diff --git a/internal/build/lifecycle_execution.go b/internal/build/lifecycle_execution.go index 0f5c9a49a4..25b97d3dd9 100644 --- a/internal/build/lifecycle_execution.go +++ b/internal/build/lifecycle_execution.go @@ -328,6 +328,12 @@ func (l *LifecycleExecution) Create(ctx context.Context, buildCache, launchCache flags = append(flags, "-uid", strconv.Itoa(l.opts.UID)) } + if l.platformAPI.AtLeast("0.13") { + for _, reg := range l.opts.InsecureRegistries { + flags = append(flags, "-insecure-registry", reg) + } + } + if l.opts.PreviousImage != "" { if l.opts.Image == nil { return errors.New("image can't be nil") @@ -481,6 +487,12 @@ func (l *LifecycleExecution) Restore(ctx context.Context, buildCache Cache, kani flags = append(flags, "-uid", strconv.Itoa(l.opts.UID)) } + if l.platformAPI.AtLeast("0.13") { + for _, reg := range l.opts.InsecureRegistries { + flags = append(flags, "-insecure-registry", reg) + } + } + // for kaniko kanikoCacheBindOp := NullOp() if (l.platformAPI.AtLeast("0.10") && l.hasExtensionsForBuild()) || @@ -586,6 +598,12 @@ func (l *LifecycleExecution) Analyze(ctx context.Context, buildCache, launchCach flags = append(flags, "-uid", strconv.Itoa(l.opts.UID)) } + if l.platformAPI.AtLeast("0.13") { + for _, reg := range l.opts.InsecureRegistries { + flags = append(flags, "-insecure-registry", reg) + } + } + if l.opts.PreviousImage != "" { if l.opts.Image == nil { return errors.New("image can't be nil") @@ -795,6 +813,12 @@ func (l *LifecycleExecution) Export(ctx context.Context, buildCache, launchCache flags = append(flags, "-uid", strconv.Itoa(l.opts.UID)) } + if l.platformAPI.AtLeast("0.13") { + for _, reg := range l.opts.InsecureRegistries { + flags = append(flags, "-insecure-registry", reg) + } + } + cacheBindOp := NullOp() switch buildCache.Type() { case cache.Image: diff --git a/internal/build/lifecycle_executor.go b/internal/build/lifecycle_executor.go index 996235a204..63850eb45d 100644 --- a/internal/build/lifecycle_executor.go +++ b/internal/build/lifecycle_executor.go @@ -103,6 +103,7 @@ type LifecycleOptions struct { SBOMDestinationDir string CreationTime *time.Time Keychain authn.Keychain + InsecureRegistries []string } func NewLifecycleExecutor(logger logging.Logger, docker DockerClient) *LifecycleExecutor { diff --git a/internal/commands/build.go b/internal/commands/build.go index 3dcf6cc43b..fbd054dc9f 100644 --- a/internal/commands/build.go +++ b/internal/commands/build.go @@ -57,6 +57,7 @@ type BuildFlags struct { DateTime string PreBuildpacks []string PostBuildpacks []string + InsecureRegistries []string } var macAddressRegex = regexp.MustCompile(`^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$`) @@ -203,6 +204,7 @@ func Build(logger logging.Logger, cfg config.Config, packClient PackClient) *cob PreviousInputImage: inputPreviousImage, LayoutRepoDir: cfg.LayoutRepositoryDir, }, + InsecureRegistries: flags.InsecureRegistries, }); err != nil { return errors.Wrap(err, "failed to build") } @@ -236,6 +238,7 @@ func buildCommandFlags(cmd *cobra.Command, buildFlags *BuildFlags, cfg config.Co cmd.Flags().StringVarP(&buildFlags.AppPath, "path", "p", "", "Path to app dir or zip-formatted file (defaults to current working directory)") cmd.Flags().StringSliceVarP(&buildFlags.Buildpacks, "buildpack", "b", nil, "Buildpack to use. One of:\n a buildpack by id and version in the form of '@',\n path to a buildpack directory (not supported on Windows),\n path/URL to