Skip to content

Commit

Permalink
Kaniko skip tls verify (#438)
Browse files Browse the repository at this point in the history 
* support insecure registry
needs PR GoogleContainerTools/kaniko#683  to be merged

* save

* supprt insecure and skip-verify
  • Loading branch information
@yehiyam
yehiyam authored Jul 29, 2019
1 parent a92da1b commit df5eb40
Show file tree
Hide file tree
Showing 6 changed files with 59 additions and 14 deletions.
9 changes: 7 additions & 2 deletions core/algorithm-builder/config/main/config.base.js
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
const packageJson = require(process.cwd() + '/package.json');
const { parseBool } = require('../../lib/utils/formatters');
const config = {};
config.serviceName = packageJson.name;

Expand All @@ -16,13 +17,17 @@ config.docker = {
registry: process.env.DOCKER_PULL_REGISTRY || 'docker.io',
namespace: process.env.DOCKER_PULL_NAMESPACE || 'hkube',
user: process.env.DOCKER_PULL_USERNAME || '',
pass: process.env.DOCKER_PULL_PASSWORD || ''
pass: process.env.DOCKER_PULL_PASSWORD || '',
insecure: parseBool(process.env.DOCKER_PULL_INSECURE, false),
skip_tls_verify: parseBool(process.env.DOCKER_PULL_SKIP_TLS_VERIFY, false)
},
push: {
registry: process.env.DOCKER_PUSH_REGISTRY || 'docker.io',
namespace: process.env.DOCKER_PUSH_NAMESPACE || '',
user: process.env.DOCKER_PUSH_USERNAME || '',
pass: process.env.DOCKER_PUSH_PASSWORD || ''
pass: process.env.DOCKER_PUSH_PASSWORD || '',
insecure: parseBool(process.env.DOCKER_PUSH_INSECURE, false),
skip_tls_verify: parseBool(process.env.DOCKER_PUSH_SKIP_TLS_VERIFY, false)
}
};

Expand Down
34 changes: 30 additions & 4 deletions core/algorithm-builder/lib/builds/build-algorithm-image-kaniko.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,15 +2,13 @@

# This script used to create a specific algorithm image
set -e

source $PWD/lib/builds/build-utils.sh

#myVar=$(sed -n '/^nodejs=\(.*\)$/s//\1/p' base-versions)

while [[ $# -gt 0 ]]
do
key="$1"

case $key in
--img)
IMAGE_NAME="$2"
Expand Down Expand Up @@ -102,7 +100,31 @@ case $key in
shift
;;

--help)
--insecure_pull)
INSECURE_PULL="$2"
shift
shift
;;

--insecure)
INSECURE="$2"
shift
shift
;;

--skip_tls_verify_pull)
SKIP_TLS_VERIFY_PULL="$2"
shift
shift
;;

--skip_tls_verify)
SKIP_TLS_VERIFY="$2"
shift
shift
;;

--help)
usage
exit 1
esac
Expand All @@ -114,14 +136,18 @@ echo IMAGE_NAME=${IMAGE_NAME}
echo BUILD_PATH=${BUILD_PATH}
echo BASE_IMAGE=${BASE_IMAGE}
echo DOCKER_PULL_REGISTRY=${DOCKER_PULL_REGISTRY}
echo INSECURE_PULL=${INSECURE_PULL:-"false"}
echo SKIP_TLS_VERIFY_PULL=${SKIP_TLS_VERIFY_PULL:-"false"}
echo DOCKER_PUSH_REGISTRY=${DOCKER_PUSH_REGISTRY}
echo SKIP_TLS_VERIFY=${SKIP_TLS_VERIFY:-"false"}
echo INSECURE=${INSECURE:-"false"}
echo PACKAGES_REGISTRY=${PACKAGES_REGISTRY}
echo REMOVE_IMAGE=${REMOVE_IMAGE}
echo TMP_FOLDER=${TMP_FOLDER}
echo

