {
    image.Info `json:",omitempty"`

ImageEntry represents a result from looking up an image ref in an image registry. It's an either-or: either you get an image.Info, or you get a reason that the image should be treated as unusable (e.g., it's for the wrong architecture).

func (ImageEntry) MarshalJSON Uses

func (entry ImageEntry) MarshalJSON() ([]byte, error)

MarshalJSON does custom JSON marshalling for ImageEntry values. We need this because the struct embeds the image.Info type, which has its own custom marshaling, which would get used otherwise.

func (*ImageEntry) UnmarshalJSON Uses

func (entry *ImageEntry) UnmarshalJSON(bytes []byte) error

UnmarshalJSON does custom JSON unmarshalling for ImageEntry values.

type ImageScanDisabledRegistry Uses

type ImageScanDisabledRegistry struct{}

ImageScanDisabledRegistry is used when image scanning is disabled

func (ImageScanDisabledRegistry) GetImage Uses

func (i ImageScanDisabledRegistry) GetImage(image.Ref) (image.Info, error)

func (ImageScanDisabledRegistry) GetImageRepositoryMetadata Uses

func (i ImageScanDisabledRegistry) GetImageRepositoryMetadata(image.Name) (image.RepositoryMetadata, error)

type Registry Uses

type Registry interface {
    GetImageRepositoryMetadata(image.Name) (image.RepositoryMetadata, error)
    GetImage(image.Ref) (image.Info, error)

Registry is a store of image metadata.

func NewInstrumentedRegistry Uses

func NewInstrumentedRegistry(next Registry) Registry

type Remote Uses

type Remote struct {
    // contains filtered or unexported fields

func (*Remote) Manifest Uses

func (a *Remote) Manifest(ctx context.Context, ref string) (ImageEntry, error)

Manifest fetches the metadata for an image reference; currently assumed to be in the same repo as that provided to `NewRemote(...)`

func (*Remote) Tags Uses

func (a *Remote) Tags(ctx context.Context) ([]string, error)

Return the tags for this repository.

type RemoteClientFactory Uses

type RemoteClientFactory struct {
    Logger   log.Logger
    Limiters *middleware.RateLimiters
    Trace    bool

    // hosts with which to tolerate insecure connections (e.g., with
    // TLS_INSECURE_SKIP_VERIFY, or as a fallback, using HTTP).
    InsecureHosts []string
    // contains filtered or unexported fields

func (*RemoteClientFactory) ClientFor Uses

func (f *RemoteClientFactory) ClientFor(repo image.CanonicalName, creds Credentials) (Client, error)

func (*RemoteClientFactory) Succeed Uses

func (f *RemoteClientFactory) Succeed(repo image.CanonicalName)

Succeed exists merely so that the user of the ClientFactory can bump rate limits up if a repo's metadata has successfully been fetched.


cacheThis package implements an image metadata cache given a backing k-v store.
cache/memcachedThis package implements an image DB cache using memcached.

Package registry imports 35 packages (graph) and is imported by 14 packages. Updated 2020-10-18. Refresh now. Tools for package owners.