History

Matt Moore 1ad4295462 Update ggcr to pick up estargz and caching option (#1527 )		2020-12-21 10:09:21 -08:00
..
README.md	fix highwayhash	2019-12-21 12:18:09 -08:00
doc.go	Update go-containerregistry (#599 )	2019-03-06 10:39:51 -08:00
k8schain.go	Update ggcr to pick up estargz and caching option (#1527 )	2020-12-21 10:09:21 -08:00
k8schain_aws.go	upgrade go container registry to latest master	2020-03-18 15:00:49 -07:00
k8schain_azure.go	upgrade go container registry to latest master	2020-03-18 15:00:49 -07:00
k8schain_gcp.go	upgrade go container registry to latest master	2020-03-18 15:00:49 -07:00

README.md

`k8schain`

This is an implementation of the github.com/google/go-containerregistry library's authn.Keychain interface based on the authentication semantics used by the Kubelet when performing the pull of a Pod's images.

Usage

Creating a keychain

A k8schain keychain can be built via one of:

// client is a kubernetes.Interface
kc, err := k8schain.New(client, k8schain.Options{})
...

// This method is suitable for use by controllers or other in-cluster processes.
kc, err := k8schain.NewInCluster(k8schain.Options{})
...

Using the keychain

The k8schain keychain can be used directly as an authn.Keychain, e.g.

	auth, err := kc.Resolve(registry)
	if err != nil {
		...
	}

Or, it can be used to override the default keychain used by this process, which by default follows Docker's keychain semantics:

func init() {
	// Override the default keychain used by this process to follow the
	// Kubelet's keychain semantics.
	authn.DefaultKeychain = kc
}