Remove --insecure-registries
flag
#643
Remove --insecure-registries
flag
#643
Conversation
56ce605
to
31c686d
Compare
internal/commands/root.go
Outdated
|
||
info, err := dockerCli.Client().Info(context.Background()) | ||
if err != nil { | ||
logrus.Debugf("could not get docker info: %v", err) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this function should return an error instead of logging it and return.
internal/commands/root.go
Outdated
|
||
logrus.Debugf("insecure registries: %v", registries) | ||
|
||
return |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: This return is no-op
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just small changes requested, but overall it sounds good 👍
@eunomie can you rebase? |
31c686d
to
1288e00
Compare
Codecov Report
@@ Coverage Diff @@
## master #643 +/- ##
=========================================
Coverage ? 71.92%
=========================================
Files ? 51
Lines ? 2675
Branches ? 0
=========================================
Hits ? 1924
Misses ? 506
Partials ? 245
Continue to review full report at Codecov.
|
1288e00
to
b50b810
Compare
Updated:
|
b50b810
to
b59b3d0
Compare
internal/commands/root.go
Outdated
|
||
// InsecureRegistries reads the registry configuration from the daemon and returns | ||
// a list of all insecure ones. | ||
func InsecureRegistries(dockerCli command.Cli) ([]string, error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: this can be made private
The `--insecure-registries` flag is removed to have a consistent UX with Docker CLI. Instead of this flag, the list of insecure registries is retrieved from the engine. See https://docs.docker.com/registry/insecure/ to configure your engine to allow communication to an insecure registry. See the engine API documentation at https://docs.docker.com/engine/api/v1.40/#operation/SystemInfo and `RegistryConfig.IndexConfigs` fields. Signed-off-by: Yves Brissaud <yves.brissaud@docker.com>
b59b3d0
to
82e4948
Compare
Rebased after acbaab0 that added a new test with |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
ref := info.registryAddress + "/test/push-insecure" | ||
|
||
// create a command outside of the dind context so without the insecure registry configured | ||
cmd2, cleanup2 := dockerCli.createTestCmd() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
cmd2, cleanup2: naming could be better 👼 ?
Signed-off-by: Yves Brissaud yves.brissaud@docker.com
- What I did
The
--insecure-registries
flag is removed to have a consistent UX withDocker CLI.
- How I did it
Instead of this flag, the list of insecure registries is retrieved from
the engine. See https://docs.docker.com/registry/insecure/ to configure
your engine to allow communication to an insecure registry.
See the engine API and
RegistryConfig.IndexConfigs
fields.- How to verify it
run an insecure registry:
docker run --rm -p 5000:5000 registry:2
create an app
docker app init test-insecure
push the app against the insecure registry
docker app push --tag 127.0.0.1:5000/test-insecure:0.1 test-insecure.dockerapp
It should fail with an error about HTTP (insecure) response to a HTTPS (secure) client:
update your daemon configuration to add the local registry as insecure (apply and restart the daemon, restart the stopped registry)
push again the app
- Description for the changelog
Remove
--insecure-registries
flag and rely on the daemon to retrieve the list of insecure registries.