mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-09-21 18:11:22 +00:00
Allow lazy binding in credential providers; don't use it in AWS yet
This is step one for cross-region ECR support and has no visible effects yet. I'm not crazy about the name LazyProvide. Perhaps the interface method could remain like that and the package method of the same name could become LateBind(). I still don't understand why the credential provider has a DockerConfigEntry that has the same fields but is distinct from docker.AuthConfiguration. I had to write a converter now that we do that in more than one place. In step two, I'll add another intermediate, lazy provider for each AWS region, whose empty LazyAuthConfiguration will have a refresh time of months or years. Behind the scenes, it'll use an actual ecrProvider with the usual ~12 hour credentials, that will get created (and later refreshed) only when kubelet is attempting to pull an image. If we simply turned ecrProvider directly into a lazy provider, we would bypass all the caching and get new credentials for each image pulled.
This commit is contained in:
Rudi Chiarito
@@ -46,6 +46,7 @@ type DockerConfigEntry struct {
|
||||
Username string
|
||||
Password string
|
||||
Email string
|
||||
Provider DockerConfigProvider
|
||||
}
|
||||
|
||||
var (
|
||||
|
||||
Reference in New Issue
Block a user