diff --git a/build/kubefile/parser/kubefile.go b/build/kubefile/parser/kubefile.go index 5ffd32d2438..547be7c093d 100644 --- a/build/kubefile/parser/kubefile.go +++ b/build/kubefile/parser/kubefile.go @@ -87,17 +87,17 @@ type KubefileParser struct { imageEngine imageengine.Interface } -func (kp *KubefileParser) ParseKubefile(rwc io.Reader) (*KubefileResult, error) { +func (kp *KubefileParser) ParseKubefile(rwc io.Reader, skipTLSVerify bool) (*KubefileResult, error) { result, err := parse(rwc) if err != nil { return nil, fmt.Errorf("failed to parse dockerfile: %v", err) } mainNode := result.AST - return kp.generateResult(mainNode) + return kp.generateResult(mainNode, skipTLSVerify) } -func (kp *KubefileParser) generateResult(mainNode *Node) (*KubefileResult, error) { +func (kp *KubefileParser) generateResult(mainNode *Node, skipTLSVerify bool) (*KubefileResult, error) { var ( result = &KubefileResult{ Applications: map[string]version.VersionedApplication{}, @@ -141,7 +141,7 @@ func (kp *KubefileParser) generateResult(mainNode *Node) (*KubefileResult, error case command.From: // process FROM aims to pull the image, and merge the applications from // the FROM image. - if err = kp.processFrom(node, result); err != nil { + if err = kp.processFrom(node, result, skipTLSVerify); err != nil { return nil, fmt.Errorf("failed to process from: %v", err) } case command.Launch: @@ -429,7 +429,7 @@ func (kp *KubefileParser) processLaunch(node *Node, result *KubefileResult) erro return nil } -func (kp *KubefileParser) processFrom(node *Node, result *KubefileResult) error { +func (kp *KubefileParser) processFrom(node *Node, result *KubefileResult, skipTLSVerify bool) error { var ( platform = parse2.DefaultPlatform() flags = node.Flags @@ -455,9 +455,10 @@ func (kp *KubefileParser) processFrom(node *Node, result *KubefileResult) error } id, err := kp.imageEngine.Pull(&options.PullOptions{ - PullPolicy: kp.pullPolicy, - Image: image, - Platform: platform, + PullPolicy: kp.pullPolicy, + Image: image, + Platform: platform, + SkipTLSVerify: skipTLSVerify, }) if err != nil { return fmt.Errorf("failed to pull image %s: %v", image, err) diff --git a/build/kubefile/parser/parse_test.go b/build/kubefile/parser/parse_test.go index 4f051c284bb..89ebd20021b 100644 --- a/build/kubefile/parser/parse_test.go +++ b/build/kubefile/parser/parse_test.go @@ -65,7 +65,7 @@ LAUNCH ["%s"] ) reader := bytes.NewReader([]byte(text)) - result, err := testParser.ParseKubefile(reader) + result, err := testParser.ParseKubefile(reader, true) if err != nil { t.Fatalf("failed to parse kubefile: %s", err) } @@ -128,7 +128,7 @@ LAUNCH %s ) reader := bytes.NewReader([]byte(text)) - result, err := testParser.ParseKubefile(reader) + result, err := testParser.ParseKubefile(reader, true) if err != nil { t.Fatalf("failed to parse kubefile: %s", err) } @@ -187,7 +187,7 @@ CMDS ["%s", "%s"] ) reader := bytes.NewReader([]byte(text)) - result, err := testParser.ParseKubefile(reader) + result, err := testParser.ParseKubefile(reader, true) if err != nil { t.Fatalf("failed to parse kubefile: %s", err) } @@ -241,7 +241,7 @@ LAUNCH ["app1"]`, appFilePath) ) reader := bytes.NewReader([]byte(text)) - result, err := testParser.ParseKubefile(reader) + result, err := testParser.ParseKubefile(reader, true) if err != nil { t.Fatalf("failed to parse kubefile: %s", err) } diff --git a/cmd/sealer/cmd/image/build.go b/cmd/sealer/cmd/image/build.go index b00a3e0f8e7..fc0299383e7 100644 --- a/cmd/sealer/cmd/image/build.go +++ b/cmd/sealer/cmd/image/build.go @@ -97,11 +97,11 @@ func NewBuildCmd() *cobra.Command { } // if its value is default platforms, build image as single sealer image. if ok := platforms.Default().Match(p); ok { - return buildSingleSealerImage(engine, buildFlags.Tag, "", buildFlags.Platforms[0]) + return