Documentation ¶
Index ¶
Constants ¶
View Source
const ( // NoServiceAccount is a constant that can be passed via ServiceAccountName // to tell the keychain that looking up the service account is unnecessary. // This value cannot collide with an actual service account name because // service accounts do not allow spaces. NoServiceAccount = "no service account" )
Variables ¶
This section is empty.
Functions ¶
func New ¶
New returns a new authn.Keychain suitable for resolving image references as scoped by the provided Options. It speaks to Kubernetes through the provided client interface.
func NewFromPullSecrets ¶
NewFromPullSecrets returns a new authn.Keychain suitable for resolving image references as scoped by the pull secrets.
Types ¶
type Options ¶
type Options struct { // Namespace holds the namespace inside of which we are resolving service // account and pull secret references to access the image. // If empty, "default" is assumed. Namespace string // ServiceAccountName holds the serviceaccount (within Namespace) as which a // Pod might access the image. Service accounts may have image pull secrets // attached, so we lookup the service account to complete the keychain. // If empty, "default" is assumed. To avoid a service account lookup, pass // NoServiceAccount explicitly. ServiceAccountName string // ImagePullSecrets holds the names of the Kubernetes secrets (scoped to // Namespace) containing credential data to use for the image pull. ImagePullSecrets []string // UseMountSecrets determines whether or not mount secrets in the ServiceAccount // should be considered. Mount secrets are those listed under the `.secrets` // attribute of the ServiceAccount resource. Ignored if ServiceAccountName is set // to NoServiceAccount. UseMountSecrets bool }
Options holds configuration data for guiding credential resolution.
Click to show internal directories.
Click to hide internal directories.