Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fixed: enable --skip-tls-verify during the build phase #2346

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 9 additions & 8 deletions build/kubefile/parser/kubefile.go
Original file line number Diff line number Diff line change
Expand Up @@ -87,17 +87,17 @@ type KubefileParser struct {
imageEngine imageengine.Interface
}

func (kp *KubefileParser) ParseKubefile(rwc io.Reader) (*KubefileResult, error) {
func (kp *KubefileParser) ParseKubefile(rwc io.Reader, skipTLSVerify bool) (*KubefileResult, error) {
result, err := parse(rwc)
if err != nil {
return nil, fmt.Errorf("failed to parse dockerfile: %v", err)
}

mainNode := result.AST
return kp.generateResult(mainNode)
return kp.generateResult(mainNode, skipTLSVerify)
}

func (kp *KubefileParser) generateResult(mainNode *Node) (*KubefileResult, error) {
func (kp *KubefileParser) generateResult(mainNode *Node, skipTLSVerify bool) (*KubefileResult, error) {
var (
result = &KubefileResult{
Applications: map[string]version.VersionedApplication{},
Expand Down Expand Up @@ -141,7 +141,7 @@ func (kp *KubefileParser) generateResult(mainNode *Node) (*KubefileResult, error
case command.From:
// process FROM aims to pull the image, and merge the applications from
// the FROM image.
if err = kp.processFrom(node, result); err != nil {
if err = kp.processFrom(node, result, skipTLSVerify); err != nil {
return nil, fmt.Errorf("failed to process from: %v", err)
}
case command.Launch:
Expand Down Expand Up @@ -429,7 +429,7 @@ func (kp *KubefileParser) processLaunch(node *Node, result *KubefileResult) erro
return nil
}

func (kp *KubefileParser) processFrom(node *Node, result *KubefileResult) error {
func (kp *KubefileParser) processFrom(node *Node, result *KubefileResult, skipTLSVerify bool) error {
var (
platform = parse2.DefaultPlatform()
flags = node.Flags
Expand All @@ -455,9 +455,10 @@ func (kp *KubefileParser) processFrom(node *Node, result *KubefileResult) error
}

id, err := kp.imageEngine.Pull(&options.PullOptions{
PullPolicy: kp.pullPolicy,
Image: image,
Platform: platform,
PullPolicy: kp.pullPolicy,
Image: image,
Platform: platform,
SkipTLSVerify: skipTLSVerify,
})
if err != nil {
return fmt.Errorf("failed to pull image %s: %v", image, err)
Expand Down
8 changes: 4 additions & 4 deletions build/kubefile/parser/parse_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,7 @@ LAUNCH ["%s"]
)

reader := bytes.NewReader([]byte(text))
result, err := testParser.ParseKubefile(reader)
result, err := testParser.ParseKubefile(reader, true)
if err != nil {
t.Fatalf("failed to parse kubefile: %s", err)
}
Expand Down Expand Up @@ -128,7 +128,7 @@ LAUNCH %s
)

reader := bytes.NewReader([]byte(text))
result, err := testParser.ParseKubefile(reader)
result, err := testParser.ParseKubefile(reader, true)
if err != nil {
t.Fatalf("failed to parse kubefile: %s", err)
}
Expand Down Expand Up @@ -187,7 +187,7 @@ CMDS ["%s", "%s"]
)

reader := bytes.NewReader([]byte(text))
result, err := testParser.ParseKubefile(reader)
result, err := testParser.ParseKubefile(reader, true)
if err != nil {
t.Fatalf("failed to parse kubefile: %s", err)
}
Expand Down Expand Up @@ -241,7 +241,7 @@ LAUNCH ["app1"]`, appFilePath)
)

reader := bytes.NewReader([]byte(text))
result, err := testParser.ParseKubefile(reader)
result, err := testParser.ParseKubefile(reader, true)
if err != nil {
t.Fatalf("failed to parse kubefile: %s", err)
}
Expand Down
18 changes: 10 additions & 8 deletions cmd/sealer/cmd/image/build.go
Original file line number Diff line number Diff line change
Expand Up @@ -97,11 +97,11 @@ func NewBuildCmd() *cobra.Command {
}
// if its value is default platforms, build image as single sealer image.
if ok := platforms.Default().Match(p); ok {
return buildSingleSealerImage(engine, buildFlags.Tag, "", buildFlags.Platforms[0])
return buildSingleSealerImage(engine, buildFlags.Tag, "", buildFlags.Platforms[0], buildFlags.SkipTLSVerify)
}
}