buildSingleSealerImage(engine, buildFlags.Tag, "", buildFlags.Platforms[0], buildFlags.SkipTLSVerify) } } - return buildMultiPlatformSealerImage(engine) + return buildMultiPlatformSealerImage(engine, buildFlags.SkipTLSVerify) }, } buildCmd.Flags().StringVarP(&buildFlags.Kubefile, "file", "f", "Kubefile", "Kubefile filepath") @@ -118,6 +118,7 @@ func NewBuildCmd() *cobra.Command { buildCmd.Flags().StringSliceVar(&buildFlags.Labels, "label", []string{getSealerLabel()}, "add labels for image. Format like --label key=[value]") buildCmd.Flags().BoolVar(&buildFlags.NoCache, "no-cache", false, "do not use existing cached images for building. Build from the start with a new set of cached layers.") buildCmd.Flags().StringVar(&buildFlags.BuildMode, "build-mode", options.WithAllMode, "whether to download container image during the build process. default is `all`.") + buildCmd.Flags().BoolVar(&buildFlags.SkipTLSVerify, "skip-tls-verify", true, "default is requiring HTTPS and verify certificates when accessing the registry.") supportedImageType := map[string]struct{}{v12.KubeInstaller: {}, v12.AppInstaller: {}} if _, ok := supportedImageType[buildFlags.ImageType]; !ok { @@ -132,7 +133,7 @@ func NewBuildCmd() *cobra.Command { return buildCmd } -func buildMultiPlatformSealerImage(engine imageengine.Interface) error { +func buildMultiPlatformSealerImage(engine imageengine.Interface, skipTLSVerify bool) error { var ( // use buildFlags.Tag as manifest name for multi arch build manifest = buildFlags.Tag @@ -146,7 +147,7 @@ func buildMultiPlatformSealerImage(engine imageengine.Interface) error { // build multi platform for _, p := range buildFlags.Platforms { - err = buildSingleSealerImage(engine, "", manifest, p) + err = buildSingleSealerImage(engine, "", manifest, p, skipTLSVerify) if err != nil { // clean manifest _ = engine.DeleteManifests([]string{manifest}, &options.ManifestDeleteOpts{}) @@ -157,9 +158,10 @@ func buildMultiPlatformSealerImage(engine imageengine.Interface) error { return nil } -func buildSingleSealerImage(engine imageengine.Interface, imageName string, manifest string, platformStr string) error { +func buildSingleSealerImage(engine imageengine.Interface, imageName string, manifest string, platformStr string, skipTLSVerify bool) error { + // parse Kubefile & try pull image in "from" syntax kubefileParser := parser.NewParser(rootfs.GlobalManager.App().Root(), buildFlags, engine, platformStr) - result, err := getKubefileParseResult(buildFlags.ContextDir, buildFlags.Kubefile, kubefileParser) + result, err := getKubefileParseResult(buildFlags.ContextDir, buildFlags.Kubefile, kubefileParser, skipTLSVerify) if err != nil { return err } @@ -483,7 +485,7 @@ func buildImageExtensionOnResult(result *parser.KubefileResult, imageType string return extension } -func getKubefileParseResult(contextDir, file string, kubefileParser *parser.KubefileParser) (*parser.KubefileResult, error) { +func getKubefileParseResult(contextDir, file string, kubefileParser *parser.KubefileParser, skipTLSVerify bool) (*parser.KubefileResult, error) { kubefile, err := getKubefile(contextDir, file) if err != nil { return nil, err @@ -497,7 +499,7 @@ func getKubefileParseResult(contextDir, file string, kubefileParser *parser.Kube _ = kfr.Close() }() - kr, err := kubefileParser.ParseKubefile(kfr) + kr, err := kubefileParser.ParseKubefile(kfr, skipTLSVerify) if err != nil { return nil, err } diff --git a/pkg/define/options/options.go b/pkg/define/options/options.go index e88746aff47..103d081eaf1 100644 --- a/pkg/define/options/options.go +++ b/pkg/define/options/options.go @@ -45,7 +45,8 @@ type BuildOptions struct { //BuildMode means whether to download container image during the build process // default value is download all container images. - BuildMode string + BuildMode string + SkipTLSVerify bool } type FromOptions struct {