// init registers the various means by which credentials may // be resolved on GCP. func init() { tr := utilnet.SetTransportDefaults(&http.Transport{}) metadataHTTPClientTimeout := time.Second * 10 httpClient := &http.Client{ Transport: tr, Timeout: metadataHTTPClientTimeout, } credentialprovider.RegisterCredentialProvider("google-dockercfg", &credentialprovider.CachingDockerConfigProvider{ Provider: &dockerConfigKeyProvider{ metadataProvider{Client: httpClient}, }, Lifetime: 60 * time.Second, }) credentialprovider.RegisterCredentialProvider("google-dockercfg-url", &credentialprovider.CachingDockerConfigProvider{ Provider: &dockerConfigUrlKeyProvider{ metadataProvider{Client: httpClient}, }, Lifetime: 60 * time.Second, }) credentialprovider.RegisterCredentialProvider("google-container-registry", // Never cache this. The access token is already // cached by the metadata service. &containerRegistryProvider{ metadataProvider{Client: httpClient}, }) }
// init registers the various means by which credentials may // be resolved on Azure. func init() { credentialprovider.RegisterCredentialProvider("azure", &credentialprovider.CachingDockerConfigProvider{ Provider: NewACRProvider(flagConfigFile), Lifetime: 1 * time.Minute, }) }
// init registers the various means by which ECR credentials may // be resolved. func init() { credentialprovider.RegisterCredentialProvider("aws-ecr-key", &credentialprovider.CachingDockerConfigProvider{ Provider: &ecrProvider{}, // Refresh credentials a little earlier before they expire Lifetime: 11*time.Hour + 55*time.Minute, }) }
// init registers the various means by which credentials may // be resolved on GCP. func init() { credentialprovider.RegisterCredentialProvider("google-jwt-key", &credentialprovider.CachingDockerConfigProvider{ Provider: &jwtProvider{ path: flagJwtFile, }, Lifetime: 30 * time.Minute, }) }
// Init creates a lazy provider for each AWS region, in order to support // cross-region ECR access. They have to be lazy because it's unlikely, but not // impossible, that we'll use more than one. // Not using the package init() function: this module should be initialized only // if using the AWS cloud provider. This way, we avoid timeouts waiting for a // non-existent provider. func Init() { for _, region := range AWSRegions { credentialprovider.RegisterCredentialProvider("aws-ecr-"+region, &lazyEcrProvider{ region: region, regionURL: fmt.Sprintf(registryURLTemplate, region), }) } }
// init registers the various means by which credentials may // be resolved on GCP. func init() { credentialprovider.RegisterCredentialProvider("google-dockercfg", &credentialprovider.CachingDockerConfigProvider{ Provider: &dockerConfigKeyProvider{ metadataProvider{Client: http.DefaultClient}, }, Lifetime: 60 * time.Second, }) credentialprovider.RegisterCredentialProvider("google-dockercfg-url", &credentialprovider.CachingDockerConfigProvider{ Provider: &dockerConfigUrlKeyProvider{ metadataProvider{Client: http.DefaultClient}, }, Lifetime: 60 * time.Second, }) credentialprovider.RegisterCredentialProvider("google-container-registry", // Never cache this. The access token is already // cached by the metadata service. &containerRegistryProvider{ metadataProvider{Client: http.DefaultClient}, }) }