echo
dockerBuildKaniko "${IMAGE_NAME}" "${BUILD_PATH}" "${TMP_FOLDER}/workspace" "${TMP_FOLDER}/commands" "${BASE_IMAGE}" "${PACKAGES_REGISTRY}" "${PACKAGES_TOKEN}"
dockerBuildKaniko ${IMAGE_NAME} ${BUILD_PATH} ${TMP_FOLDER}/workspace ${TMP_FOLDER}/commands "${BASE_IMAGE}" "${PACKAGES_REGISTRY}" "${PACKAGES_TOKEN}" "${INSECURE}" "${INSECURE_PULL}" "${SKIP_TLS_VERIFY}" "${SKIP_TLS_VERIFY_PULL}"
ret=${exit_code}
echo build finished with code $ret
echo
Expand Down
23 changes: 16 additions & 7 deletions core/algorithm-builder/lib/builds/build-utils.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,20 +25,29 @@ dockerBuildKaniko() {
baseImage=$5
packagesRegistry=$6
packagesToken=$7
insecure=${8}
insecure_pull=${9}
skip_tls_verify=${10}
skip_tls_verify_pull=${11}

echo "Building image ${image}"
echo copy context from ${buildPath} to ${workspace}
cp -r ${buildPath}/* ${workspace}
# echo copy docker creds
# cp ~/.docker/config.json ${commands}/
options=""
if [[ $insecure == true ]]; then options="${options} --insecure"; fi
if [[ $insecure_pull == true ]]; then options="${options} --insecure-pull"; fi
if [[ $skip_tls_verify == true ]]; then options="${options} --skip-tls-verify"; fi
if [[ $skip_tls_verify_pull == true ]]; then options="${options} --skip-tls-verify-pull"; fi

echo "/kaniko/executor \
--dockerfile ./docker/DockerfileTemplate \
--insecure --insecure-pull \
--build-arg packagesRegistry=${packagesRegistry} \
--build-arg packagesToken=${packagesToken} \
--build-arg baseImage=${baseImage} \
--context dir:///workspace/ \
--destination $image" > ${commands}/run
--dockerfile ./docker/DockerfileTemplate \
${options} --context dir:///workspace/ \
--build-arg packagesRegistry=${packagesRegistry} \
--build-arg packagesToken=${packagesToken} \
--build-arg baseImage=${baseImage} \
--destination $image" > ${commands}/run

chmod +x ${commands}/run
# cat ${commands}/run
Expand Down
5 changes: 5 additions & 0 deletions core/algorithm-builder/lib/builds/docker-builder.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -252,6 +252,11 @@ const buildAlgorithmImage = async ({ buildMode, env, docker, algorithmName, vers
_argsHelper(args, '--tmpFolder', tmpFolder);
const dockerCreds = _createDockerCredentials(docker.pull, docker.push);
await fse.writeJson(path.join(tmpFolder, 'commands', 'config.json'), dockerCreds, { spaces: 2 });
_argsHelper(args, '--tmpFolder', tmpFolder);
_argsHelper(args, '--insecure_pull', docker.pull.insecure);
_argsHelper(args, '--insecure', docker.push.insecure);
_argsHelper(args, '--skip_tls_verify_pull', docker.pull.skip_tls_verify);
_argsHelper(args, '--skip_tls_verify', docker.push.skip_tls_verify);
}

const output = await _runBash({ command: `${process.cwd()}/lib/builds/build-algorithm-image-${buildMode}.sh`, args });
Expand Down
Binary file modified core/algorithm-builder/tests/mocks/nodejs/alg.tar.gz
View file
Binary file not shown.
2 changes: 1 addition & 1 deletion core/algorithm-builder/tests/mocks/nodejs/build.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"buildId": "build-123456",
"algorithmName": "sort-alg",
"env": "nodejs",
"version": "1.0.0",
"version": "5.0.0",
"fileExt": "gz",
"status": "pending",
"baseImage": "hkubedev/debug:v1.0.1",
Expand Down

0 comments on commit df5eb40

Please sign in to comment.