Skip to content

Commit

Permalink
Support insecure pull (#401)
Browse files Browse the repository at this point in the history
  • Loading branch information
dtaniwaki authored and sharifelgamal committed Oct 22, 2018
1 parent 5108ee3 commit 05e3250
Show file tree
Hide file tree
Showing 5 changed files with 34 additions and 9 deletions.
2 changes: 1 addition & 1 deletion cmd/executor/cmd/root.go
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,7 @@ func addKanikoOptionsFlags(cmd *cobra.Command) {
RootCmd.PersistentFlags().VarP(&opts.Destinations, "destination", "d", "Registry the final image should be pushed to. Set it repeatedly for multiple destinations.")
RootCmd.PersistentFlags().StringVarP(&opts.SnapshotMode, "snapshotMode", "", "full", "Change the file attributes inspected during snapshotting")
RootCmd.PersistentFlags().VarP(&opts.BuildArgs, "build-arg", "", "This flag allows you to pass in ARG values at build time. Set it repeatedly for multiple values.")
RootCmd.PersistentFlags().BoolVarP(&opts.InsecurePush, "insecure", "", false, "Push to insecure registry using plain HTTP")
RootCmd.PersistentFlags().BoolVarP(&opts.Insecure, "insecure", "", false, "Pull and push to insecure registry using plain HTTP")
RootCmd.PersistentFlags().BoolVarP(&opts.SkipTLSVerify, "skip-tls-verify", "", false, "Push to insecure registry ignoring TLS verify")
RootCmd.PersistentFlags().StringVarP(&opts.TarPath, "tarPath", "", "", "Path to save the image in as a tarball instead of pushing")
RootCmd.PersistentFlags().BoolVarP(&opts.SingleSnapshot, "single-snapshot", "", false, "Take a single snapshot at the end of the build.")
Expand Down
2 changes: 1 addition & 1 deletion pkg/config/options.go
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ type KanikoOptions struct {
CacheDir string
Destinations multiArg
BuildArgs multiArg
InsecurePush bool
Insecure bool
SkipTLSVerify bool
SingleSnapshot bool
Reproducible bool
Expand Down
2 changes: 1 addition & 1 deletion pkg/executor/push.go
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@ func DoPush(image v1.Image, opts *config.KanikoOptions) error {

// continue pushing unless an error occurs
for _, destRef := range destRefs {
if opts.InsecurePush {
if opts.Insecure {
newReg, err := name.NewInsecureRegistry(destRef.Repository.Registry.Name(), name.WeakValidation)
if err != nil {
return errors.Wrap(err, "getting new insecure registry")
Expand Down
31 changes: 28 additions & 3 deletions pkg/util/image_util.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,8 @@ limitations under the License.
package util

import (
"crypto/tls"
"net/http"
"path/filepath"
"strconv"

Expand Down Expand Up @@ -72,7 +74,7 @@ func RetrieveSourceImage(stage config.KanikoStage, buildArgs []string, opts *con
}

// Otherwise, initialize image as usual
return retrieveRemoteImage(currentBaseName)
return retrieveRemoteImage(currentBaseName, opts)
}

// RetrieveConfigFile returns the config file for an image
Expand All @@ -93,18 +95,41 @@ func tarballImage(index int) (v1.Image, error) {
return tarball.ImageFromPath(tarPath, nil)
}

func remoteImage(image string) (v1.Image, error) {
func remoteImage(image string, opts *config.KanikoOptions) (v1.Image, error) {
logrus.Infof("Downloading base image %s", image)
ref, err := name.ParseReference(image, name.WeakValidation)
if err != nil {
return nil, err
}

if opts.Insecure {
newReg, err := name.NewInsecureRegistry(ref.Context().RegistryStr(), name.WeakValidation)
if err != nil {
return nil, err
}
if tag, ok := ref.(name.Tag); ok {
tag.Repository.Registry = newReg
ref = tag
}
if digest, ok := ref.(name.Digest); ok {
digest.Repository.Registry = newReg
ref = digest
}
}

tr := http.DefaultTransport.(*http.Transport)
if opts.SkipTLSVerify {
tr.TLSClientConfig = &tls.Config{
InsecureSkipVerify: true,
}
}

k8sc, err := k8schain.NewNoClient()
if err != nil {
return nil, err
}
kc := authn.NewMultiKeychain(authn.DefaultKeychain, k8sc)
return remote.Image(ref, remote.WithAuthFromKeychain(kc))
return remote.Image(ref, remote.WithTransport(tr), remote.WithAuthFromKeychain(kc))
}

func cachedImage(opts *config.KanikoOptions, image string) (v1.Image, error) {
Expand Down
6 changes: 3 additions & 3 deletions pkg/util/image_util_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -32,11 +32,11 @@ var (
dockerfile = `
FROM gcr.io/distroless/base:latest as base
COPY . .
FROM scratch as second
ENV foopath context/foo
COPY --from=0 $foopath context/b* /foo/
FROM base
ARG file
COPY --from=second /foo $file`
Expand All @@ -51,7 +51,7 @@ func Test_StandardImage(t *testing.T) {
defer func() {
retrieveRemoteImage = original
}()
mock := func(image string) (v1.Image, error) {
mock := func(image string, opts *config.KanikoOptions) (v1.Image, error) {
return nil, nil
}
retrieveRemoteImage = mock
Expand Down

0 comments on commit 05e3250

Please sign in to comment.