Make --insecure-registry work with TLS registries whose certs we can'…

…t verify.
ko-build · Jul 27, 2021 · cf4ed82 · cf4ed82
1 parent c014ec1
commit cf4ed82
Showing 1 changed file with 13 additions and 0 deletions.
diff --git a/pkg/publish/options.go b/pkg/publish/options.go
@@ -15,6 +15,8 @@
 package publish
 
 import (
+	"crypto/tls"
+	"fmt"
 	"log"
 	"net/http"
 	"path"
@@ -105,6 +107,17 @@ func WithTagOnly(tagOnly bool) Option {
 func Insecure(b bool) Option {
 	return func(i *defaultOpener) error {
 		i.insecure = b
+		t, ok := i.t.(*http.Transport)
+		if !ok {
+			return fmt.Errorf("unable to configure insecure roundtripper (not HTTP)")
+		}
+		t = t.Clone()
+		if t.TLSClientConfig == nil {
+			t.TLSClientConfig = &tls.Config{}
+		}
+		t.TLSClientConfig.InsecureSkipVerify = b // #nosec
+		i.t = t
+
 		return nil
 	}
 }