diff --git a/internal/build/lifecycle_execution.go b/internal/build/lifecycle_execution.go index 0f5c9a49a4..99f9ddbc2f 100644 --- a/internal/build/lifecycle_execution.go +++ b/internal/build/lifecycle_execution.go @@ -328,6 +328,10 @@ func (l *LifecycleExecution) Create(ctx context.Context, buildCache, launchCache flags = append(flags, "-uid", strconv.Itoa(l.opts.UID)) } + for _, reg := range l.opts.InsecureRegistries { + flags = append(flags, "-insecure-registry", reg) + } + if l.opts.PreviousImage != "" { if l.opts.Image == nil { return errors.New("image can't be nil") @@ -481,6 +485,10 @@ func (l *LifecycleExecution) Restore(ctx context.Context, buildCache Cache, kani flags = append(flags, "-uid", strconv.Itoa(l.opts.UID)) } + for _, reg := range l.opts.InsecureRegistries { + flags = append(flags, "-insecure-registry", reg) + } + // for kaniko kanikoCacheBindOp := NullOp() if (l.platformAPI.AtLeast("0.10") && l.hasExtensionsForBuild()) || @@ -586,6 +594,10 @@ func (l *LifecycleExecution) Analyze(ctx context.Context, buildCache, launchCach flags = append(flags, "-uid", strconv.Itoa(l.opts.UID)) } + for _, reg := range l.opts.InsecureRegistries { + flags = append(flags, "-insecure-registry", reg) + } + if l.opts.PreviousImage != "" { if l.opts.Image == nil { return errors.New("image can't be nil") @@ -795,6 +807,10 @@ func (l *LifecycleExecution) Export(ctx context.Context, buildCache, launchCache flags = append(flags, "-uid", strconv.Itoa(l.opts.UID)) } + for _, reg := range l.opts.InsecureRegistries { + flags = append(flags, "-insecure-registry", reg) + } + cacheBindOp := NullOp() switch buildCache.Type() { case cache.Image: diff --git a/internal/build/lifecycle_executor.go b/internal/build/lifecycle_executor.go index 09d9011f0c..3feddac542 100644 --- a/internal/build/lifecycle_executor.go +++ b/internal/build/lifecycle_executor.go @@ -102,6 +102,7 @@ type LifecycleOptions struct { SBOMDestinationDir string CreationTime *time.Time Keychain authn.Keychain + InsecureRegistries []string } func NewLifecycleExecutor(logger logging.Logger, docker DockerClient) *LifecycleExecutor { diff --git a/internal/commands/build.go b/internal/commands/build.go index 9b8845d65d..70e9834169 100644 --- a/internal/commands/build.go +++ b/internal/commands/build.go @@ -55,6 +55,7 @@ type BuildFlags struct { DateTime string PreBuildpacks []string PostBuildpacks []string + InsecureRegistries []string } // Build an image from source code @@ -198,6 +199,7 @@ func Build(logger logging.Logger, cfg config.Config, packClient PackClient) *cob PreviousInputImage: inputPreviousImage, LayoutRepoDir: cfg.LayoutRepositoryDir, }, + InsecureRegistries: flags.InsecureRegistries, }); err != nil { return errors.Wrap(err, "failed to build") } @@ -231,6 +233,7 @@ func buildCommandFlags(cmd *cobra.Command, buildFlags *BuildFlags, cfg config.Co cmd.Flags().StringVarP(&buildFlags.AppPath, "path", "p", "", "Path to app dir or zip-formatted file (defaults to current working directory)") cmd.Flags().StringSliceVarP(&buildFlags.Buildpacks, "buildpack", "b", nil, "Buildpack to use. One of:\n a buildpack by id and version in the form of '@',\n path to a buildpack directory (not supported on Windows),\n path/URL to a buildpack .tar or .tgz file, or\n a packaged buildpack image name in the form of '/[:]'"+stringSliceHelp("buildpack")) cmd.Flags().StringSliceVarP(&buildFlags.Extensions, "extension", "", nil, "Extension to use. One of:\n an extension by id and version in the form of '@',\n path to an extension directory (not supported on Windows),\n path/URL to an extension .tar or .tgz file, or\n a packaged extension image name in the form of '/[:]'"+stringSliceHelp("extension")) + cmd.Flags().StringSliceVarP(&buildFlags.InsecureRegistries, "insecure-registry", "", nil, "List of insecure registries") cmd.Flags().StringVarP(&buildFlags.Builder, "builder", "B", cfg.DefaultBuilder, "Builder image") cmd.Flags().Var(&buildFlags.Cache, "cache", `Cache options used to define cache techniques for build process. diff --git a/internal/commands/rebase.go b/internal/commands/rebase.go index 0eed5f7281..32f96e491c 100644 --- a/internal/commands/rebase.go +++ b/internal/commands/rebase.go @@ -51,7 +51,7 @@ func Rebase(logger logging.Logger, cfg config.Config, pack PackClient) *cobra.Co cmd.Flags().StringVar(&policy, "pull-policy", "", "Pull policy to use. Accepted values are always, never, and if-not-present. The default is always") cmd.Flags().StringVar(&opts.ReportDestinationDir, "report-output-dir", "", "Path to export build report.toml.