Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Separate --insecure-skip-tls-verify flag into two separate flags #311

Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -285,6 +285,14 @@ Set this flag to indicate which build stage is the target build stage.

Set this flag if you only want to build the image, without pushing to a registry.

#### --insecure

Set this flag if you want to connect to a plain HTTP registry. It is supposed to be used for testing purposes only and should not be used in production!

#### --skip-tls-verify

Set this flag to skip TLS certificate validation when connecting to a registry. It is supposed to be used for testing purposes only and should not be used in production!

### Debug Image

The kaniko executor image is based off of scratch and doesn't contain a shell.
Expand Down
3 changes: 2 additions & 1 deletion cmd/executor/cmd/root.go
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,8 @@ func addKanikoOptionsFlags(cmd *cobra.Command) {
RootCmd.PersistentFlags().VarP(&opts.Destinations, "destination", "d", "Registry the final image should be pushed to. Set it repeatedly for multiple destinations.")
RootCmd.PersistentFlags().StringVarP(&opts.SnapshotMode, "snapshotMode", "", "full", "Change the file attributes inspected during snapshotting")
RootCmd.PersistentFlags().VarP(&opts.BuildArgs, "build-arg", "", "This flag allows you to pass in ARG values at build time. Set it repeatedly for multiple values.")
RootCmd.PersistentFlags().BoolVarP(&opts.DockerInsecureSkipTLSVerify, "insecure-skip-tls-verify", "", false, "Push to insecure registry ignoring TLS verify")
RootCmd.PersistentFlags().BoolVarP(&opts.InsecurePush, "insecure", "", false, "Push to insecure registry using plain HTTP")
RootCmd.PersistentFlags().BoolVarP(&opts.SkipTlsVerify, "skip-tls-verify", "", false, "Push to insecure registry ignoring TLS verify")
RootCmd.PersistentFlags().StringVarP(&opts.TarPath, "tarPath", "", "", "Path to save the image in as a tarball instead of pushing")
RootCmd.PersistentFlags().BoolVarP(&opts.SingleSnapshot, "single-snapshot", "", false, "Take a single snapshot at the end of the build.")
RootCmd.PersistentFlags().BoolVarP(&opts.Reproducible, "reproducible", "", false, "Strip timestamps out of the image to make it reproducible")
Expand Down
4 changes: 2 additions & 2 deletions pkg/executor/push.go
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ func DoPush(image v1.Image, opts *options.KanikoOptions) error {

// continue pushing unless an error occurs
for _, destRef := range destRefs {
if opts.DockerInsecureSkipTLSVerify {
if opts.InsecurePush {
newReg, err := name.NewInsecureRegistry(destRef.Repository.Registry.Name(), name.WeakValidation)
if err != nil {
return errors.Wrap(err, "getting new insecure registry")
Expand All @@ -87,7 +87,7 @@ func DoPush(image v1.Image, opts *options.KanikoOptions) error {

// Create a transport to set our user-agent.
tr := http.DefaultTransport
if opts.DockerInsecureSkipTLSVerify {
if opts.SkipTlsVerify {
tr.(*http.Transport).TLSClientConfig = &tls.Config{
InsecureSkipVerify: true,
}
Expand Down
25 changes: 13 additions & 12 deletions pkg/options/options.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,16 +18,17 @@ package options

// KanikoOptions are options that are set by command line arguments
type KanikoOptions struct {
DockerfilePath string
Destinations multiArg
SrcContext string
SnapshotMode string
Bucket string
DockerInsecureSkipTLSVerify bool
BuildArgs multiArg
TarPath string
SingleSnapshot bool
Reproducible bool
Target string
NoPush bool
DockerfilePath string
Destinations multiArg
SrcContext string
SnapshotMode string
Bucket string
InsecurePush bool
SkipTlsVerify bool
BuildArgs multiArg
TarPath string
SingleSnapshot bool
Reproducible bool
Target string
NoPush bool
}