Skip to main content
Version: latest

oci

The OCI operator handles Gadgets images. It pulls images from the OCI registries and invokes the different layer operators according to the layers present on the image.

Priority

-1000

Global Parameters

authfile

Path of the authentication file. This overrides the REGISTRY_AUTH_FILE environment variable. If the default file doesn't exist, $HOME/.docker/config.json is used as a fallback.

Default: /var/lib/ig/config.json

pull-secret

Secret to use when pulling the gadget image

Fully qualified name: operator.oci.pull-secret

verify-image

Verify image using the provided public key. Check Verify image-based gadgets to learn more.

Default: true

public-keys

Public keys used to verify the gadgets. Check Verify image-based gadgets to learn more.

Default: Inspektor Gadget public key.

allowed-gadgets

List of allowed gadgets. If a gadget is not part of it, execution will be denied. By default, all digests are allowed. Check Restricting Gadgets to get more details.

insecure-registries

List of registries to access over plain HTTP. Check Insecure Registries to learn more.

disallow-pulling

Disallow pulling gadgets from registries. Check Disallow pulling Gadgets to learn more.

Default: false

Instance Parameters

validate-metadata

Validate the gadget metadata before running the gadget

Fully qualified name: operator.oci.validate-metadata

Default: true

pull

Specify when the gadget image should be pulled Possible Values:

  • always: Always pull the gadget image.
  • missing: Pull the gadget image only if missing.
  • never: Never pull the gadget image.

Fully qualified name: operator.oci.pull

Default: missing

annotate

Add annotations to datasources or fields. Use a comma-separated list in the formats:

  • datasource:annotation=value to add an annotation to a datasource
  • datasource.field:annotation=value to add an annotation to the field of a datasource

Fully qualified name: operator.oci.annotate