Skip to content

[deckhouse] fix: registry client #17554

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ldmonster merged 1 commit into from
Jan 20, 2026
Merged

[deckhouse] fix: registry client #17554

ldmonster merged 1 commit into from
Jan 20, 2026

Conversation

@timmilesdw
Copy link
Contributor

@timmilesdw timmilesdw commented Jan 19, 2026

Description

Fixed the --insecure flag in the registry client. The flag was being unconditionally reset to false in NewClientWithOptions, preventing HTTP connections to insecure registries.

Changes:

  • Removed the line that reset opts.Insecure = false in NewClientWithOptions
  • Added insecure field to the Client struct to preserve the flag across operations
  • Added nameOptions() helper method that returns name.Insecure option when the client is configured for HTTP
  • Updated all name.ParseReference() calls (7 locations) to use nameOptions() for proper HTTP/HTTPS scheme handling
  • Added comprehensive unit tests covering insecure flag behavior, scheme handling, and transport configuration

Why do we need it, and what problem does it solve?

Users need to connect to container registries over HTTP (without TLS) in development environments, air-gapped installations, and when working with local registries. The --insecure flag was being ignored due to a bug that unconditionally reset it to false, causing all registry connections to attempt HTTPS regardless of user configuration. This made it impossible to use the mirror push/pull commands with insecure registries.

Checklist

  • The code is covered by unit tests.
  • e2e tests passed.
  • Documentation updated according to the changes.
  • Changes were tested in the Kubernetes cluster manually.

Changelog entries

section: deckhouse-controller
type: fix
summary: Fixed `--insecure` flag being ignored in registry client operations
impact_level: default

@timmilesdw
fix: registry client
04ce915 
Signed-off-by: Timur Tuktamyshev <timur.tuktamyshev@flant.com>
@github-actions github-actions bot added the go Pull requests that update Go code label Jan 19, 2026
@timmilesdw timmilesdw added this to the v1.75.0 milestone Jan 19, 2026
@timmilesdw timmilesdw mentioned this pull request Jan 20, 2026
Merged
@timmilesdw timmilesdw marked this pull request as ready for review January 20, 2026 10:23
@timmilesdw timmilesdw requested a review from ldmonster as a code owner January 20, 2026 10:23
@ldmonster ldmonster merged commit 2be5575 into main Jan 20, 2026
39 of 41 checks passed
@ldmonster ldmonster deleted the fix/registry-client branch January 20, 2026 10:31
@deckhouse-BOaTswain deckhouse-BOaTswain mentioned this pull request Jan 20, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ldmonster ldmonster ldmonster approved these changes

Assignees

@timmilesdw timmilesdw

Labels

go Pull requests that update Go code

Projects

None yet

Milestone

v1.75.0

Development

Successfully merging this pull request may close these issues.

3 participants

@timmilesdw @ldmonster