Skip to content
This repository was archived by the owner on Mar 27, 2024. It is now read-only.

Add two options to handle self-signed certificates registries #327

Merged
merged 1 commit into from
Mar 27, 2020
Merged

Add two options to handle self-signed certificates registries #327

merged 1 commit into from
Mar 27, 2020

Conversation

antechrestos
Copy link
Contributor

Two options:

  • skip-tls-verify-registry <registry name> will skip tls verification for given registry name
  • registry-certificate <registry name>=<path to the certificate> will give certificate for the given registry

Fixes #326

nkubala
nkubala suggested changes Feb 26, 2020
View reviewed changes
Copy link
Contributor

@nkubala nkubala left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hey @antechrestos, thanks for the contribution! added some feedback here, once it's addressed I'll have another look and then merge

pkg/util/transport_builder.go Outdated
Comment on lines 45 to 47
for registry := range registriesToCertificates {
tlsConfiguration.registriesCertificates[registry] = registriesToCertificates[registry]
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we not just set tlsConfig.certifiedRegistries = certifiedRegistries?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It was to force a copy and ensure a immutable pattern. I am open minded on this point

@antechrestos
Copy link
Contributor Author

antechrestos commented Feb 26, 2020
edited
Loading

@nkubala Thank you for your feedback.
I've changed everything but two. Please give me your preference over the last one

@antechrestos
Copy link
Contributor Author

@nkubala are you ok with the changes? Let me know if you're ok with letting opened the last discussion

@antechrestos
Add options to skip tls verification or add registry certificate
d14dcf0 
* 'skip-tls-verify-registry <registry name>' will skip tls verification for given registry name
* 'registry-certificate <registry name>=<path to the certificate>' will give certificate for the given registry. This might be usefull for self-signed certificates

Fixes #326
@nkubala
Copy link
Contributor

nkubala commented Mar 27, 2020

@antechrestos thanks for the contribution!

@nkubala nkubala merged commit 54fb6c6 into GoogleContainerTools:master Mar 27, 2020
@antechrestos antechrestos deleted the feature/allow_self_signed_certificates branch March 27, 2020 17:56
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@nkubala nkubala nkubala approved these changes

@dlorenc dlorenc Awaiting requested review from dlorenc

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Allow access to self signed certificates
2 participants
@antechrestos @nkubala