Merge pull request #1601 from tonistiigi/insecure-fix

push: reenable setting insecure exporter opt
v0.8
Akihiro Suda 2020-07-29 13:55:36 +09:00 committed by GitHub
commit 594ebbfac0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 53 additions and 17 deletions

View File

@ -13,6 +13,7 @@ import (
"github.com/containerd/containerd/remotes" "github.com/containerd/containerd/remotes"
"github.com/containerd/containerd/remotes/docker" "github.com/containerd/containerd/remotes/docker"
"github.com/docker/distribution/reference" "github.com/docker/distribution/reference"
"github.com/moby/buildkit/cmd/buildkitd/config"
"github.com/moby/buildkit/session" "github.com/moby/buildkit/session"
"github.com/moby/buildkit/util/flightcontrol" "github.com/moby/buildkit/util/flightcontrol"
"github.com/moby/buildkit/util/imageutil" "github.com/moby/buildkit/util/imageutil"
@ -42,6 +43,17 @@ func Push(ctx context.Context, sm *session.Manager, sid string, cs content.Store
ref = reference.TagNameOnly(parsed).String() ref = reference.TagNameOnly(parsed).String()
} }
if insecure {
insecureTrue := true
httpTrue := true
hosts = resolver.NewRegistryConfig(map[string]config.RegistryConfig{
reference.Domain(parsed): {
Insecure: &insecureTrue,
PlainHTTP: &httpTrue,
},
})
}
resolver := resolver.New(hosts, resolver.NewSessionAuthenticator(sm, session.NewGroup(sid))) resolver := resolver.New(hosts, resolver.NewSessionAuthenticator(sm, session.NewGroup(sid)))
pusher, err := resolver.Pusher(ctx, ref) pusher, err := resolver.Pusher(ctx, ref)

View File

@ -22,29 +22,51 @@ import (
"github.com/pkg/errors" "github.com/pkg/errors"
) )
func fillInsecureOpts(host string, c config.RegistryConfig, h *docker.RegistryHost) error { func fillInsecureOpts(host string, c config.RegistryConfig, h docker.RegistryHost) ([]docker.RegistryHost, error) {
var hosts []docker.RegistryHost
tc, err := loadTLSConfig(c) tc, err := loadTLSConfig(c)
if err != nil { if err != nil {
return err return nil, err
} }
var isHTTP bool
if c.PlainHTTP != nil && *c.PlainHTTP { if c.PlainHTTP != nil && *c.PlainHTTP {
h.Scheme = "http" isHTTP = true
} else if c.Insecure != nil && *c.Insecure { }
tc.InsecureSkipVerify = true if c.PlainHTTP == nil {
} else if c.PlainHTTP == nil {
if ok, _ := docker.MatchLocalhost(host); ok { if ok, _ := docker.MatchLocalhost(host); ok {
h.Scheme = "http" isHTTP = true
} }
} }
transport := newDefaultTransport() if isHTTP {
transport.TLSClientConfig = tc h2 := h
h2.Scheme = "http"
h.Client = &http.Client{ hosts = append(hosts, h2)
Transport: tracing.NewTransport(transport),
} }
return nil if c.Insecure != nil && *c.Insecure {
h2 := h
transport := newDefaultTransport()
transport.TLSClientConfig = tc
h2.Client = &http.Client{
Transport: tracing.NewTransport(transport),
}
tc.InsecureSkipVerify = true
hosts = append(hosts, h2)
}
if len(hosts) == 0 {
transport := newDefaultTransport()
transport.TLSClientConfig = tc
h.Client = &http.Client{
Transport: tracing.NewTransport(transport),
}
hosts = append(hosts, h)
}
return hosts, nil
} }
func loadTLSConfig(c config.RegistryConfig) (*tls.Config, error) { func loadTLSConfig(c config.RegistryConfig) (*tls.Config, error) {
@ -116,11 +138,12 @@ func NewRegistryConfig(m map[string]config.RegistryConfig) docker.RegistryHosts
Capabilities: docker.HostCapabilityPull | docker.HostCapabilityResolve, Capabilities: docker.HostCapabilityPull | docker.HostCapabilityResolve,
} }
if err := fillInsecureOpts(mirror, m[mirror], &h); err != nil { hosts, err := fillInsecureOpts(mirror, m[mirror], h)
if err != nil {
return nil, err return nil, err
} }
out = append(out, h) out = append(out, hosts...)
} }
if host == "docker.io" { if host == "docker.io" {
@ -135,11 +158,12 @@ func NewRegistryConfig(m map[string]config.RegistryConfig) docker.RegistryHosts
Capabilities: docker.HostCapabilityPush | docker.HostCapabilityPull | docker.HostCapabilityResolve, Capabilities: docker.HostCapabilityPush | docker.HostCapabilityPull | docker.HostCapabilityResolve,
} }
if err := fillInsecureOpts(host, c, &h); err != nil { hosts, err := fillInsecureOpts(host, c, h)
if err != nil {
return nil, err return nil, err
} }
out = append(out, h) out = append(out, hosts...)
return out, nil return out, nil
}, },
docker.ConfigureDefaultRegistries( docker.ConfigureDefaultRegistries(