In the previous PR, a functionWithRegistrySetting has been implemented with the possibility to activate or deactivate the InsecureSkipVerify flag.
The RFC wasn't very clear about the reason it needed to be permanently set as false/true so I tried to investigate a bit how other tools/libraries implemented it.
From Google:
// Insecure is an Option that allows image references to be fetched without TLS.
// This will also allow for untrusted (e.g. self-signed) certificates in cases where
// the default transport is used (i.e. when WithTransport is not used).
This PR concerns the insecure-registry RFC implementation in the imgutil library.
In the previous PR, a function
WithRegistrySettinghas been implemented with the possibility to activate or deactivate theInsecureSkipVerifyflag.The RFC wasn't very clear about the reason it needed to be permanently set as false/true so I tried to investigate a bit how other tools/libraries implemented it. From Google:
This implementation followed the one made by Google: https://github.com/google/go-containerregistry/blob/main/pkg/crane/options.go#L70 and https://github.com/google/go-containerregistry/blob/190ad0e4d556f199a07951d55124f8a394ebccd9/cmd/crane/cmd/root.go#L83
With this PR, whenever we set a registry as
Insecurewe also disable the TLS verification.