\nOmitting the flag yield no report file.") cmd.Flags().BoolVar(&opts.Force, "force", false, "Perform rebase operation without target validation (only available for API >= 0.12)") - + cmd.Flags().StringSliceVarP(&opts.InsecureRegistries, "insecure-registry", "", nil, "List of insecure registries") AddHelpFlag(cmd, "rebase") return cmd } diff --git a/pkg/client/build.go b/pkg/client/build.go index 5d63317c15..598a672083 100644 --- a/pkg/client/build.go +++ b/pkg/client/build.go @@ -209,6 +209,8 @@ type BuildOptions struct { // Configuration to export to OCI layout format LayoutConfig *LayoutConfig + + InsecureRegistries []string } func (b *BuildOptions) Layout() bool { @@ -551,6 +553,7 @@ func (c *Client) Build(ctx context.Context, opts BuildOptions) error { CreationTime: opts.CreationTime, Layout: opts.Layout(), Keychain: c.keychain, + InsecureRegistries: opts.InsecureRegistries, } switch { diff --git a/pkg/client/client.go b/pkg/client/client.go index d034851fc6..786468db54 100644 --- a/pkg/client/client.go +++ b/pkg/client/client.go @@ -102,9 +102,10 @@ type Client struct { lifecycleExecutor LifecycleExecutor buildpackDownloader BuildpackDownloader - experimental bool - registryMirrors map[string]string - version string + experimental bool + registryMirrors map[string]string + version string + insecureRegistries []string } // Option is a type of function that mutate settings on the client. @@ -187,6 +188,13 @@ func WithRegistryMirrors(registryMirrors map[string]string) Option { } } +// WithInsecureRegistries sets insecure registry to pull images from. +func WithInsecureRegistries(insecureRegistries []string) Option { + return func(c *Client) { + c.insecureRegistries = insecureRegistries + } +} + // WithKeychain sets keychain of credentials to image registries func WithKeychain(keychain authn.Keychain) Option { return func(c *Client) { @@ -231,7 +239,7 @@ func NewClient(opts ...Option) (*Client, error) { } if client.imageFetcher == nil { - client.imageFetcher = image.NewFetcher(client.logger, client.docker, image.WithRegistryMirrors(client.registryMirrors), image.WithKeychain(client.keychain)) + client.imageFetcher = image.NewFetcher(client.logger, client.docker, image.WithRegistryMirrors(client.registryMirrors), image.WithKeychain(client.keychain), image.WithInsecureRegistries(client.insecureRegistries)) } if client.imageFactory == nil { diff --git a/pkg/client/rebase.go b/pkg/client/rebase.go index 8f3f8cf5bd..da6077f3c3 100644 --- a/pkg/client/rebase.go +++ b/pkg/client/rebase.go @@ -46,11 +46,14 @@ type RebaseOptions struct { // Pass-through force flag to lifecycle rebase command to skip target data // validated (will not have any effect if API < 0.12). Force bool + + InsecureRegistries []string } // Rebase updates the run image layers in an app image. // This operation mutates the image specified in opts. func (c *Client) Rebase(ctx context.Context, opts RebaseOptions) error { + var flags = []string{"rebase"} imageRef, err := c.parseTagReference(opts.RepoName) if err != nil { return errors.Wrapf(err, "invalid image name '%s'", opts.RepoName) @@ -112,6 +115,10 @@ func (c *Client) Rebase(ctx context.Context, opts RebaseOptions) error { return err } + for _, reg := range opts.InsecureRegistries { + flags = append(flags, "-insecure-registry", reg) + } + c.logger.Infof("Rebasing %s on run image %s", style.Symbol(appImage.Name()), style.Symbol(baseImage.Name())) rebaser := &phase.Rebaser{Logger: c.logger, PlatformAPI: build.SupportedPlatformAPIVersions.Latest(), Force: opts.Force} report, err := rebaser.Rebase(appImage, baseImage, appImage.Name(), nil) diff --git a/pkg/image/fetcher.go b/pkg/image/fetcher.go index 60548fcc1d..b009a94f03 100644 --- a/pkg/image/fetcher.go +++ b/pkg/image/fetcher.go @@ -42,6 +42,13 @@ func WithRegistryMirrors(registryMirrors map[string]string) FetcherOption { } } +// WithInsecureRegistries supply your own insecure registries. +func WithInsecureRegistries(insecureRegistries []string) FetcherOption { + return func(c *Fetcher) { + c.insecureRegistries = insecureRegistries + } +} + func WithKeychain(keychain authn.Keychain) FetcherOption { return func(c *Fetcher) { c.keychain = keychain @@ -54,17 +61,19 @@ type DockerClient interface { } type Fetcher struct { - docker DockerClient - logger logging.Logger - registryMirrors map[string]string - keychain authn.Keychain + docker DockerClient + logger logging.Logger + registryMirrors map[string]string + keychain authn.Keychain + insecureRegistries []string } type FetchOptions struct { - Daemon bool - Platform string - PullPolicy PullPolicy - LayoutOption LayoutOption + Daemon bool + Platform string + PullPolicy PullPolicy + LayoutOption LayoutOption + InsecureRegistries []string } func NewFetcher(logger logging.Logger, docker DockerClient, opts ...FetcherOption) *Fetcher {