-
Notifications
You must be signed in to change notification settings - Fork 10
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
support for insecure registries #23
Comments
Hi, that's right, the puller is just supporting pulls with https and validated certificates. And that should remain as the default behavior IMHO. As you say, this could be a new feature useful for testing. Probably also the puller would have to include a client_config object in the client construction lines and use it to disable certificate validation only for those particular registries. I would discourage the idea of the |
Totally agree that secure should be the default, and also that keeping the feature at the config/machine/admin level is the right implementation. See #24 |
Fixed by #24 |
Currently, when attempting to pull from an insecure registry, the pull fails like so:
Having skimmed through
Puller.cpp
, it looks like sarus is hard-coded to only support pulls from registries with valid https (seePuller.cpp:549
).Docker allows use of insecure registries mainly through the
insecure-registry
config field in/etc/docker/daemon.json
, and this is very useful for those that want to use LAN secured registries without certs or simply for testing. Could/Should this be a new feature, configurable through a similar field insarus.json
or asarus pull --insecure
flag?Note: I tested this with un-certed localhost and non-localhost repositories to the same result. I haven't tested with a self-signed certificate, however I suspect that will fail as well if not with the same error.
The text was updated successfully, but these errors were encountered: