diff --git a/docs/content/en/schemas/v1beta16.json b/docs/content/en/schemas/v1beta16.json index 15910ea91df..afeb808ce3b 100755 --- a/docs/content/en/schemas/v1beta16.json +++ b/docs/content/en/schemas/v1beta16.json @@ -1289,6 +1289,12 @@ "x-intellij-html-description": "used to strip timestamps out of the built image.", "default": "false" }, + "skipTLS": { + "type": "boolean", + "description": "skips TLS verification when pulling and pushing the image.", + "x-intellij-html-description": "skips TLS verification when pulling and pushing the image.", + "default": "false" + }, "target": { "type": "string", "description": "Dockerfile target name to build.", @@ -1303,7 +1309,8 @@ "buildContext", "image", "cache", - "reproducible" + "reproducible", + "skipTLS" ], "additionalProperties": false, "description": "*alpha* describes an artifact built from a Dockerfile, with kaniko.", diff --git a/pkg/skaffold/build/cluster/kaniko.go b/pkg/skaffold/build/cluster/kaniko.go index 658d5250f31..a4e3a612573 100644 --- a/pkg/skaffold/build/cluster/kaniko.go +++ b/pkg/skaffold/build/cluster/kaniko.go @@ -27,6 +27,7 @@ import ( "github.com/GoogleContainerTools/skaffold/pkg/skaffold/kubernetes" "github.com/GoogleContainerTools/skaffold/pkg/skaffold/schema/latest" "github.com/GoogleContainerTools/skaffold/pkg/skaffold/util" + "github.com/google/go-containerregistry/pkg/name" "github.com/pkg/errors" "github.com/sirupsen/logrus" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -139,5 +140,21 @@ func args(artifact *latest.KanikoArtifact, context, tag string) ([]string, error args = append(args, "--reproducible") } + if artifact.SkipTLS { + reg, err := artifactRegistry(tag) + if err != nil { + return nil, err + } + args = append(args, "--skip-tls-verify-registry", reg) + } + return args, nil } + +func artifactRegistry(i string) (string, error) { + ref, err := name.ParseReference(i) + if err != nil { + return "", err + } + return ref.Context().RegistryStr(), nil +} diff --git a/pkg/skaffold/build/cluster/kaniko_test.go b/pkg/skaffold/build/cluster/kaniko_test.go index df8fb06eff4..6e5f0f22107 100644 --- a/pkg/skaffold/build/cluster/kaniko_test.go +++ b/pkg/skaffold/build/cluster/kaniko_test.go @@ -28,6 +28,7 @@ func TestArgs(t *testing.T) { tests := []struct { description string artifact *latest.KanikoArtifact + tag string shouldErr bool expectedArgs []string }{ @@ -104,12 +105,33 @@ func TestArgs(t *testing.T) { }, shouldErr: true, }, + { + description: "skip tls", + artifact: &latest.KanikoArtifact{ + DockerfilePath: "Dockerfile", + SkipTLS: true, + }, + expectedArgs: []string{"--skip-tls-verify-registry", "gcr.io"}, + }, + { + description: "invalid registry", + artifact: &latest.KanikoArtifact{ + DockerfilePath: "Dockerfile", + SkipTLS: true, + }, + tag: "!!!!", + shouldErr: true, + }, } for _, test := range tests { testutil.Run(t, test.description, func(t *testutil.T) { - commonArgs := []string{"--dockerfile", "Dockerfile", "--context", "context", "--destination", "tag", "-v", "info"} + commonArgs := []string{"--dockerfile", "Dockerfile", "--context", "context", "--destination", "gcr.io/tag", "-v", "info"} - args, err := args(test.artifact, "context", "tag") + tag := "gcr.io/tag" + if test.tag != "" { + tag = test.tag + } + args, err := args(test.artifact, "context", tag) t.CheckError(test.shouldErr, err) if !test.shouldErr { diff --git a/pkg/skaffold/schema/latest/config.go b/pkg/skaffold/schema/latest/config.go index e0108b0b4d8..04e75b9607b 100644 --- a/pkg/skaffold/schema/latest/config.go +++ b/pkg/skaffold/schema/latest/config.go @@ -725,6 +725,9 @@ type KanikoArtifact struct { // Reproducible is used to strip timestamps out of the built image. Reproducible bool `yaml:"reproducible,omitempty"` + + // SkipTLS skips TLS verification when pulling and pushing the image. + SkipTLS bool `yaml:"skipTLS,omitempty"` } // DockerArtifact *beta* describes an artifact built from a Dockerfile,