Merge pull request #311 from DerDackel/separate-insecure-from-tls-verify

Separate --insecure-skip-tls-verify flag into two separate flags

README.md

@@ -285,6 +285,14 @@ Set this flag to indicate which build stage is the target build stage.
 
 Set this flag if you only want to build the image, without pushing to a registry.
 
+#### --insecure
+
+Set this flag if you want to connect to a plain HTTP registry. It is supposed to be used for testing purposes only and should not be used in production!
+
+#### --skip-tls-verify
+
+Set this flag to skip TLS certificate validation when connecting to a registry. It is supposed to be used for testing purposes only and should not be used in production!
+
 ### Debug Image
 
 The kaniko executor image is based off of scratch and doesn't contain a shell.

cmd/executor/cmd/root.go

@@ -85,7 +85,8 @@ func addKanikoOptionsFlags(cmd *cobra.Command) {
 	RootCmd.PersistentFlags().VarP(&opts.Destinations, "destination", "d", "Registry the final image should be pushed to. Set it repeatedly for multiple destinations.")
 	RootCmd.PersistentFlags().StringVarP(&opts.SnapshotMode, "snapshotMode", "", "full", "Change the file attributes inspected during snapshotting")
 	RootCmd.PersistentFlags().VarP(&opts.BuildArgs, "build-arg", "", "This flag allows you to pass in ARG values at build time. Set it repeatedly for multiple values.")
-	RootCmd.PersistentFlags().BoolVarP(&opts.DockerInsecureSkipTLSVerify, "insecure-skip-tls-verify", "", false, "Push to insecure registry ignoring TLS verify")
+	RootCmd.PersistentFlags().BoolVarP(&opts.InsecurePush, "insecure", "", false, "Push to insecure registry using plain HTTP")
+	RootCmd.PersistentFlags().BoolVarP(&opts.SkipTlsVerify, "skip-tls-verify", "", false, "Push to insecure registry ignoring TLS verify")
 	RootCmd.PersistentFlags().StringVarP(&opts.TarPath, "tarPath", "", "", "Path to save the image in as a tarball instead of pushing")
 	RootCmd.PersistentFlags().BoolVarP(&opts.SingleSnapshot, "single-snapshot", "", false, "Take a single snapshot at the end of the build.")
 	RootCmd.PersistentFlags().BoolVarP(&opts.Reproducible, "reproducible", "", false, "Strip timestamps out of the image to make it reproducible")

pkg/executor/push.go

@@ -67,7 +67,7 @@ func DoPush(image v1.Image, opts *options.KanikoOptions) error {
 
 	// continue pushing unless an error occurs
 	for _, destRef := range destRefs {
-		if opts.DockerInsecureSkipTLSVerify {
+		if opts.InsecurePush {
 			newReg, err := name.NewInsecureRegistry(destRef.Repository.Registry.Name(), name.WeakValidation)
 			if err != nil {
 				return errors.Wrap(err, "getting new insecure registry")
@@ -87,7 +87,7 @@ func DoPush(image v1.Image, opts *options.KanikoOptions) error {
 
 		// Create a transport to set our user-agent.
 		tr := http.DefaultTransport
-		if opts.DockerInsecureSkipTLSVerify {
+		if opts.SkipTlsVerify {
 			tr.(*http.Transport).TLSClientConfig = &tls.Config{
 				InsecureSkipVerify: true,
 			}

pkg/options/options.go

@@ -18,16 +18,17 @@ package options
 
 // KanikoOptions are options that are set by command line arguments
 type KanikoOptions struct {
-	DockerfilePath              string
-	Destinations                multiArg
-	SrcContext                  string
-	SnapshotMode                string
-	Bucket                      string
-	DockerInsecureSkipTLSVerify bool
-	BuildArgs                   multiArg
-	TarPath                     string
-	SingleSnapshot              bool
-	Reproducible                bool
-	Target                      string
-	NoPush                      bool
+	DockerfilePath string
+	Destinations   multiArg
+	SrcContext     string
+	SnapshotMode   string
+	Bucket         string
+	InsecurePush   bool
+	SkipTlsVerify  bool
+	BuildArgs      multiArg
+	TarPath        string
+	SingleSnapshot bool
+	Reproducible   bool
+	Target         string
+	NoPush         bool
 }