Merge pull request #1601 from tonistiigi/insecure-fix
push: reenable setting insecure exporter optv0.8
commit
594ebbfac0
|
@ -13,6 +13,7 @@ import (
|
||||||
"github.com/containerd/containerd/remotes"
|
"github.com/containerd/containerd/remotes"
|
||||||
"github.com/containerd/containerd/remotes/docker"
|
"github.com/containerd/containerd/remotes/docker"
|
||||||
"github.com/docker/distribution/reference"
|
"github.com/docker/distribution/reference"
|
||||||
|
"github.com/moby/buildkit/cmd/buildkitd/config"
|
||||||
"github.com/moby/buildkit/session"
|
"github.com/moby/buildkit/session"
|
||||||
"github.com/moby/buildkit/util/flightcontrol"
|
"github.com/moby/buildkit/util/flightcontrol"
|
||||||
"github.com/moby/buildkit/util/imageutil"
|
"github.com/moby/buildkit/util/imageutil"
|
||||||
|
@ -42,6 +43,17 @@ func Push(ctx context.Context, sm *session.Manager, sid string, cs content.Store
|
||||||
ref = reference.TagNameOnly(parsed).String()
|
ref = reference.TagNameOnly(parsed).String()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if insecure {
|
||||||
|
insecureTrue := true
|
||||||
|
httpTrue := true
|
||||||
|
hosts = resolver.NewRegistryConfig(map[string]config.RegistryConfig{
|
||||||
|
reference.Domain(parsed): {
|
||||||
|
Insecure: &insecureTrue,
|
||||||
|
PlainHTTP: &httpTrue,
|
||||||
|
},
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
resolver := resolver.New(hosts, resolver.NewSessionAuthenticator(sm, session.NewGroup(sid)))
|
resolver := resolver.New(hosts, resolver.NewSessionAuthenticator(sm, session.NewGroup(sid)))
|
||||||
|
|
||||||
pusher, err := resolver.Pusher(ctx, ref)
|
pusher, err := resolver.Pusher(ctx, ref)
|
||||||
|
|
|
@ -22,29 +22,51 @@ import (
|
||||||
"github.com/pkg/errors"
|
"github.com/pkg/errors"
|
||||||
)
|
)
|
||||||
|
|
||||||
func fillInsecureOpts(host string, c config.RegistryConfig, h *docker.RegistryHost) error {
|
func fillInsecureOpts(host string, c config.RegistryConfig, h docker.RegistryHost) ([]docker.RegistryHost, error) {
|
||||||
|
var hosts []docker.RegistryHost
|
||||||
|
|
||||||
tc, err := loadTLSConfig(c)
|
tc, err := loadTLSConfig(c)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
var isHTTP bool
|
||||||
|
|
||||||
if c.PlainHTTP != nil && *c.PlainHTTP {
|
if c.PlainHTTP != nil && *c.PlainHTTP {
|
||||||
h.Scheme = "http"
|
isHTTP = true
|
||||||
} else if c.Insecure != nil && *c.Insecure {
|
}
|
||||||
tc.InsecureSkipVerify = true
|
if c.PlainHTTP == nil {
|
||||||
} else if c.PlainHTTP == nil {
|
|
||||||
if ok, _ := docker.MatchLocalhost(host); ok {
|
if ok, _ := docker.MatchLocalhost(host); ok {
|
||||||
h.Scheme = "http"
|
isHTTP = true
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
transport := newDefaultTransport()
|
if isHTTP {
|
||||||
transport.TLSClientConfig = tc
|
h2 := h
|
||||||
|
h2.Scheme = "http"
|
||||||
h.Client = &http.Client{
|
hosts = append(hosts, h2)
|
||||||
Transport: tracing.NewTransport(transport),
|
|
||||||
}
|
}
|
||||||
return nil
|
if c.Insecure != nil && *c.Insecure {
|
||||||
|
h2 := h
|
||||||
|
transport := newDefaultTransport()
|
||||||
|
transport.TLSClientConfig = tc
|
||||||
|
h2.Client = &http.Client{
|
||||||
|
Transport: tracing.NewTransport(transport),
|
||||||
|
}
|
||||||
|
tc.InsecureSkipVerify = true
|
||||||
|
hosts = append(hosts, h2)
|
||||||
|
}
|
||||||
|
|
||||||
|
if len(hosts) == 0 {
|
||||||
|
transport := newDefaultTransport()
|
||||||
|
transport.TLSClientConfig = tc
|
||||||
|
|
||||||
|
h.Client = &http.Client{
|
||||||
|
Transport: tracing.NewTransport(transport),
|
||||||
|
}
|
||||||
|
hosts = append(hosts, h)
|
||||||
|
}
|
||||||
|
|
||||||
|
return hosts, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func loadTLSConfig(c config.RegistryConfig) (*tls.Config, error) {
|
func loadTLSConfig(c config.RegistryConfig) (*tls.Config, error) {
|
||||||
|
@ -116,11 +138,12 @@ func NewRegistryConfig(m map[string]config.RegistryConfig) docker.RegistryHosts
|
||||||
Capabilities: docker.HostCapabilityPull | docker.HostCapabilityResolve,
|
Capabilities: docker.HostCapabilityPull | docker.HostCapabilityResolve,
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := fillInsecureOpts(mirror, m[mirror], &h); err != nil {
|
hosts, err := fillInsecureOpts(mirror, m[mirror], h)
|
||||||
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
out = append(out, h)
|
out = append(out, hosts...)
|
||||||
}
|
}
|
||||||
|
|
||||||
if host == "docker.io" {
|
if host == "docker.io" {
|
||||||
|
@ -135,11 +158,12 @@ func NewRegistryConfig(m map[string]config.RegistryConfig) docker.RegistryHosts
|
||||||
Capabilities: docker.HostCapabilityPush | docker.HostCapabilityPull | docker.HostCapabilityResolve,
|
Capabilities: docker.HostCapabilityPush | docker.HostCapabilityPull | docker.HostCapabilityResolve,
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := fillInsecureOpts(host, c, &h); err != nil {
|
hosts, err := fillInsecureOpts(host, c, h)
|
||||||
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
out = append(out, h)
|
out = append(out, hosts...)
|
||||||
return out, nil
|
return out, nil
|
||||||
},
|
},
|
||||||
docker.ConfigureDefaultRegistries(
|
docker.ConfigureDefaultRegistries(
|
||||||
|
|
Loading…
Reference in New Issue