Skip to content
Permalink
Browse files
feat(bundle): support publishing into insecure registries
Set WERF_BUNDLE_INSECURE_REGISTRY=1 to use plain HTTP registry.

Set WERF_BUNDLE_SKIP_TLS_VERIFY_REGISTRY=1 to skip verifying of certificates signed by unknown authority.

Signed-off-by: Timofey Kirillov <timofey.kirillov@flant.com>
  • Loading branch information
distorhead committed Aug 22, 2022
1 parent c90ec37 commit c88eeb318d8162f92f6be2a7bc7cccc5e8371dbb
Show file tree
Hide file tree
Showing 3 changed files with 14 additions and 4 deletions.
@@ -12,6 +12,7 @@ import (
"github.com/werf/logboek"
bundles_registry "github.com/werf/werf/pkg/deploy/bundles/registry"
"github.com/werf/werf/pkg/deploy/helm"
"github.com/werf/werf/pkg/util"
)

func NewHelmRegistryClientHandle(ctx context.Context, commonCmdData *CmdData) (*registry.Client, error) {
@@ -24,12 +25,14 @@ func NewHelmRegistryClientHandle(ctx context.Context, commonCmdData *CmdData) (*

func NewBundlesRegistryClient(ctx context.Context, commonCmdData *CmdData) (*bundles_registry.Client, error) {
debug := logboek.Context(ctx).Debug().IsAccepted()
insecure := *commonCmdData.InsecureHelmDependencies
insecure := util.GetBoolEnvironmentDefaultFalse("WERF_BUNDLE_INSECURE_REGISTRY")
skipTlsVerify := util.GetBoolEnvironmentDefaultFalse("WERF_BUNDLE_SKIP_TLS_VERIFY_REGISTRY")
out := logboek.Context(ctx).OutStream()

return bundles_registry.NewClient(
bundles_registry.ClientOptDebug(debug),
bundles_registry.ClientOptInsecure(insecure),
bundles_registry.ClientOptSkipTlsVerify(skipTlsVerify),
bundles_registry.ClientOptWriter(out),
)
}
@@ -48,8 +48,9 @@ const (
type (
// Client works with OCI-compliant registries and local Helm chart cache
Client struct {
debug bool
insecure bool
debug bool
insecure bool
skipTlsVerify bool
// path to repository config file e.g. ~/.docker/config.json
credentialsFile string
out io.Writer
@@ -91,7 +92,7 @@ func NewClient(opts ...ClientOption) (*Client, error) {
}
if client.resolver == nil {
httpClient := http.DefaultClient
if client.insecure {
if client.skipTlsVerify {
httpClient.Transport = &http.Transport{
TLSClientConfig: &tls.Config{
InsecureSkipVerify: true,
@@ -73,3 +73,9 @@ func ClientOptInsecure(insecure bool) ClientOption {
client.insecure = insecure
}
}

func ClientOptSkipTlsVerify(skipTlsVerify bool) ClientOption {
return func(client *Client) {
client.skipTlsVerify = skipTlsVerify
}
}

0 comments on commit c88eeb3

Please sign in to comment.