mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-06 16:06:56 +00:00
Code Activity
kyverno/pkg/registryclient/client.go
Sambhav Kothari 1af9e48b0d
Add image data to validate image configs (#2946) 
* Add image data to validate image configs

Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>

* Add tests for image context

Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>

* Add e2e test cases for image size policy

Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>
2022-01-17 04:06:44 +00:00

50 lines
1.3 KiB
Go
Raw Blame History

package registryclient
import (
"context"
"github.com/google/go-containerregistry/pkg/authn"
"github.com/google/go-containerregistry/pkg/authn/k8schain"
"github.com/pkg/errors"
"k8s.io/client-go/kubernetes"
)
var (
Secrets []string
kubeClient kubernetes.Interface
kyvernoNamespace string
kyvernoServiceAccount string
)
// Initialize loads the image pull secrets and initializes the default auth method for container registry API calls
func Initialize(client kubernetes.Interface, namespace, serviceAccount string, imagePullSecrets []string) error {
kubeClient = client
kyvernoNamespace = namespace
kyvernoServiceAccount = serviceAccount
Secrets = imagePullSecrets
var kc authn.Keychain
kcOpts := &k8schain.Options{
Namespace: namespace,
ServiceAccountName: serviceAccount,
ImagePullSecrets: imagePullSecrets,
}
kc, err := k8schain.New(context.Background(), client, *kcOpts)
if err != nil {
return errors.Wrap(err, "failed to initialize registry keychain")
}
authn.DefaultKeychain = kc
return nil
}
// UpdateKeychain reinitializes the image pull secrets and default auth method for container registry API calls
func UpdateKeychain() error {
var err = Initialize(kubeClient, kyvernoNamespace, kyvernoServiceAccount, Secrets)
if err != nil {
return err
}
return nil
}
View git blame Copy permalink