services

package

v0.0.4 Latest Latest Go to latest Published: Feb 11, 2022 License: Apache-2.0 Imports: 33 Imported by: 2

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/shipwright-io/image

Links

Open Source Insights

Documentation ¶

Index ¶

type Image
- func NewImage(corinf informers.SharedInformerFactory, imgcli imgclient.Interface, ...) *Image
type ImageIO
- func NewImageIO(corinf informers.SharedInformerFactory, imgcli imgclient.Interface, ...) *ImageIO
- func (t *ImageIO) Pull(ctx context.Context, ns, name string) (*os.File, func(), error)
- func (t *ImageIO) Push(ctx context.Context, ns, name string, fpath string) error
type ImageImport
- func NewImageImport(corinf informers.SharedInformerFactory, imgcli imgclient.Interface, ...) *ImageImport
type ImportOpts
type LocalRegistryHostingV1
type MirrorRegistryConfig
type NewImageOpts
type SysContext
- func NewSysContext(corinf informers.SharedInformerFactory) *SysContext
type User
- func NewUser(corcli corecli.Interface) *User
- func (u *User) CanUpdateImages(ctx context.Context, ns, token string) error

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Image ¶

type Image struct {
	// contains filtered or unexported fields
}

Image gather all actions related to image img objects.

func NewImage ¶

func NewImage(
	corinf informers.SharedInformerFactory,
	imgcli imgclient.Interface,
	imginf imginform.SharedInformerFactory,
) *Image

NewImage returns a handler for all image img related services. I have chosen to go with a lazy approach here, you can pass or omit (nil) any parameter, it is up to the caller to decide what is needed for each specific case.

func (*Image) AddEventHandler ¶

func (t *Image) AddEventHandler(handler cache.ResourceEventHandler)

AddEventHandler adds a handler to Image related events.

func (*Image) Get ¶

func (t *Image) Get(ctx context.Context, ns, name string) (*imgv1b1.Image, error)

Get returns a Image object. Returned object is already a copy of the cached object and may be modified by caller as needed.

func (*Image) NewImage ¶

func (t *Image) NewImage(ctx context.Context, o NewImageOpts) (*imgv1b1.Image, error)

NewImage creates and saves a new Image object. Saves it to kubernetes api before returning.

func (*Image) RecentlyFinishedImports ¶

func (t *Image) RecentlyFinishedImports(
	ctx context.Context, img *imgv1b1.Image,
) ([]imgv1b1.ImageImport, error)

RecentlyFinishedImports return all processed ImageImport objects that refer to provided Image and have not being yet marked as already consumed. They are returned in a sorted (from oldest to newest) slice.

func (*Image) Sync ¶

func (t *Image) Sync(ctx context.Context, img *imgv1b1.Image) error

Sync manages image updates, assuring we have the image imported. Beware that we change Image in place before updating it on api server, i.e. use DeepCopy() before passing the image object in.

func (*Image) Validate ¶

func (t *Image) Validate(ctx context.Context, img *imgv1b1.Image) error

Validate checks if provided Image contains all mandatory fields. At this stage we only verify if it contain the necessary fields.

type ImageIO ¶

type ImageIO struct {
	// contains filtered or unexported fields
}

ImageIO is an entity that gather operations related to Image images input and output. This entity allow users to pull images from or to push images to our mirror registry.

func NewImageIO ¶

func NewImageIO(
	corinf informers.SharedInformerFactory,
	imgcli imgclient.Interface,
	imginf imginform.SharedInformerFactory,
) *ImageIO

NewImageIO returns a new ImageIO object, capable of pulling and pushing Images from our configured mirror registry.

func (*ImageIO) Pull ¶

func (t *ImageIO) Pull(ctx context.Context, ns, name string) (*os.File, func(), error)

Pull saves an Image into a tar file and returns a reader from where the image content can be read. Caller is responsible for cleaning up after the returned resources by calling the returned function.

func (*ImageIO) Push ¶

func (t *ImageIO) Push(ctx context.Context, ns, name string, fpath string) error

Push expects "fpath" to point to a valid docker image stored on disk as a tar file, reads it and then pushes it to our mirror registry through an image store implementation.

type ImageImport ¶

type ImageImport struct {
	// contains filtered or unexported fields
}

ImageImport gather all actions related to image import objects.

func NewImageImport ¶

func NewImageImport(
	corinf informers.SharedInformerFactory,
	imgcli imgclient.Interface,
	imginf imginform.SharedInformerFactory,
) *ImageImport

NewImageImport returns a handler for all Image import related services. I have chosen to go with a lazy approach here, you can pass or omit (nil) any parameter, it is up to the caller to decide what is needed for each specific case. So far this is the best approach, I still plan to review this.

func (*ImageImport) AddEventHandler ¶

func (t *ImageImport) AddEventHandler(handler cache.ResourceEventHandler)

AddEventHandler adds a handler to Image related events.

