Skip to content

Commit

Permalink
Merge pull request #311 from DerDackel/separate-insecure-from-tls-verify
Browse files Browse the repository at this point in the history
Separate --insecure-skip-tls-verify flag into two separate flags
  • Loading branch information
priyawadhwa authored Aug 30, 2018
2 parents deda0ea + 1a7de69 commit 9cc1d27
Show file tree
Hide file tree
Showing 4 changed files with 25 additions and 15 deletions.
8 changes: 8 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -285,6 +285,14 @@ Set this flag to indicate which build stage is the target build stage.

Set this flag if you only want to build the image, without pushing to a registry.

#### --insecure

Set this flag if you want to connect to a plain HTTP registry. It is supposed to be used for testing purposes only and should not be used in production!

#### --skip-tls-verify

Set this flag to skip TLS certificate validation when connecting to a registry. It is supposed to be used for testing purposes only and should not be used in production!

### Debug Image

The kaniko executor image is based off of scratch and doesn't contain a shell.
Expand Down
3 changes: 2 additions & 1 deletion cmd/executor/cmd/root.go
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,8 @@ func addKanikoOptionsFlags(cmd *cobra.Command) {
RootCmd.PersistentFlags().VarP(&opts.Destinations, "destination", "d", "Registry the final image should be pushed to. Set it repeatedly for multiple destinations.")
RootCmd.PersistentFlags().StringVarP(&opts.SnapshotMode, "snapshotMode", "", "full", "Change the file attributes inspected during snapshotting")
RootCmd.PersistentFlags().VarP(&opts.BuildArgs, "build-arg", "", "This flag allows you to pass in ARG values at build time. Set it repeatedly for multiple values.")
RootCmd.PersistentFlags().BoolVarP(&opts.DockerInsecureSkipTLSVerify, "insecure-skip-tls-verify", "", false, "Push to insecure registry ignoring TLS verify")
RootCmd.PersistentFlags().BoolVarP(&opts.InsecurePush, "insecure", "", false, "Push to insecure registry using plain HTTP")
RootCmd.PersistentFlags().BoolVarP(&opts.SkipTlsVerify, "skip-tls-verify", "", false, "Push to insecure registry ignoring TLS verify")
RootCmd.PersistentFlags().StringVarP(&opts.TarPath, "tarPath", "", "", "Path to save the image in as a tarball instead of pushing")
RootCmd.PersistentFlags().BoolVarP(&opts.SingleSnapshot, "single-snapshot", "", false, "Take a single snapshot at the end of the build.")
RootCmd.PersistentFlags().BoolVarP(&opts.Reproducible, "reproducible", "", false, "Strip timestamps out of the image to make it reproducible")
Expand Down
4 changes: 2 additions & 2 deletions pkg/executor/push.go
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ func DoPush(image v1.Image, opts *options.KanikoOptions) error {

// continue pushing unless an error occurs
for _, destRef := range destRefs {
if opts.DockerInsecureSkipTLSVerify {
if opts.InsecurePush {
newReg, err := name.NewInsecureRegistry(destRef.Repository.Registry.Name(), name.WeakValidation)
if err != nil {
return errors.Wrap(err, "getting new insecure registry")
Expand All @@ -87,7 +87,7 @@ func DoPush(image v1.Image, opts *options.KanikoOptions) error {

// Create a transport to set our user-agent.
tr := http.DefaultTransport
if opts.DockerInsecureSkipTLSVerify {
if opts.SkipTlsVerify {
tr.(*http.Transport).TLSClientConfig = &tls.Config{
InsecureSkipVerify: true,
}
Expand Down
25 changes: 13 additions & 12 deletions pkg/options/options.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,16 +18,17 @@ package options

// KanikoOptions are options that are set by command line arguments
type KanikoOptions struct {
DockerfilePath string
Destinations multiArg
SrcContext string
SnapshotMode string
Bucket string
DockerInsecureSkipTLSVerify bool
BuildArgs multiArg
TarPath string
SingleSnapshot bool
Reproducible bool
Target string
NoPush bool
DockerfilePath string
Destinations multiArg
SrcContext string
SnapshotMode string
Bucket string
InsecurePush bool
SkipTlsVerify bool
BuildArgs multiArg
TarPath string
SingleSnapshot bool
Reproducible bool
Target string
NoPush bool
}

0 comments on commit 9cc1d27

Please sign in to comment.