Skip to content

Commit

Permalink
Allow skipping TLS verification while publishing (ko-build#65)
Browse files Browse the repository at this point in the history
Why this is necessary: when using a local docker registry, users may not
want to support https, or there may be other troubles not allowing
verifiable TLS support.

This commit adds this functionality by adding an `--insecure-registry`
flag.
  • Loading branch information
tanner-bruce authored and jonjohnsonjr committed Jul 24, 2019
1 parent 3a0e70e commit 48afd62
Show file tree
Hide file tree
Showing 4 changed files with 26 additions and 7 deletions.
3 changes: 3 additions & 0 deletions pkg/commands/options/local.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,9 +22,12 @@ import (
type LocalOptions struct {
// Local publishes images to a local docker daemon.
Local bool
InsecureRegistry bool
}

func AddLocalArg(cmd *cobra.Command, lo *LocalOptions) {
cmd.Flags().BoolVarP(&lo.Local, "local", "L", lo.Local,
"Whether to publish images to a local docker daemon vs. a registry.")
cmd.Flags().BoolVar(&lo.InsecureRegistry, "insecure-registry", lo.InsecureRegistry,
"Whether to skip TLS verification on the registry")
}
3 changes: 2 additions & 1 deletion pkg/commands/resolver.go
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,8 @@ func makePublisher(no *options.NameOptions, lo *options.LocalOptions, ta *option
return publish.NewDefault(repoName,
publish.WithAuthFromKeychain(authn.DefaultKeychain),
publish.WithNamer(namer),
publish.WithTags(ta.Tags))
publish.WithTags(ta.Tags),
publish.Insecure(lo.InsecureRegistry))
}()
if err != nil {
return nil, err
Expand Down
20 changes: 14 additions & 6 deletions pkg/publish/default.go
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ type defalt struct {
auth authn.Authenticator
namer Namer
tags []string
insecure bool
}

// Option is a functional option for NewDefault.
Expand All @@ -44,6 +45,7 @@ type defaultOpener struct {
auth authn.Authenticator
namer Namer
tags []string
insecure bool
}

// Namer is a function from a supported import path to the portion of the resulting
Expand All @@ -62,11 +64,12 @@ var defaultTags = []string{"latest"}

func (do *defaultOpener) Open() (Interface, error) {
return &defalt{
base: do.base,
t: do.t,
auth: do.auth,
namer: do.namer,
tags: do.tags,
base: do.base,
t: do.t,
auth: do.auth,
namer: do.namer,
tags: do.tags,
insecure: do.insecure,
}, nil
}

Expand Down Expand Up @@ -95,7 +98,12 @@ func (d *defalt) Publish(img v1.Image, s string) (name.Reference, error) {
s = strings.ToLower(s)

for _, tagName := range d.tags {
tag, err := name.NewTag(fmt.Sprintf("%s/%s:%s", d.base, d.namer(s), tagName))

var os []name.Option
if d.insecure {
os = []name.Option{name.Insecure}
}
tag, err := name.NewTag(fmt.Sprintf("%s/%s:%s", d.base, d.namer(s), tagName), os...)
if err != nil {
return nil, err
}
Expand Down
7 changes: 7 additions & 0 deletions pkg/publish/options.go
Original file line number Diff line number Diff line change
Expand Up @@ -80,3 +80,10 @@ func WithTags(tags []string) Option {
return nil
}
}

func Insecure(b bool) Option {
return func(i *defaultOpener) error {
i.insecure = b
return nil
}
}

0 comments on commit 48afd62

Please sign in to comment.