a buildpack .tar or .tgz file, or\n a packaged buildpack image name in the form of '/[:]'"+stringSliceHelp("buildpack")) cmd.Flags().StringSliceVarP(&buildFlags.Extensions, "extension", "", nil, "Extension to use. One of:\n an extension by id and version in the form of '@',\n path to an extension directory (not supported on Windows),\n path/URL to an extension .tar or .tgz file, or\n a packaged extension image name in the form of '/[:]'"+stringSliceHelp("extension")) + cmd.Flags().StringSliceVarP(&buildFlags.InsecureRegistries, "insecure-registry", "", nil, "List of insecure registries") cmd.Flags().StringVarP(&buildFlags.Builder, "builder", "B", cfg.DefaultBuilder, "Builder image") cmd.Flags().Var(&buildFlags.Cache, "cache", `Cache options used to define cache techniques for build process. diff --git a/internal/commands/rebase.go b/internal/commands/rebase.go index d0622f9db7..1f25f3dd9a 100644 --- a/internal/commands/rebase.go +++ b/internal/commands/rebase.go @@ -52,7 +52,7 @@ func Rebase(logger logging.Logger, cfg config.Config, pack PackClient) *cobra.Co cmd.Flags().StringVar(&opts.PreviousImage, "previous-image", "", "Image to rebase. Set to a particular tag reference, digest reference, or (when performing a daemon build) image ID. Use this flag in combination with to avoid replacing the original image.") cmd.Flags().StringVar(&opts.ReportDestinationDir, "report-output-dir", "", "Path to export build report.toml.\nOmitting the flag yield no report file.") cmd.Flags().BoolVar(&opts.Force, "force", false, "Perform rebase operation without target validation (only available for API >= 0.12)") - + cmd.Flags().StringSliceVarP(&opts.InsecureRegistries, "insecure-registry", "", nil, "List of insecure registries") AddHelpFlag(cmd, "rebase") return cmd } diff --git a/pkg/client/build.go b/pkg/client/build.go index a4ebef86c0..5400bcb32a 100644 --- a/pkg/client/build.go +++ b/pkg/client/build.go @@ -212,6 +212,8 @@ type BuildOptions struct { // Configuration to export to OCI layout format LayoutConfig *LayoutConfig + + InsecureRegistries []string } func (b *BuildOptions) Layout() bool { @@ -555,6 +557,7 @@ func (c *Client) Build(ctx context.Context, opts BuildOptions) error { CreationTime: opts.CreationTime, Layout: opts.Layout(), Keychain: c.keychain, + InsecureRegistries: opts.InsecureRegistries, } switch { diff --git a/pkg/client/client.go b/pkg/client/client.go index d034851fc6..786468db54 100644 --- a/pkg/client/client.go +++ b/pkg/client/client.go @@ -102,9 +102,10 @@ type Client struct { lifecycleExecutor LifecycleExecutor buildpackDownloader BuildpackDownloader - experimental bool - registryMirrors map[string]string - version string + experimental bool + registryMirrors map[string]string + version string + insecureRegistries []string } // Option is a type of function that mutate settings on the client. @@ -187,6 +188,13 @@ func WithRegistryMirrors(registryMirrors map[string]string) Option { } } +// WithInsecureRegistries sets insecure registry to pull images from. +func WithInsecureRegistries(insecureRegistries []string) Option { + return func(c *Client) { + c.insecureRegistries = insecureRegistries + } +} + // WithKeychain sets keychain of credentials to image registries func WithKeychain(keychain authn.Keychain) Option { return func(c *Client) { @@ -231,7 +239,7 @@ func NewClient(opts ...Option) (*Client, error) { } if client.imageFetcher == nil { - client.imageFetcher = image.NewFetcher(client.logger, client.docker, image.WithRegistryMirrors(client.registryMirrors), image.WithKeychain(client.keychain)) + client.imageFetcher = image.NewFetcher(client.logger, client.docker, image.WithRegistryMirrors(client.registryMirrors), image.WithKeychain(client.keychain), image.WithInsecureRegistries(client.insecureRegistries)) } if client.imageFactory == nil { diff --git a/pkg/client/rebase.go b/pkg/client/rebase.go index f493f6184a..e9dc2ce6b1 100644 --- a/pkg/client/rebase.go +++ b/pkg/client/rebase.go @@ -47,6 +47,8 @@ type RebaseOptions struct { // validated (will not have any effect if API < 0.12). Force bool + InsecureRegistries []string + // Image reference to use as the previous image for rebase. PreviousImage string } @@ -54,6 +56,7 @@ type RebaseOptions struct { // Rebase updates the run image layers in an app image. // This operation mutates the image specified in opts. func (c *Client) Rebase(ctx context.Context, opts RebaseOptions) error { + var flags = []string{"rebase"} imageRef, err := c.parseTagReference(opts.RepoName) if err != nil { return errors.Wrapf(err, "invalid image name '%s'", opts.RepoName) @@ -121,6 +124,10 @@ func (c *Client) Rebase(ctx context.Context, opts RebaseOptions) error { return err } + for _, reg := range opts.InsecureRegistries { + flags = append(flags, "-insecure-registry", reg) + } + c.logger.Infof("Rebasing %s on run image %s", style.Symbol(appImage.Name()), style.Symbol(baseImage.Name())) rebaser := &phase.Rebaser{Logger: c.logger, PlatformAPI: build.SupportedPlatformAPIVersions.Latest(), Force: opts.Force} report, err := rebaser.Rebase(appImage, baseImage, opts.RepoName, nil) diff --git a/pkg/image/fetcher.go b/pkg/image/fetcher.go index 60548fcc1d..b956df41ed 100644 --- a/pkg/image/fetcher.go +++ b/pkg/image/fetcher.go @@ -42,6 +42,13 @@ func WithRegistryMirrors(registryMirrors map[string]string) FetcherOption { } } +// WithInsecureRegistries supply your own insecure registries. +func WithInsecureRegistries(insecureRegistries []string) FetcherOption { + return func(c *Fetcher) { + c.insecureRegistries = insecureRegistries + } +} + func WithKeychain(keychain authn.Keychain) FetcherOption { return func(c *Fetcher) { c.keychain = keychain @@ -54,17 +61,19 @@ type DockerClient interface { } type Fetcher struct { - docker DockerClient - logger logging.Logger - registryMirrors map[string]string - keychain authn.Keychain + docker DockerClient + logger logging.Logger + registryMirrors map[string]string + keychain authn.Keychain + insecureRegistries []string } type FetchOptions struct { - Daemon bool - Platform string - PullPolicy PullPolicy - LayoutOption LayoutOption + Daemon bool + Platform string + PullPolicy PullPolicy + LayoutOption LayoutOption + InsecureRegistries []string } func NewFetcher(logger logging.Logger, docker DockerClient, opts ...FetcherOption) *Fetcher { @@ -137,7 +146,16 @@ func (f *Fetcher) fetchDaemonImage(name string) (imgutil.Image, error) { } func (f *Fetcher) fetchRemoteImage(name string) (imgutil.Image, error) { - image, err := remote.NewImage(name, f.keychain, remote.FromBaseImage(name)) + var options []remote.ImageOption + + if len(f.insecureRegistries) > 0 { + for _, registry := range f.insecureRegistries { + options = append(options, remote.WithRegistrySetting(registry, true)) + } + } + + image, err := remote.NewImage(name, f.keychain, append(options, remote.FromBaseImage(name))...) + if err != nil { return nil, err }