feat: Allow setting --insecure registries#311
Merged
Conversation
jedevc
changed the title
--insecure registries
There was a problem hiding this comment.
Pull request overview
This PR updates the image registry resolver/accessor plumbing so CLI commands can opt into insecure registry access via a new --insecure flag (for build and images subcommands), and adjusts credential selection to work even when the current profile has no metros configured.
Changes:
- Extend the images resolver/accessor to accept “insecure registry” options (per-host or all).
- Add
--insecuretobuildandimagessubcommands (get/inspect, delete, copy) and plumb the options through. - Update golden help output fixtures to reflect new flags and corrected grammar.
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| internal/images/resolver.go | Adds insecure-host handling in resolver options and changes credential selection behavior when profile.Metros is empty. |
| internal/images/images.go | Adds AccessorOpt functional options and a context-based mechanism to pass insecure options into Accessor. |
| internal/cmd/images.go | Introduces custom get/delete command wrappers and adds --insecure to get/delete/copy to influence image access. |
| internal/cmd/build.go | Adds --insecure to build and passes corresponding accessor options into images.Accessor. |
| cmd/unikraft/testdata/TestGolden/images/help | Updates CLI help golden output (grammar fix + new --insecure flags). |
| cmd/unikraft/testdata/TestGolden/build/help | Updates build help golden output to include --insecure. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+154
to
+158
| if len(profile.Metros) == 0 { | ||
| username := profile.Organization | ||
| if username == "" { | ||
| // organization may not be set on old or manually created | ||
| // profiles - so fall back to decoding the username from the |
Member
Author
There was a problem hiding this comment.
EEEK. Entirely correct. For this kind of scenario, credentials must be provided via something like docker login.
Signed-off-by: Justin Chadwell <justin@unikraft.com>
Signed-off-by: Justin Chadwell <justin@unikraft.com>
jedevc
force-pushed
the
jedevc/insecure-registry
branch
from
2e3f08f to
cecb5e5
Compare
This is a breaking change because now, `--watch 5s` is not valid, instead we need to use `--watch=5s`. However, we now also allow `-w5s`. Signed-off-by: Justin Chadwell <justin@unikraft.com>
jedevc
force-pushed
the
jedevc/insecure-registry
branch
from
59a456c to
e7ee91e
Compare
craciunoiuc
approved these changes
May 8, 2026
Member
craciunoiuc
left a comment
craciunoiuc
left a comment
There was a problem hiding this comment.
All good here. Thanks!
Reviewed-by: Cezar Craciunoiu <cezar.craciunoiu@unikraft.com>
Approved-by: Cezar Craciunoiu <cezar.craciunoiu@unikraft.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Replaces #246, by rewriting to use
--insecure, allowing it onbuild, and all the relevantimagesubcmds (get,delete,inspect).