github.com/GoogleContainerTools/skaffold/v2@v2.13.2/docs-v1/content/en/docs/environment/image-registries.md

github.com/GoogleContainerTools/skaffold/v2@v2.13.2/docs-v1/content/en/docs/environment/image-registries.md (about)

     1  ---
     2  title: "Image Repository Handling"
     3  linkTitle: "Image Repository Handling"
     4  weight: 70
     5  featureId: default_repo
     6  aliases: [/docs/concepts/image_repositories]
     7  ---
     8  
     9  Often, a Kubernetes manifest (or `skaffold.yaml`) makes references to images that push to
    10  registries that we might not have access to. Modifying these individual image names manually
    11  is tedious, so Skaffold supports automatically prefixing these image names with a registry
    12  specified by the user. Using this, any project configured with Skaffold can be run by any user
    13  with minimal configuration, and no manual YAML editing!
    14  
    15  This is accomplished through the `default-repo` functionality, and can be used one of three ways:
    16  
    17  1. `--default-repo` flag
    18  
    19      ```bash
    20      skaffold dev --default-repo <myrepo>
    21      ```
    22  
    23  1. `SKAFFOLD_DEFAULT_REPO` environment variable
    24  
    25      ```bash
    26      SKAFFOLD_DEFAULT_REPO=<myrepo> skaffold dev
    27      ```
    28  
    29  1. Skaffold's global config
    30  
    31      ```bash
    32      skaffold config set default-repo <myrepo>
    33      ```
    34  
    35  If no `default-repo` is provided by the user, there is no automated image name rewriting, and Skaffold will
    36  try to push the image as provided in the yaml.
    37  
    38  The image name rewriting strategies are designed to be *conflict-free*:
    39  the full image name is rewritten on top of the default-repo so similar image names don't collide in the base namespace (e.g.: repo1/example and repo2/example would collide in the target_namespace/example without this)
    40  
    41  Automated image name rewriting strategies are determined based on the default-repo and the original image repository:
    42  
    43  * default-repo domain does not contain `gcr.io` or `-docker.pkg.dev`
    44    * **strategy**: 		escape & concat & truncate to 256
    45  
    46      ```
    47       original image: 	gcr.io/k8s-skaffold/skaffold-example1
    48       default-repo:      aws_account_id.dkr.ecr.region.amazonaws.com
    49       rewritten image:   aws_account_id.dkr.ecr.region.amazonaws.com/gcr_io_k8s-skaffold_skaffold-example1
    50      ```
    51  
    52  * default-repo contain `gcr.io` or `-docker.pkg.dev` (special cases - as GCR and AR allow for arbitrarily deep directory structure in image repo names)
    53    * **strategy**: concat unless prefix matches
    54    * **example1**: prefix doesn't match:
    55  
    56      ```
    57        original image: 	gcr.io/k8s-skaffold/skaffold-example1
    58        default-repo: 	gcr.io/myproject/myimage
    59        rewritten image:  gcr.io/myproject/myimage/gcr.io/k8s-skaffold/skaffold-example1
    60      ```
    61    * **example2**: prefix matches:
    62  
    63      ```
    64        original image: 	gcr.io/k8s-skaffold/skaffold-example1
    65        default-repo: 	gcr.io/k8s-skaffold
    66        rewritten image:  gcr.io/k8s-skaffold/skaffold-example1
    67      ```
    68    * **example3**: shared prefix:
    69  
    70      ```
    71        original image: 	gcr.io/k8s-skaffold/skaffold-example1
    72        default-repo: 	gcr.io/k8s-skaffold/myimage
    73        rewritten image:  gcr.io/k8s-skaffold/myimage/skaffold-example1
    74      ```
    75  
    76  ## Insecure image registries
    77  
    78  During development you may be forced to push images to a registry that does not support HTTPS.
    79  By itself, Skaffold will never try to downgrade a connection to a registry to plain HTTP.
    80  In order to access insecure registries, this has to be explicitly configured per registry name.
    81  
    82  There are several levels of granularity to allow insecure communication with some registry:
    83  
    84  1. Per Skaffold run via the repeatable `--insecure-registry` flag
    85  
    86      ```bash
    87      skaffold dev --insecure-registry insecure1.io --insecure-registry insecure2.io
    88      ```
    89  
    90  1. Per Skaffold run via `SKAFFOLD_INSECURE_REGISTRY` environment variable
    91  
    92      ```bash
    93      SKAFFOLD_INSECURE_REGISTRY='insecure1.io,insecure2.io' skaffold dev
    94      ```
    95  
    96  1. Per project via the Skaffold pipeline config `skaffold.yaml`
    97  
    98      ```yaml
    99      build:
   100          insecureRegistries:
   101          - insecure1.io
   102          - insecure2.io
   103      ```
   104  
   105  1. Per user via Skaffold's global config
   106  
   107      ```bash
   108      skaffold config set insecure-registries insecure1.io           # for the current kube-context
   109      skaffold config set --global insecure-registries insecure2.io  # for any kube-context
   110      ```
   111  
   112      Note that multiple set commands _add_ to the existing list of insecure registries.
   113      To clear the list, run `skaffold config unset insecure-registries`.
   114  
   115  Skaffold will join the lists of insecure registries, if configured via multiple sources.