Summary

As a developer, I'd like to be able to publish app images to an "insecure" registry in the non-daemon case.

(NOTE: I mention non-daemon case because the daemon case is controlled/configured via Docker Desktop.)

Currently, this partly works in some local setups because GGCR attempts to detect protocol.

In my current development environment, it doesn't work because I'm routing to the registry from inside a container and thereby referencing it as host.docker.internal which doesn't match GGCR's logic.

A potential solution may be to go to GGCR and request that host.docker.internal be added to their detection logic BUT it seems like this may be desirable in other scenarios. (See prior art).

Proposed Solution

Since there are multiple images at play sometimes, instead of a single global flag --insecure (like kaniko) add a variadic flag + matching character separated env var for insecure registries.

For example:

analyzer --insecure-registry=my-registry.com/here/  --insecure-registry=host.docker.internal

CNB_INSECURE_REGISTRIES="my-registry.com/here/;host.docker.internal"
analyzer ...

Prior Art

• kaniko
• crane