Merge pull request #2976 from priyawadhwa/tls

Add skip tls verify option to kaniko builder

docs/content/en/schemas/v1beta16.json

@@ -1289,6 +1289,12 @@
           "x-intellij-html-description": "used to strip timestamps out of the built image.",
           "default": "false"
         },
+        "skipTLS": {
+          "type": "boolean",
+          "description": "skips TLS verification when pulling and pushing the image.",
+          "x-intellij-html-description": "skips TLS verification when pulling and pushing the image.",
+          "default": "false"
+        },
         "target": {
           "type": "string",
           "description": "Dockerfile target name to build.",
@@ -1303,7 +1309,8 @@
         "buildContext",
         "image",
         "cache",
-        "reproducible"
+        "reproducible",
+        "skipTLS"
       ],
       "additionalProperties": false,
       "description": "*alpha* describes an artifact built from a Dockerfile, with kaniko.",

pkg/skaffold/build/cluster/kaniko.go

@@ -27,6 +27,7 @@ import (
 	"github.com/GoogleContainerTools/skaffold/pkg/skaffold/kubernetes"
 	"github.com/GoogleContainerTools/skaffold/pkg/skaffold/schema/latest"
 	"github.com/GoogleContainerTools/skaffold/pkg/skaffold/util"
+	"github.com/google/go-containerregistry/pkg/name"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -139,5 +140,21 @@ func args(artifact *latest.KanikoArtifact, context, tag string) ([]string, error
 		args = append(args, "--reproducible")
 	}
 
+	if artifact.SkipTLS {
+		reg, err := artifactRegistry(tag)
+		if err != nil {
+			return nil, err
+		}
+		args = append(args, "--skip-tls-verify-registry", reg)
+	}
+
 	return args, nil
 }
+
+func artifactRegistry(i string) (string, error) {
+	ref, err := name.ParseReference(i)
+	if err != nil {
+		return "", err
+	}
+	return ref.Context().RegistryStr(), nil
+}

pkg/skaffold/build/cluster/kaniko_test.go

@@ -28,6 +28,7 @@ func TestArgs(t *testing.T) {
 	tests := []struct {
 		description  string
 		artifact     *latest.KanikoArtifact
+		tag          string
 		shouldErr    bool
 		expectedArgs []string
 	}{
@@ -104,12 +105,33 @@ func TestArgs(t *testing.T) {
 			},
 			shouldErr: true,
 		},
+		{
+			description: "skip tls",
+			artifact: &latest.KanikoArtifact{
+				DockerfilePath: "Dockerfile",
+				SkipTLS:        true,
+			},
+			expectedArgs: []string{"--skip-tls-verify-registry", "gcr.io"},
+		},
+		{
+			description: "invalid registry",
+			artifact: &latest.KanikoArtifact{
+				DockerfilePath: "Dockerfile",
+				SkipTLS:        true,
+			},
+			tag:       "!!!!",
+			shouldErr: true,
+		},
 	}
 	for _, test := range tests {
 		testutil.Run(t, test.description, func(t *testutil.T) {
-			commonArgs := []string{"--dockerfile", "Dockerfile", "--context", "context", "--destination", "tag", "-v", "info"}
+			commonArgs := []string{"--dockerfile", "Dockerfile", "--context", "context", "--destination", "gcr.io/tag", "-v", "info"}
 
-			args, err := args(test.artifact, "context", "tag")
+			tag := "gcr.io/tag"
+			if test.tag != "" {
+				tag = test.tag
+			}
+			args, err := args(test.artifact, "context", tag)
 
 			t.CheckError(test.shouldErr, err)
 			if !test.shouldErr {

pkg/skaffold/schema/latest/config.go

@@ -725,6 +725,9 @@ type KanikoArtifact struct {
 
 	// Reproducible is used to strip timestamps out of the built image.
 	Reproducible bool `yaml:"reproducible,omitempty"`
+
+	// SkipTLS skips TLS verification when pulling and pushing the image.
+	SkipTLS bool `yaml:"skipTLS,omitempty"`
 }
 
 // DockerArtifact *beta* describes an artifact built from a Dockerfile,