imageresolver

package
v0.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 10, 2026 License: Apache-2.0 Imports: 16 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type DigestResolver 

type DigestResolver interface {
	// Resolve resolves an image reference (tag or digest) to its manifest digest.
	// For tag-based refs, it checks the cache first, then queries the registry
	// via HTTP HEAD on cache miss. For digest-based refs (@sha256:...), it
	// extracts and returns the digest directly.
	// Use WithPullSecrets to provide registry credentials for private images.
	Resolve(ctx context.Context, imageRef string, opts ...ResolveOption) (string, error)

	// ResolveConfigDigest resolves an image reference to its config digest
	// (the "image ID" shown by docker inspect / docker images --no-trunc).
	// Unlike manifest digests, the config digest is stable across re-pushes
	// and across registries when the image layers are identical.
	// This requires fetching the manifest body (one GET), not just a HEAD.
	// Use WithPullSecrets to provide registry credentials for private images.
	ResolveConfigDigest(ctx context.Context, imageRef string, opts ...ResolveOption) (string, error)

	// DigestFromStatus extracts the digest from pod status fields and caches
	// the image→digest mapping for future Resolve calls. This is a pure
	// local operation with no network calls.
	//   image:   the image name as reported by kubelet (e.g. "registry/repo:tag")
	//   imageID: the imageID as reported by kubelet (e.g. "registry/repo@sha256:abc...")
	DigestFromStatus(image, imageID string) (string, error)
}

DigestResolver resolves container image references to their content digests.

type ResolveOption 

type ResolveOption func(*resolveOptions)

ResolveOption configures a Resolve call.

func WithPullSecrets 

func WithPullSecrets(namespace string, secrets []corev1.LocalObjectReference) ResolveOption

WithPullSecrets provides imagePullSecrets context for authenticating against private registries. The resolver reads the referenced Secrets from the given namespace to build registry credentials.

type Resolver 

type Resolver struct {
	// contains filtered or unexported fields
}

Resolver implements DigestResolver with a TTL-based in-memory cache.

func NewResolver 

func NewResolver(k8sClient client.Reader, ttl time.Duration) *Resolver

NewResolver creates a new Resolver.

  • k8sClient: used to read imagePullSecrets from namespaces (may be nil if all registries are public).
  • ttl: cache duration for resolved digests (e.g. 3 days).

func (*Resolver) DigestFromStatus 

func (r *Resolver) DigestFromStatus(image, imageID string) (string, error)

func (*Resolver) Resolve 

func (r *Resolver) Resolve(ctx context.Context, imageRef string, opts ...ResolveOption) (string, error)

func (*Resolver) ResolveConfigDigest 

func (r *Resolver) ResolveConfigDigest(ctx context.Context, imageRef string, opts ...ResolveOption) (string, error)

ResolveConfigDigest resolves an image reference to its config digest. The config digest is stable across re-pushes and across registries when image layers are identical (equivalent to `docker inspect --format '{{.Id}}'`). Results are cached separately from manifest digests.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.