feat(bundle): support publishing into insecure registries

Set WERF_BUNDLE_INSECURE_REGISTRY=1 to use plain HTTP registry. Set WERF_BUNDLE_SKIP_TLS_VERIFY_REGISTRY=1 to skip verifying of certificates signed by unknown authority. Signed-off-by: Timofey Kirillov <timofey.kirillov@flant.com>
werf · Aug 22, 2022 · c88eeb3 · c88eeb3
1 parent c90ec37
commit c88eeb3
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 4 deletions.
diff --git a/cmd/werf/common/helm.go b/cmd/werf/common/helm.go
@@ -12,6 +12,7 @@ import (
 	"github.com/werf/logboek"
 	bundles_registry "github.com/werf/werf/pkg/deploy/bundles/registry"
 	"github.com/werf/werf/pkg/deploy/helm"
+	"github.com/werf/werf/pkg/util"
 )
 
 func NewHelmRegistryClientHandle(ctx context.Context, commonCmdData *CmdData) (*registry.Client, error) {
@@ -24,12 +25,14 @@ func NewHelmRegistryClientHandle(ctx context.Context, commonCmdData *CmdData) (*
 
 func NewBundlesRegistryClient(ctx context.Context, commonCmdData *CmdData) (*bundles_registry.Client, error) {
 	debug := logboek.Context(ctx).Debug().IsAccepted()
-	insecure := *commonCmdData.InsecureHelmDependencies
+	insecure := util.GetBoolEnvironmentDefaultFalse("WERF_BUNDLE_INSECURE_REGISTRY")
+	skipTlsVerify := util.GetBoolEnvironmentDefaultFalse("WERF_BUNDLE_SKIP_TLS_VERIFY_REGISTRY")
 	out := logboek.Context(ctx).OutStream()
 
 	return bundles_registry.NewClient(
 		bundles_registry.ClientOptDebug(debug),
 		bundles_registry.ClientOptInsecure(insecure),
+		bundles_registry.ClientOptSkipTlsVerify(skipTlsVerify),
 		bundles_registry.ClientOptWriter(out),
 	)
 }

diff --git a/pkg/deploy/bundles/registry/client.go b/pkg/deploy/bundles/registry/client.go
@@ -48,8 +48,9 @@ const (
 type (
 	// Client works with OCI-compliant registries and local Helm chart cache
 	Client struct {
-		debug    bool
-		insecure bool
+		debug         bool
+		insecure      bool
+		skipTlsVerify bool
 		// path to repository config file e.g. ~/.docker/config.json
 		credentialsFile string
 		out             io.Writer
@@ -91,7 +92,7 @@ func NewClient(opts ...ClientOption) (*Client, error) {
 	}
 	if client.resolver == nil {
 		httpClient := http.DefaultClient
-		if client.insecure {
+		if client.skipTlsVerify {
 			httpClient.Transport = &http.Transport{
 				TLSClientConfig: &tls.Config{
 					InsecureSkipVerify: true,

diff --git a/pkg/deploy/bundles/registry/client_opts.go b/pkg/deploy/bundles/registry/client_opts.go
@@ -73,3 +73,9 @@ func ClientOptInsecure(insecure bool) ClientOption {
 		client.insecure = insecure
 	}
 }
+
+func ClientOptSkipTlsVerify(skipTlsVerify bool) ClientOption {
+	return func(client *Client) {
+		client.skipTlsVerify = skipTlsVerify
+	}
+}