Documentation
¶
Index ¶
Constants ¶
View Source
const ( // NoServiceAccount is a constant that can be passed via ServiceAccountName // to tell the keychain that looking up the service account is unnecessary. // This value cannot collide with an actual service account name because // service accounts do not allow spaces. NoServiceAccount = "no service account" )
Variables ¶
This section is empty.
Functions ¶
func New ¶
New returns a new authn.Keychain suitable for resolving image references as scoped by the provided Options. It speaks to Kubernetes through the provided client interface.
func NewFromPullSecrets ¶
NewFromPullSecrets returns a new authn.Keychain suitable for resolving image references as scoped by the pull secrets.
Types ¶
type Options ¶
type Options struct {
// Namespace holds the namespace inside of which we are resolving service
// account and pull secret references to access the image.
// If empty, "default" is assumed.
Namespace string
// ServiceAccountName holds the serviceaccount (within Namespace) as which a
// Pod might access the image. Service accounts may have image pull secrets
// attached, so we lookup the service account to complete the keychain.
// If empty, "default" is assumed. To avoid a service account lookup, pass
// NoServiceAccount explicitly.
ServiceAccountName string
// ImagePullSecrets holds the names of the Kubernetes secrets (scoped to
// Namespace) containing credential data to use for the image pull.
ImagePullSecrets []string
// UseMountSecrets determines whether or not mount secrets in the ServiceAccount
// should be considered. Mount secrets are those listed under the `.secrets`
// attribute of the ServiceAccount resource. Ignored if ServiceAccountName is set
// to NoServiceAccount.
UseMountSecrets bool
}
Options holds configuration data for guiding credential resolution.
Source Files
Click to show internal directories.
Click to hide internal directories.