image

package

v0.2.5 Latest Latest Go to latest Published: Mar 12, 2020 License: GPL-3.0 Imports: 8 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/vchain-us/kube-notary

Links

Open Source Insights

Documentation ¶

Overview ¶

Index ¶

Constants
func NewKeychain(client kubernetes.Interface, namespace string, serviceAccountName string, ...) (authn.Keychain, error)
func Resolve(imageID string, keychain authn.Keychain) (string, error)

Constants ¶

View Source

const (
	// DockerImageIDPrefix is the prefix of image id in container status.
	DockerImageIDPrefix = "docker://"
	// DockerPullableImageIDPrefix is the prefix of pullable image id in container status.
	DockerPullableImageIDPrefix = "docker-pullable://"
	// SHA256DigestPrefix is the prefix of supported image digest.
	SHA256DigestPrefix = "sha256:"
)

Variables ¶

This section is empty.

Functions ¶

func NewKeychain ¶

func NewKeychain(client kubernetes.Interface, namespace string, serviceAccountName string, imagePullSecrets []string) (authn.Keychain, error)

NewKeychain returns a new authn.Keychain suitable for resolving image references as scoped by the provided namespace, serviceAccountName, and imagePullSecretes. It speaks to Kubernetes through the provided client interface.

func Resolve ¶

func Resolve(imageID string, keychain authn.Keychain) (string, error)

Resolve returns the actual image id (ie. the digest of the image's configuration) from a given ImageID of the container's image as per Kubernetes specs.

See https://github.com/google/go-containerregistry/blob/master/images/ociimage.jpeg for an overiew about image ids and references.

Supported formats:

Local OCI image id (pre-pulled, `sha256:` prefix)
Local docker image id (pre-pulled, `docker://sha256:` prefix)
OCI pullable image reference
Docker pullable image reference (prefix `docker-pullable://`)

Resolution strategy:

Pre-pulled images are resolved directly (digest is the actual image id already)
For pullable image references, the manifest is fetched from the respective registry using the auth keychain if needed. If manifest was a list, the image matching the current platform will be chosen. Finally, the config digest is returned.

Note:

only sha256 digests are supported
Docker Manifest v2 Schema 1 is deprecated and not supported anymore, see:
https://docs.docker.com/engine/deprecated/#pushing-and-pulling-with-image-manifest-v2-schema-1 https://github.com/google/go-containerregistry/blob/master/pkg/v1/remote/descriptor.go#L111 https://github.com/google/go-containerregistry/issues/377

Types ¶

This section is empty.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL