From 4013f2efcc798d8f7f52bcd9d7f65e4ed443ac0a Mon Sep 17 00:00:00 2001
From: zhleonix <zhleonix@gmail.com>
Date: Thu, 28 Mar 2019 22:59:31 +0800
Subject: [PATCH] Fix checking push permission without skipping tls on
 configured (#628)

---
 pkg/executor/push.go | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/pkg/executor/push.go b/pkg/executor/push.go
index 579aabc614..99bba2a746 100644
--- a/pkg/executor/push.go
+++ b/pkg/executor/push.go
@@ -63,7 +63,15 @@ func CheckPushPermissions(opts *config.KanikoOptions) error {
 		if checked[destRef.Context().RepositoryStr()] {
 			continue
 		}
-		if err := remote.CheckPushPermission(destRef, creds.GetKeychain(), http.DefaultTransport); err != nil {
+
+		// Create a transport to set our user-agent.
+		tr := http.DefaultTransport
+		if opts.SkipTLSVerify || opts.SkipTLSVerifyRegistries.Contains(destRef.Repository.Registry.Name()) {
+			tr.(*http.Transport).TLSClientConfig = &tls.Config{
+				InsecureSkipVerify: true,
+			}
+		}
+		if err := remote.CheckPushPermission(destRef, creds.GetKeychain(), tr); err != nil {
 			return errors.Wrapf(err, "checking push permission for %q", destRef)
 		}
 		checked[destRef.Context().RepositoryStr()] = true