Documentation ¶
Overview ¶
* Copyright (c) 2019 vChain, Inc. All Rights Reserved. * This software is released under GPL3. * The full license information can be found under: * https://www.gnu.org/licenses/gpl-3.0.en.html *
* Copyright (c) 2019 vChain, Inc. All Rights Reserved. * This software is released under GPL3. * The full license information can be found under: * https://www.gnu.org/licenses/gpl-3.0.en.html *
Index ¶
Constants ¶
const ( // DockerImageIDPrefix is the prefix of image id in container status. DockerImageIDPrefix = "docker://" // DockerPullableImageIDPrefix is the prefix of pullable image id in container status. DockerPullableImageIDPrefix = "docker-pullable://" // SHA256DigestPrefix is the prefix of supported image digest. SHA256DigestPrefix = "sha256:" )
Variables ¶
This section is empty.
Functions ¶
func NewKeychain ¶
func NewKeychain(client kubernetes.Interface, namespace string, serviceAccountName string, imagePullSecrets []string) (authn.Keychain, error)
NewKeychain returns a new authn.Keychain suitable for resolving image references as scoped by the provided namespace, serviceAccountName, and imagePullSecretes. It speaks to Kubernetes through the provided client interface.
func Resolve ¶
Resolve returns the actual image id (ie. the digest of the image's configuration) from a given ImageID of the container's image as per Kubernetes specs.
See https://github.com/google/go-containerregistry/blob/master/images/ociimage.jpeg for an overiew about image ids and references.
Supported formats:
- Local OCI image id (pre-pulled, `sha256:` prefix)
- Local docker image id (pre-pulled, `docker://sha256:` prefix)
- OCI pullable image reference
- Docker pullable image reference (prefix `docker-pullable://`)
Resolution strategy:
- Pre-pulled images are resolved directly (digest is the actual image id already)
- For pullable image references, the manifest is fetched from the respective registry using the auth keychain if needed. If manifest was a list, the image matching the current platform will be chosen. Finally, the config digest is returned.
Note:
- only sha256 digests are supported
- Docker Manifest v2 Schema 1 is deprecated and not supported anymore, see:
- https://docs.docker.com/engine/deprecated/#pushing-and-pulling-with-image-manifest-v2-schema-1 https://github.com/google/go-containerregistry/blob/master/pkg/v1/remote/descriptor.go#L111 https://github.com/google/go-containerregistry/issues/377
Types ¶
This section is empty.