public_git
/
kaniko
mirror of https://github.com/GoogleContainerTools/kaniko
1
0
Fork 0
Code Issues Releases Wiki Activity

Implement separation between Insecure (HTTP) registry and skipping TLS verification into two separate command line parameters

This commit is contained in:
Sebastian Jackel 2018-08-24 14:20:32 +02:00
parent bb75c04618
commit 4ba6148621
3 changed files with 17 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
cmd/executor/cmd/root.go
View File

@ -85,7 +85,8 @@ func addKanikoOptionsFlags(cmd *cobra.Command) {
RootCmd.PersistentFlags().VarP(&opts.Destinations, "destination", "d", "Registry the final image should be pushed to. Set it repeatedly for multiple destinations.") RootCmd.PersistentFlags().VarP(&opts.Destinations, "destination", "d", "Registry the final image should be pushed to. Set it repeatedly for multiple destinations.")
RootCmd.PersistentFlags().StringVarP(&opts.SnapshotMode, "snapshotMode", "", "full", "Change the file attributes inspected during snapshotting") RootCmd.PersistentFlags().StringVarP(&opts.SnapshotMode, "snapshotMode", "", "full", "Change the file attributes inspected during snapshotting")
RootCmd.PersistentFlags().VarP(&opts.BuildArgs, "build-arg", "", "This flag allows you to pass in ARG values at build time. Set it repeatedly for multiple values.") RootCmd.PersistentFlags().VarP(&opts.BuildArgs, "build-arg", "", "This flag allows you to pass in ARG values at build time. Set it repeatedly for multiple values.")
RootCmd.PersistentFlags().BoolVarP(&opts.DockerInsecureSkipTLSVerify, "insecure-skip-tls-verify", "", false, "Push to insecure registry ignoring TLS verify") RootCmd.PersistentFlags().BoolVarP(&opts.DockerInsecure, "insecure", "", false, "Push to insecure registry using plain HTTP")
RootCmd.PersistentFlags().BoolVarP(&opts.SkipTlsVerify, "skip-tls-verify", "", false, "Push to insecure registry ignoring TLS verify")
RootCmd.PersistentFlags().StringVarP(&opts.TarPath, "tarPath", "", "", "Path to save the image in as a tarball instead of pushing") RootCmd.PersistentFlags().StringVarP(&opts.TarPath, "tarPath", "", "", "Path to save the image in as a tarball instead of pushing")
RootCmd.PersistentFlags().BoolVarP(&opts.SingleSnapshot, "single-snapshot", "", false, "Take a single snapshot at the end of the build.") RootCmd.PersistentFlags().BoolVarP(&opts.SingleSnapshot, "single-snapshot", "", false, "Take a single snapshot at the end of the build.")
RootCmd.PersistentFlags().BoolVarP(&opts.Reproducible, "reproducible", "", false, "Strip timestamps out of the image to make it reproducible") RootCmd.PersistentFlags().BoolVarP(&opts.Reproducible, "reproducible", "", false, "Strip timestamps out of the image to make it reproducible")

4
pkg/executor/push.go
View File

@ -67,7 +67,7 @@ func DoPush(image v1.Image, opts *options.KanikoOptions) error {
// continue pushing unless an error occurs // continue pushing unless an error occurs
for _, destRef := range destRefs { for _, destRef := range destRefs {
if opts.DockerInsecureSkipTLSVerify { if opts.DockerInsecure {
newReg, err := name.NewInsecureRegistry(destRef.Repository.Registry.Name(), name.WeakValidation) newReg, err := name.NewInsecureRegistry(destRef.Repository.Registry.Name(), name.WeakValidation)
if err != nil { if err != nil {
return errors.Wrap(err, "getting new insecure registry") return errors.Wrap(err, "getting new insecure registry")
@ -87,7 +87,7 @@ func DoPush(image v1.Image, opts *options.KanikoOptions) error {
// Create a transport to set our user-agent. // Create a transport to set our user-agent.
tr := http.DefaultTransport tr := http.DefaultTransport
if opts.DockerInsecureSkipTLSVerify { if opts.SkipTlsVerify {
tr.(*http.Transport).TLSClientConfig = &tls.Config{ tr.(*http.Transport).TLSClientConfig = &tls.Config{
InsecureSkipVerify: true, InsecureSkipVerify: true,
} }

3
pkg/options/options.go
View File

@ -23,7 +23,8 @@ type KanikoOptions struct {
SrcContext string SrcContext string
SnapshotMode string SnapshotMode string
Bucket string Bucket string
DockerInsecureSkipTLSVerify bool DockerInsecure bool
SkipTlsVerify bool
BuildArgs multiArg BuildArgs multiArg
TarPath string TarPath string
SingleSnapshot bool SingleSnapshot bool