fix host:port not allowed in insecure registry configmap

2025-06-03 06:30:22 +00:00 · 2019-05-29 17:02:48 -04:00 · 2019-05-29 17:02:48 -04:00 · 5740cee5fd
commit 5740cee5fd
parent 82404ec3da
5 changed files with 25 additions and 7 deletions
--- a/doc/image-from-registry.md
+++ b/doc/image-from-registry.md
@ -125,5 +125,5 @@ Add the registry to the `cdi-insecure-registries` `ConfigMap` in the `cdi` names

 ```bash
 kubectl patch configmap cdi-insecure-registries -n cdi \
-  --type merge -p '{"data":{"my-private-registry-host": ""}}'
+  --type merge -p '{"data":{"mykey": "my-private-registry-host:5000"}}'
 ```
--- a/manifests/templates/registry-host.yaml.in
+++ b/manifests/templates/registry-host.yaml.in
@ -90,3 +90,6 @@ spec:
  - name: sec-docker-reg
    port: 443
    targetPort: 443
+  - name: alt-sec-docker-reg
+    port: 5000
+    targetPort: 443
--- a/pkg/controller/util.go
+++ b/pkg/controller/util.go
@ -1406,17 +1406,22 @@ func isInsecureTLS(client kubernetes.Interface, pvc *v1.PersistentVolumeClaim) (
 		return false, nil
 	}

+	klog.V(3).Infof("Checking configmap %s for host %s", configMapName, url.Host)
+
 	cm, err := client.CoreV1().ConfigMaps(util.GetNamespace()).Get(configMapName, metav1.GetOptions{})
 	if err != nil {
 		if k8serrors.IsNotFound(err) {
+			klog.Warningf("Configmap %s does not exist", configMapName)
 			return false, nil
 		}

 		return false, err
 	}

-	for host := range cm.Data {
-		if host == url.Host {
+	for key, value := range cm.Data {
+		klog.V(3).Infof("Checking %q against %q: %q", url.Host, key, value)
+
+		if value == url.Host {
 			return true, nil
 		}
 	}
--- a/tests/transport_test.go
+++ b/tests/transport_test.go
@ -80,7 +80,7 @@ var _ = Describe("Transport Tests", func() {
 		}

 		if insecureRegistry {
-			err = utils.SetInsecureRegistry(c, f.CdiInstallNs)
+			err = utils.SetInsecureRegistry(c, f.CdiInstallNs, ep)
 			Expect(err).To(BeNil())
 			defer utils.ClearInsecureRegistry(c, f.CdiInstallNs)
 		}
@ -126,6 +126,7 @@ var _ = Describe("Transport Tests", func() {
 	httpsNoAuthEp := fmt.Sprintf("https://%s:%d", utils.FileHostName+"."+f.CdiInstallNs, utils.HTTPSNoAuthPort)
 	httpAuthEp := fmt.Sprintf("http://%s:%d", utils.FileHostName+"."+f.CdiInstallNs, utils.HTTPAuthPort)
 	registryNoAuthEp := fmt.Sprintf("docker://%s", utils.RegistryHostName+"."+f.CdiInstallNs)
+	altRegistryNoAuthEp := fmt.Sprintf("docker://%s.%s:%d", utils.RegistryHostName, f.CdiInstallNs, 5000)
 	DescribeTable("Transport Test Table", it,
 		Entry("should connect to http endpoint without credentials", httpNoAuthEp, targetFile, "", "", controller.SourceHTTP, "", false, true),
 		Entry("should connect to http endpoint with credentials", httpAuthEp, targetFile, utils.AccessKeyValue, utils.SecretKeyValue, controller.SourceHTTP, "", false, true),
@ -134,6 +135,7 @@ var _ = Describe("Transport Tests", func() {
 		Entry("should connect to QCOW http endpoint with credentials", httpAuthEp, targetQCOWFile, utils.AccessKeyValue, utils.SecretKeyValue, controller.SourceHTTP, "", false, true),
 		Entry("should succeed to import from registry when image contains valid qcow file", registryNoAuthEp, targetQCOWImage, "", "", controller.SourceRegistry, "cdi-docker-registry-host-certs", false, true),
 		Entry("should succeed to import from registry when image contains valid qcow file", registryNoAuthEp, targetQCOWImage, "", "", controller.SourceRegistry, "", true, true),
+		Entry("should succeed to import from registry when image contains valid qcow file", altRegistryNoAuthEp, targetQCOWImage, "", "", controller.SourceRegistry, "", true, true),
 		Entry("should fail no certs", registryNoAuthEp, targetQCOWImage, "", "", controller.SourceRegistry, "", false, false),
 		Entry("should fail bad certs", registryNoAuthEp, targetQCOWImage, "", "", controller.SourceRegistry, "cdi-file-host-certs", false, false),
 		Entry("should succeed to import from registry when image contains valid raw file", registryNoAuthEp, targetRawImage, "", "", controller.SourceRegistry, "cdi-docker-registry-host-certs", false, true),
--- a/tests/utils/configmaps.go
+++ b/tests/utils/configmaps.go
@ -1,6 +1,7 @@
 package utils

 import (
+	"net/url"
 	"strings"

 	v1 "k8s.io/api/core/v1"
@ -61,8 +62,10 @@ func CopyConfigMap(client kubernetes.Interface, srcNamespace, srcName, destNames
 	return destName, nil
 }

+const insecureRegistryKey = "test-registry"
+
 // SetInsecureRegistry sets the configmap entry to mark the registry as okay to be insecure
-func SetInsecureRegistry(client kubernetes.Interface, cdiNamespace string) error {
+func SetInsecureRegistry(client kubernetes.Interface, cdiNamespace, registryURL string) error {
 	cm, err := client.CoreV1().ConfigMaps(cdiNamespace).Get(common.InsecureRegistryConfigMap, metav1.GetOptions{})
 	if err != nil {
 		return err
@ -72,7 +75,12 @@ func SetInsecureRegistry(client kubernetes.Interface, cdiNamespace string) error
 		cm.Data = map[string]string{}
 	}

-	cm.Data[RegistryHostName+"."+cdiNamespace] = ""
+	parsedURL, err := url.Parse(registryURL)
+	if err != nil {
+		return err
+	}
+
+	cm.Data[insecureRegistryKey] = parsedURL.Host

 	_, err = client.CoreV1().ConfigMaps(cdiNamespace).Update(cm)
 	if err != nil {
@ -89,7 +97,7 @@ func ClearInsecureRegistry(client kubernetes.Interface, cdiNamespace string) err
 		return err
 	}

-	delete(cm.Data, RegistryHostName+"."+cdiNamespace)
+	delete(cm.Data, insecureRegistryKey)

 	_, err = client.CoreV1().ConfigMaps(cdiNamespace).Update(cm)
 	if err != nil {