Merge pull request #1259 from 24sama/master

fix "skipTLSVerify" field can not clearly distinguish between skipping TLS verify and using HTTP.
2025-12-26 01:22:51 +00:00 · 2022-05-06 07:37:02 +08:00 · 2022-05-06 07:37:02 +08:00 · 8ed410d46f
parent b345448d6e 67eb4e47b3
commit 8ed410d46f
5 changed files with 11 additions and 6 deletions
--- a/docs/config-example.md
+++ b/docs/config-example.md
@ -73,10 +73,9 @@ spec:
      "dockerhub.kubekey.local":
        username: "xxx"
        password: "***"
-        skipTLSVerify: false # Allow contacting registries over HTTP, or HTTPS with failed TLS verification.
+        skipTLSVerify: false # Allow contacting registries over HTTPS with failed TLS verification.
+        plainHTTP: false # Allow contacting registries over HTTP.
        certsPath: "/etc/docker/certs.d/dockerhub.kubekey.local" # Use certificates at path (*.crt, *.cert, *.key) to connect to the registry.
-
-
  addons: [] # You can install cloud-native addons (Chart or YAML) by using this field.

 ---
--- a/docs/manifest-example.md
+++ b/docs/manifest-example.md
@ -145,6 +145,7 @@ spec:
      "dockerhub.kubekey.local":
        username: "xxx"
        password: "***"
-        skipTLSVerify: false # Allow contacting registries over HTTP, or HTTPS with failed TLS verification.
+        skipTLSVerify: false # Allow contacting registries over HTTPS with failed TLS verification.
+        plainHTTP: false # Allow contacting registries over HTTP.
        certsPath: "/etc/docker/certs.d/dockerhub.kubekey.local" # Use certificates at path (*.crt, *.cert, *.key) to connect to the registry.
 ```
--- a/pkg/config/templates/cluster.go
+++ b/pkg/config/templates/cluster.go
@ -53,6 +53,8 @@ spec:
  kubernetes:
    version: {{ .Options.KubeVersion }}
    clusterName: cluster.local
+  etcd:
+    type: kubekey
  network:
    plugin: calico
    kubePodsCIDR: 10.233.64.0/18
@ -61,7 +63,6 @@ spec:
    multusCNI:
      enabled: false
  registry:
-    plainHTTP: false
    privateRegistry: ""
    namespaceOverride: ""
    registryMirrors: []
--- a/pkg/images/tasks.go
+++ b/pkg/images/tasks.go
@ -325,7 +325,7 @@ func (p *PushManifest) Execute(_ connector.Runtime) error {
 		logger.Log.Infof("Push multi-arch manifest list: %s", imageName)
 		// todo: the function can't support specify a certs dir
 		digest, length, err := manifestregistry.PushManifestList(auth.Username, auth.Password, manifestSpec,
-			false, true, auth.SkipTLSVerify, "")
+			false, true, auth.PlainHTTP, "")
 		if err != nil {
 			return errors.Wrap(errors.WithStack(err), fmt.Sprintf("push image %s multi-arch manifest failed", imageName))
 		}
--- a/pkg/registry/docker_registry_config.go
+++ b/pkg/registry/docker_registry_config.go
@ -47,6 +47,7 @@ type DockerRegistryEntry struct {
 	Username      string `json:"username,omitempty"`
 	Password      string `json:"password,omitempty"`
 	SkipTLSVerify bool   `json:"skipTLSVerify,omitempty"`
+	PlainHTTP     bool   `json:"plainHTTP,omitempty"`
 	CertsPath     string `json:"certsPath,omitempty"`
 	// CAFile is an SSL Certificate Authority file used to secure etcd communication.
 	CAFile string `yaml:"caFile" json:"caFile,omitempty"`
@ -79,6 +80,9 @@ func DockerRegistryAuthEntries(auths runtime.RawExtension) (entries map[string]*
 			v.CertFile = cert
 			v.KeyFile = key
 		}
+		if v.PlainHTTP {
+			v.SkipTLSVerify = true
+		}
 	}

 	return