func (*ImageImport) Delete ¶

func (t *ImageImport) Delete(ctx context.Context, ii *imgv1b1.ImageImport) error

Delete deletes an ImageImport according to some rules. In order to delete an import this import must be flagged as consumed for at least one hour. The exception made is if the import has a bogus or "unparseable" consume timestamp, then we log the fact and delete. We only return an error when we actually attempt to delete using k8s api, if the import is filtered out by any of the forementioned rules a nil is returned instead.

func (*ImageImport) Get ¶

func (t *ImageImport) Get(ctx context.Context, ns, name string) (*imgv1b1.ImageImport, error)

Get returns a ImageImport object. Returned object is already a copy of the cached object and may be modified by caller as needed.

func (*ImageImport) HashReferenceByImage ¶

func (t *ImageImport) HashReferenceByImage(
	ctx context.Context, imgref types.ImageReference, sysctxs []*types.SystemContext,
) (types.ImageReference, *types.SystemContext, error)

HashReferenceByImage attempts to obtain the hash for a given image on a remote registry. It receives an image reference pointing to an image by its tag (reg.io/repo/img:tag) and returns a image reference by hash (reg.io/repo/img@sha256:abc...). It runs through provided system contexts trying all of them. If no SystemContext is present it does one attempt without authentication. Returns the image reference and the SystemContext that worked or an error.

func (*ImageImport) Import ¶

func (t *ImageImport) Import(
	ctx context.Context, ii *imgv1b1.ImageImport,
) (*imgv1b1.HashReference, error)

Import runs an import on provided ImageImport. By Import here we mean to discover what is the current hash for a given image in a given tag. We look for the image in all configured unqualified registries using all authentications we can find for the registry in the ImageImport namespace. If the image is set to be mirrored we push the image to our mirror registry.

func (*ImageImport) NewImageFor ¶

func (t *ImageImport) NewImageFor(
	ctx context.Context, ii *imgv1b1.ImageImport,
) (*imgv1b1.Image, error)

NewImageFor creates a new Image object based on provided ImageImport. Embrace yourselves, from now on I declare WAR on this source code! XXX it may be a good idea to merge ImageImport and Image services into a single entity.

func (*ImageImport) NewImport ¶

func (t *ImageImport) NewImport(ctx context.Context, o ImportOpts) (*imgv1b1.ImageImport, error)

NewImport uses provided ImportOpts to create a new ImageImport object and send it to the cluster. Returns the created object or an error.

func (*ImageImport) Sync ¶

func (t *ImageImport) Sync(ctx context.Context, ii *imgv1b1.ImageImport) error

Sync manages image import change, assuring we have the image imported. Beware that we change ImageImport in place before updating it on api server, i.e. use DeepCopy() before passing the image import in.

func (*ImageImport) Validate ¶

func (t *ImageImport) Validate(ctx context.Context, imp *imgv1b1.ImageImport) error

Validate checks if provided ImageImport contain all mandatory fields. If ImageImport does contains an empty "spec.from" we attempt to load the targetImage.

type ImportOpts ¶

type ImportOpts struct {
	Namespace   string
	TargetImage string
	From        string
	Mirror      *bool
	Insecure    *bool
}

ImportOpts holds the options necessary to call ImageImport.NewImport().

type LocalRegistryHostingV1 ¶

type LocalRegistryHostingV1 struct {
	// Host documents the host (hostname and port) of the registry, as seen from outside the
	// cluster. This is the registry host that tools outside the cluster should push images
	// to.
	Host string `yaml:"host,omitempty"`

	// HostFromClusterNetwork documents the host (hostname and port) of the registry, as seen
	// from networking inside the container pods. This is the registry host that tools running
	// on pods inside the cluster should push images to. If not set, then tools inside the
	// cluster should assume the local registry is not available to them.
	HostFromClusterNetwork string `yaml:"hostFromClusterNetwork,omitempty"`

	// HostFromContainerRuntime documents the host (hostname and port) of the registry, as
	// seen from the cluster's container runtime. When tools apply Kubernetes objects to the
	// cluster, this host should be used for image name fields. If not set, users of this
	// field should use the value of Host instead. Note that it doesn't make sense
	// semantically to define this field, but not define Host or HostFromClusterNetwork. That
	// would imply a way to pull images without a way to push images.
	HostFromContainerRuntime string `yaml:"hostFromContainerRuntime,omitempty"`

	// Help contains a URL pointing to documentation for users on how to set up and configure
	// a local registry. Tools can use this to nudge users to enable the registry.
	// When possible, the writer should use as permanent a URL as possible to prevent drift
	// (e.g., a version control SHA). When image pushes to a registry host specified in one of
	// the other fields fail, the tool should display this help URL to the user. The help URL
	// should contain instructions on how to diagnose broken or misconfigured registries.
	Help string `yaml:"help,omitempty"`
}

