From b646359b80f729159bff6fe1616e3e1e2799be4e Mon Sep 17 00:00:00 2001
From: Timofey Kirillov <timofey.kirillov@flant.com>
Date: Wed, 29 Mar 2023 18:51:33 +0300
Subject: [PATCH] fix: 'certificate signed by unknown authority' and not
 working skip-tls-verify-registry param

Signed-off-by: Timofey Kirillov <timofey.kirillov@flant.com>
---
 pkg/docker_registry/api.go | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/pkg/docker_registry/api.go b/pkg/docker_registry/api.go
index 38c9ee01f5..7da112dbee 100644
--- a/pkg/docker_registry/api.go
+++ b/pkg/docker_registry/api.go
@@ -270,14 +270,11 @@ func (api *api) image(reference string) (v1.Image, name.Reference, error) {
 		return nil, nil, fmt.Errorf("parsing reference %q: %w", reference, err)
 	}
 
-	// FIXME: Hack for the go-containerregistry library,
-	// FIXME: that uses default transport without options to change transport to custom.
-	// FIXME: Needed for the insecure https registry to work.
-	oldDefaultTransport := http.DefaultTransport
-	http.DefaultTransport = api.getHttpTransport()
-	img, err := remote.Image(ref, remote.WithAuthFromKeychain(authn.DefaultKeychain))
-	http.DefaultTransport = oldDefaultTransport
-
+	img, err := remote.Image(
+		ref,
+		remote.WithAuthFromKeychain(authn.DefaultKeychain),
+		remote.WithTransport(api.getHttpTransport()),
+	)
 	if err != nil {
 		return nil, nil, fmt.Errorf("reading image %q: %w", ref, err)
 	}