diff --git a/README.md b/README.md index 60c757055d..45218ffff0 100644 --- a/README.md +++ b/README.md @@ -298,11 +298,19 @@ Set this flag if you only want to build the image, without pushing to a registry #### --insecure -Set this flag if you want to connect to a plain HTTP registry. It is supposed to be used for testing purposes only and should not be used in production! +Set this flag if you want to push images to a plain HTTP registry. It is supposed to be used for testing purposes only and should not be used in production! #### --skip-tls-verify -Set this flag to skip TLS certificate validation when connecting to a registry. It is supposed to be used for testing purposes only and should not be used in production! +Set this flag to skip TLS certificate validation when pushing images to a registry. It is supposed to be used for testing purposes only and should not be used in production! + +#### --insecure-pull + +Set this flag if you want to pull images from a plain HTTP registry. It is supposed to be used for testing purposes only and should not be used in production! + +#### --skip-tls-verify-pull + +Set this flag to skip TLS certificate validation when pulling images from a registry. It is supposed to be used for testing purposes only and should not be used in production! #### --cache diff --git a/cmd/executor/cmd/root.go b/cmd/executor/cmd/root.go index eef088ade6..b43a85b682 100644 --- a/cmd/executor/cmd/root.go +++ b/cmd/executor/cmd/root.go @@ -91,8 +91,10 @@ func addKanikoOptionsFlags(cmd *cobra.Command) { RootCmd.PersistentFlags().VarP(&opts.Destinations, "destination", "d", "Registry the final image should be pushed to. Set it repeatedly for multiple destinations.") RootCmd.PersistentFlags().StringVarP(&opts.SnapshotMode, "snapshotMode", "", "full", "Change the file attributes inspected during snapshotting") RootCmd.PersistentFlags().VarP(&opts.BuildArgs, "build-arg", "", "This flag allows you to pass in ARG values at build time. Set it repeatedly for multiple values.") - RootCmd.PersistentFlags().BoolVarP(&opts.Insecure, "insecure", "", false, "Pull and push to insecure registry using plain HTTP") + RootCmd.PersistentFlags().BoolVarP(&opts.Insecure, "insecure", "", false, "Push to insecure registry using plain HTTP") RootCmd.PersistentFlags().BoolVarP(&opts.SkipTLSVerify, "skip-tls-verify", "", false, "Push to insecure registry ignoring TLS verify") + RootCmd.PersistentFlags().BoolVarP(&opts.InsecurePull, "insecure-pull", "", false, "Pull from insecure registry using plain HTTP") + RootCmd.PersistentFlags().BoolVarP(&opts.SkipTLSVerifyPull, "skip-tls-verify-pull", "", false, "Pull from insecure registry ignoring TLS verify") RootCmd.PersistentFlags().StringVarP(&opts.TarPath, "tarPath", "", "", "Path to save the image in as a tarball instead of pushing") RootCmd.PersistentFlags().BoolVarP(&opts.SingleSnapshot, "single-snapshot", "", false, "Take a single snapshot at the end of the build.") RootCmd.PersistentFlags().BoolVarP(&opts.Reproducible, "reproducible", "", false, "Strip timestamps out of the image to make it reproducible") diff --git a/pkg/config/options.go b/pkg/config/options.go index 7cf6c07d24..a9a57c9e48 100644 --- a/pkg/config/options.go +++ b/pkg/config/options.go @@ -18,23 +18,25 @@ package config // KanikoOptions are options that are set by command line arguments type KanikoOptions struct { - DockerfilePath string - SrcContext string - SnapshotMode string - Bucket string - TarPath string - Target string - CacheRepo string - CacheDir string - Destinations multiArg - BuildArgs multiArg - Insecure bool - SkipTLSVerify bool - SingleSnapshot bool - Reproducible bool - NoPush bool - Cache bool - Cleanup bool + DockerfilePath string + SrcContext string + SnapshotMode string + Bucket string + TarPath string + Target string + CacheRepo string + CacheDir string + Destinations multiArg + BuildArgs multiArg + Insecure bool + SkipTLSVerify bool + InsecurePull bool + SkipTLSVerifyPull bool + SingleSnapshot bool + Reproducible bool + NoPush bool + Cache bool + Cleanup bool } // WarmerOptions are options that are set by command line arguments to the cache warmer. diff --git a/pkg/util/image_util.go b/pkg/util/image_util.go index 8c2c301415..d0db223210 100644 --- a/pkg/util/image_util.go +++ b/pkg/util/image_util.go @@ -102,7 +102,7 @@ func remoteImage(image string, opts *config.KanikoOptions) (v1.Image, error) { return nil, err } - if opts.Insecure { + if opts.InsecurePull { newReg, err := name.NewInsecureRegistry(ref.Context().RegistryStr(), name.WeakValidation) if err != nil { return nil, err @@ -118,7 +118,7 @@ func remoteImage(image string, opts *config.KanikoOptions) (v1.Image, error) { } tr := http.DefaultTransport.(*http.Transport) - if opts.SkipTLSVerify { + if opts.SkipTLSVerifyPull { tr.TLSClientConfig = &tls.Config{ InsecureSkipVerify: true, }