Fix bugs in insecure registries for kaniko

This PR: 1. Passes in the `--insecure-registry` flag to kaniko, which allows for insecure image pull and pushes 2. Updates the kaniko image to one that incorporates this bug fix in kaniko: GoogleContainerTools/kaniko#685. This bug fix is required for insecure registries to work with caching in kaniko.
priyawadhwa · Oct 2, 2019 · 1b44493 · 1b44493
1 parent 8e42805
commit 1b44493
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 8 deletions.
diff --git a/pkg/skaffold/build/cluster/kaniko.go b/pkg/skaffold/build/cluster/kaniko.go
@@ -45,7 +45,7 @@ func (b *Builder) runKanikoBuild(ctx context.Context, out io.Writer, artifact *l
 	}
 	defer s.Cleanup(ctx)
 
-	args, err := args(artifact.KanikoArtifact, context, tag)
+	args, err := args(artifact.KanikoArtifact, context, tag, b.insecureRegistries)
 	if err != nil {
 		return "", errors.Wrap(err, "building args list")
 	}
@@ -85,7 +85,7 @@ func (b *Builder) runKanikoBuild(ctx context.Context, out io.Writer, artifact *l
 	return docker.RemoteDigest(tag, b.insecureRegistries)
 }
 
-func args(artifact *latest.KanikoArtifact, context, tag string) ([]string, error) {
+func args(artifact *latest.KanikoArtifact, context, tag string, insecureRegistries map[string]bool) ([]string, error) {
 	// Create pod spec
 	args := []string{
 		"--dockerfile", artifact.DockerfilePath,
@@ -139,5 +139,9 @@ func args(artifact *latest.KanikoArtifact, context, tag string) ([]string, error
 		args = append(args, "--reproducible")
 	}
 
+	for reg := range insecureRegistries {
+		args = append(args, "--insecure-registry", reg)
+	}
+
 	return args, nil
 }
diff --git a/pkg/skaffold/build/cluster/kaniko_test.go b/pkg/skaffold/build/cluster/kaniko_test.go
@@ -26,10 +26,11 @@ import (
 
 func TestArgs(t *testing.T) {
 	tests := []struct {
-		description  string
-		artifact     *latest.KanikoArtifact
-		shouldErr    bool
-		expectedArgs []string
+		description        string
+		artifact           *latest.KanikoArtifact
+		insecureRegistries map[string]bool
+		shouldErr          bool
+		expectedArgs       []string
 	}{
 		{
 			description: "simple build",
@@ -104,12 +105,20 @@ func TestArgs(t *testing.T) {
 			},
 			shouldErr: true,
 		},
+		{
+			description: "insecure registries",
+			artifact: &latest.KanikoArtifact{
+				DockerfilePath: "Dockerfile",
+			},
+			insecureRegistries: map[string]bool{"localhost:4000": true, "localhost:5000": true},
+			expectedArgs:       []string{"--insecure-registry", "localhost:4000", "--insecure-registry", "localhost:5000"},
+		},
 	}
 	for _, test := range tests {
 		testutil.Run(t, test.description, func(t *testutil.T) {
 			commonArgs := []string{"--dockerfile", "Dockerfile", "--context", "context", "--destination", "tag", "-v", "info"}
 
-			args, err := args(test.artifact, "context", "tag")
+			args, err := args(test.artifact, "context", "tag", test.insecureRegistries)
 
 			t.CheckError(test.shouldErr, err)
 			if !test.shouldErr {

diff --git a/pkg/skaffold/constants/constants.go b/pkg/skaffold/constants/constants.go
@@ -41,7 +41,7 @@ const (
 
 	DefaultKustomizationPath = "."
 
-	DefaultKanikoImage                  = "gcr.io/kaniko-project/executor:v0.10.0@sha256:78d44ec4e9cb5545d7f85c1924695c89503ded86a59f92c7ae658afa3cff5400"
+	DefaultKanikoImage                  = "gcr.io/kaniko-project/executor:4ce8b8db817047f0be7a78c0fdffab71f797e8f8@sha256:fe1b5a428273309088fb6df563f4d88ab806fe602a7b0b3e8fbe1d7ee5f9ead0"
 	DefaultKanikoSecretName             = "kaniko-secret"
 	DefaultKanikoTimeout                = "20m"
 	DefaultKanikoContainerName          = "kaniko"