LocalRegistryHostingV1 describes a local registry that developer tools can connect to. A local registry allows clients to load images into the local cluster by pushing to this registry. This is a verbatim copy of what is in the enhancement proposal at https://github.com/kubernetes/enhancements repo keps/sig-cluster-lifecycle/generic/1755-communicating-a-local-registry

type MirrorRegistryConfig ¶

type MirrorRegistryConfig struct {
	Address    string
	Username   string
	Password   string
	Repository string
	Token      string
	Insecure   bool
}

MirrorRegistryConfig holds the needed data that allows imgctrl to contact the mirror registry.

type NewImageOpts ¶

type NewImageOpts struct {
	Namespace string
	Name      string
	From      string
	Mirror    bool
	Insecure  bool
}

NewImageOpts holds the options necessary to call Image.NewImage().

type SysContext ¶

type SysContext struct {
	// contains filtered or unexported fields
}

SysContext groups tasks related to system context/configuration, deal with things such as configured docker authentications or unqualified registries configs.

func NewSysContext ¶

func NewSysContext(corinf informers.SharedInformerFactory) *SysContext

NewSysContext returns a new SysContext helper.

func (*SysContext) DefaultPolicyContext ¶

func (s *SysContext) DefaultPolicyContext() (*signature.PolicyContext, error)

DefaultPolicyContext returns the default policy context. XXX this should be reviewed.

func (*SysContext) GetRegistryStore ¶

func (s *SysContext) GetRegistryStore(ctx context.Context) (*imagestore.Registry, error)

GetRegistryStore creates an instance of an Registry store entity configured to use our mirror registry as underlying storage.

func (*SysContext) MirrorConfig ¶

func (s *SysContext) MirrorConfig() (MirrorRegistryConfig, error)

MirrorConfig returns the mirror configuration as read from Shipwright namespace or from the kube-public namespace as per KEP.

func (*SysContext) MirrorRegistryAddresses ¶

func (s *SysContext) MirrorRegistryAddresses() (string, string, error)

MirrorRegistryAddresses returns the configured registry address used for mirroring images. This is implemented to comply with KEP at https://github.com/kubernetes/enhancements/ repo, see keps/sig-cluster-lifecycle/generic/1755-communicating-a-local-registry. There are two ways of providing the mirror registry information, the first one is to populate a secret in the current namespace, the other one is by complying with the KEP. We give preference for the secret in the current namespace.

func (*SysContext) MirrorRegistryContext ¶

func (s *SysContext) MirrorRegistryContext(ctx context.Context) *types.SystemContext

MirrorRegistryContext returns the context to be used when talking to the the registry used for mirroring images.

func (*SysContext) ParseMirrorRegistryConfig ¶

func (s *SysContext) ParseMirrorRegistryConfig() (*LocalRegistryHostingV1, error)

ParseMirrorRegistryConfig reads configmap local-registry-hosting from kube-public namespace, parses its content and returns the local registry configuration.

func (*SysContext) ParseShipwrightMirrorRegistryConfig ¶

func (s *SysContext) ParseShipwrightMirrorRegistryConfig() (MirrorRegistryConfig, error)

ParseShipwrightMirrorRegistryConfig parses a secret called "mirror-registry-config" in the pod namespace. This secret holds information on how to connect to the mirror registry.

func (*SysContext) RegistriesToSearch ¶

func (s *SysContext) RegistriesToSearch(ctx context.Context, domain string) ([]string, error)

RegistriesToSearch returns a list of registries to be used when looking for an image. It is either the provided domain or a list of unqualified domains configured globally and returned by UnqualifiedRegistries(). This function is used when trying to understand what an user means when she/he simply asks to import an image called "centos:latest" for instance, in what registries do we need to look for this image? This is the place where we can implement a mirror search.

func (*SysContext) SystemContextsFor ¶

func (s *SysContext) SystemContextsFor(
	ctx context.Context,
	imgref types.ImageReference,
	namespace string,
	insecure bool,
) ([]*types.SystemContext, error)

SystemContextsFor builds a series of types.SystemContexts, all of them using one of the auth credentials present in the namespace. The last entry is always a nil SystemContext, this last entry means "no auth". Insecure indicate if the returned SystemContexts tolerate invalid TLS certificates.

func (*SysContext) UnqualifiedRegistries ¶

func (s *SysContext) UnqualifiedRegistries(ctx context.Context) ([]string, error)

UnqualifiedRegistries returns the list of unqualified registries configured on the system. XXX this is a place holder as we most likely gonna need to read this from a configuration somewhere.

type User ¶

type User struct {
	// contains filtered or unexported fields
}

User entity gather operations related to Kubernetes users such as token validations and authorization.

func NewUser ¶

func NewUser(corcli corecli.Interface) *User

NewUser returns an User handler capable of managing authentication and authorization for Kubernetes users.

func (*User) CanUpdateImages ¶

func (u *User) CanUpdateImages(ctx context.Context, ns, token string) error

CanUpdateImages returns nil if provided token is able to update Image entities in a namespace.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL