*: support insecure registries

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-08 15:45:34 +02:00 · 2017-06-08 15:45:34 +02:00 · 8b53fabcbd
commit 8b53fabcbd
parent 8441dca284
6 changed files with 129 additions and 38 deletions
--- a/server/config.go
+++ b/server/config.go
@ -117,6 +117,9 @@ type ImageConfig struct {
 	// that this be left unspecified so that the default system-wide policy
 	// will be used.
 	SignaturePolicyPath string `toml:"signature_policy"`
+	// InsecureRegistries is a list of registries that must be contacted w/o
+	// TLS verification.
+	InsecureRegistries []string `toml:"insecure_registries"`
 }

 // NetworkConfig represents the "crio.network" TOML config table
--- a/server/image_pull.go
+++ b/server/image_pull.go
@ -38,8 +38,6 @@ func (s *Server) PullImage(ctx context.Context, req *pb.PullImageRequest) (*pb.P
 		}
 	}
 	options := &copy.Options{
-		// TODO: we need a way to specify insecure registries like docker
-		//DockerInsecureSkipTLSVerify: true,
 		SourceCtx: &types.SystemContext{},
 	}
 	// a not empty username should be sufficient to decide whether to send auth
@ -53,7 +51,7 @@ func (s *Server) PullImage(ctx context.Context, req *pb.PullImageRequest) (*pb.P
 		}
 	}

-	canPull, err := s.storageImageServer.CanPull(image, options.SourceCtx)
+	canPull, err := s.storageImageServer.CanPull(image, options)
 	if err != nil && !canPull {
 		return nil, err
 	}
--- a/server/server.go
+++ b/server/server.go
@ -545,7 +545,7 @@ func New(config *Config) (*Server, error) {
 		return nil, err
 	}

-	imageService, err := storage.GetImageService(store, config.DefaultTransport)
+	imageService, err := storage.GetImageService(store, config.DefaultTransport, config.InsecureRegistries)
 	if err != nil {
 		return nil, err
 	}