jib icon indicating copy to clipboard operation
jib copied to clipboard

Published 20 hours ago verified publisher icon GoogleContainerTools

Convert allowInsecureRegistries to list of registries instead of binary true/false

Open chanseokoh opened this issue 5 years ago • 2 comments

I think this is a nice enhancement and useful for multi-module projects. It ensures only those registries are insecure, preventing an issue like https://github.com/GoogleContainerTools/skaffold/pull/2674#issuecomment-523497039.

Potentially it can accept a glob pattern. Or, maybe just a suffix for simplicity.

We also need to think about aliases.

chanseokoh avatar Aug 21 '19 16:08 chanseokoh

And since registries would be explicitly identified then we could automatically apply sendCredentialsOverHttp for those registries.

briandealwis avatar Aug 21 '19 18:08 briandealwis

Or perhaps automatically set sendCredentialsOverHttp only for loopback addresses (localhost). AFAIK, OS by-passes a network stack entirely for loopback as optimization, so it's pretty safe.

chanseokoh avatar Aug 21 '19 18:08 chanseokoh

Closing as part of cleanup. Please re-open if it's still relevant

JoeWang1127 avatar Aug 12 '22 14:08 JoeWang1127