return buildMultiPlatformSealerImage(engine)
return buildMultiPlatformSealerImage(engine, buildFlags.SkipTLSVerify)
},
}
buildCmd.Flags().StringVarP(&buildFlags.Kubefile, "file", "f", "Kubefile", "Kubefile filepath")
Expand All @@ -118,6 +118,7 @@ func NewBuildCmd() *cobra.Command {
buildCmd.Flags().StringSliceVar(&buildFlags.Labels, "label", []string{getSealerLabel()}, "add labels for image. Format like --label key=[value]")
buildCmd.Flags().BoolVar(&buildFlags.NoCache, "no-cache", false, "do not use existing cached images for building. Build from the start with a new set of cached layers.")
buildCmd.Flags().StringVar(&buildFlags.BuildMode, "build-mode", options.WithAllMode, "whether to download container image during the build process. default is `all`.")
buildCmd.Flags().BoolVar(&buildFlags.SkipTLSVerify, "skip-tls-verify", true, "default is requiring HTTPS and verify certificates when accessing the registry.")

supportedImageType := map[string]struct{}{v12.KubeInstaller: {}, v12.AppInstaller: {}}
if _, ok := supportedImageType[buildFlags.ImageType]; !ok {
Expand All @@ -132,7 +133,7 @@ func NewBuildCmd() *cobra.Command {
return buildCmd
}

func buildMultiPlatformSealerImage(engine imageengine.Interface) error {
func buildMultiPlatformSealerImage(engine imageengine.Interface, skipTLSVerify bool) error {
var (
// use buildFlags.Tag as manifest name for multi arch build
manifest = buildFlags.Tag
Expand All @@ -146,7 +147,7 @@ func buildMultiPlatformSealerImage(engine imageengine.Interface) error {

// build multi platform
for _, p := range buildFlags.Platforms {
err = buildSingleSealerImage(engine, "", manifest, p)
err = buildSingleSealerImage(engine, "", manifest, p, skipTLSVerify)
if err != nil {
// clean manifest
_ = engine.DeleteManifests([]string{manifest}, &options.ManifestDeleteOpts{})
Expand All @@ -157,9 +158,10 @@ func buildMultiPlatformSealerImage(engine imageengine.Interface) error {
return nil
}

func buildSingleSealerImage(engine imageengine.Interface, imageName string, manifest string, platformStr string) error {
func buildSingleSealerImage(engine imageengine.Interface, imageName string, manifest string, platformStr string, skipTLSVerify bool) error {
// parse Kubefile & try pull image in "from" syntax
kubefileParser := parser.NewParser(rootfs.GlobalManager.App().Root(), buildFlags, engine, platformStr)
result, err := getKubefileParseResult(buildFlags.ContextDir, buildFlags.Kubefile, kubefileParser)
result, err := getKubefileParseResult(buildFlags.ContextDir, buildFlags.Kubefile, kubefileParser, skipTLSVerify)
if err != nil {
return err
}
Expand Down Expand Up @@ -483,7 +485,7 @@ func buildImageExtensionOnResult(result *parser.KubefileResult, imageType string
return extension
}

func getKubefileParseResult(contextDir, file string, kubefileParser *parser.KubefileParser) (*parser.KubefileResult, error) {
func getKubefileParseResult(contextDir, file string, kubefileParser *parser.KubefileParser, skipTLSVerify bool) (*parser.KubefileResult, error) {
kubefile, err := getKubefile(contextDir, file)
if err != nil {
return nil, err
Expand All @@ -497,7 +499,7 @@ func getKubefileParseResult(contextDir, file string, kubefileParser *parser.Kube
_ = kfr.Close()
}()

kr, err := kubefileParser.ParseKubefile(kfr)
kr, err := kubefileParser.ParseKubefile(kfr, skipTLSVerify)
if err != nil {
return nil, err
}
Expand Down
3 changes: 2 additions & 1 deletion pkg/define/options/options.go
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,8 @@ type BuildOptions struct {

//BuildMode means whether to download container image during the build process
// default value is download all container images.
BuildMode string
BuildMode string
SkipTLSVerify bool
}

type FromOptions struct {
Expand Down
Loading