fix: detect insecure registry when checking push permissions

Author: lizardruss

pkg/devspace/build/registry/util.go

@@ -32,6 +32,17 @@ func HasPushPermission(image *latest.Image) bool {
 	}
 
 	pushErr := remote.CheckPushPermission(ref, authn.DefaultKeychain, http.DefaultTransport)
+
+	if isInsecureRegistry(pushErr) {
+		// Retry with insecure registry
+		ref, err := name.ParseReference(image.Image, name.Insecure)
+		if err != nil {
+			panic(err)
+		}
+
+		pushErr = remote.CheckPushPermission(ref, authn.DefaultKeychain, http.DefaultTransport)
+	}
+
 	return pushErr == nil
 }
 
@@ -161,11 +172,6 @@ func UseLocalRegistry(client kubectl.Client, config *latest.Config, imageConfig
 		} else if imageConfig.BuildKit != nil && imageConfig.BuildKit.InCluster != nil {
 			return false
 		}
-
-		imageWithoutPort := strings.Split(imageConfig.Image, ":")[0]
-		if imageWithoutPort == "" || imageWithoutPort == "localhost" || imageWithoutPort == "127.0.0.1" || strings.HasSuffix(imageWithoutPort, ".local") || strings.HasSuffix(imageWithoutPort, ".localhost") {
-			return false
-		}
 	}
 
 	// check if fallback
@@ -181,3 +187,11 @@ func UseLocalRegistry(client kubectl.Client, config *latest.Config, imageConfig
 	isLocalKubernetes := kubectl.IsLocalKubernetes(context)
 	return !isLocalKubernetes && !(isVClusterContext && isLocalKubernetes)
 }
+
+func isInsecureRegistry(err error) bool {
+	if err == nil {
+		return false
+	}
+
+	return strings.Contains(err.Error(), "http: server gave HTTP response to HTTPS client")
+}

pkg/devspace/build/registry/util_test.go

@@ -11,11 +11,12 @@ import (
 )
 
 type useLocalRegistryTestCase struct {
-	name     string
-	client   kubectl.Client
-	config   *latest.Config
-	skipPush bool
-	expected bool
+	name        string
+	client      kubectl.Client
+	config      *latest.Config
+	imageConfig *latest.Image
+	skipPush    bool
+	expected    bool
 }
 
 func TestUseLocalRegistry(t *testing.T) {
@@ -304,10 +305,64 @@ func TestUseLocalRegistry(t *testing.T) {
 			},
 			expected: false,
 		},
+		{
+			name: "Remote Cluster BuildKit In Cluster Build Config",
+			client: &kubectltesting.Client{
+				Context: "arn:aws:eks:us-west-2:1234567890:cluster/remote-eks",
+			},
+			config: &latest.Config{
+				LocalRegistry: nil,
+			},
+			imageConfig: &latest.Image{
+				BuildKit: &latest.BuildKitConfig{
+					InCluster: &latest.BuildKitInClusterConfig{},
+				},
+			},
+			expected: false,
+		},
+		{
+			name: "Remote Cluster BuildKit Build Config",
+			client: &kubectltesting.Client{
+				Context: "arn:aws:eks:us-west-2:1234567890:cluster/remote-eks",
+			},
+			config: &latest.Config{
+				LocalRegistry: nil,
+			},
+			imageConfig: &latest.Image{
+				BuildKit: &latest.BuildKitConfig{},
+			},
+			expected: true,
+		},
+		{
+			name: "Remote Cluster Kaniko Build Config",
+			client: &kubectltesting.Client{
+				Context: "arn:aws:eks:us-west-2:1234567890:cluster/remote-eks",
+			},
+			config: &latest.Config{
+				LocalRegistry: nil,
+			},
+			imageConfig: &latest.Image{
+				Kaniko: &latest.KanikoConfig{},
+			},
+			expected: false,
+		},
+		{
+			name: "Remote Cluster Custom Build Config",
+			client: &kubectltesting.Client{
+				Context: "arn:aws:eks:us-west-2:1234567890:cluster/remote-eks",
+			},
+			config: &latest.Config{
+				LocalRegistry: nil,
+			},
+			imageConfig: &latest.Image{
+				Custom: &latest.CustomConfig{},
+			},
+			expected: false,
+		},
 	}
 
 	for _, testCase := range testCases {
-		actual := UseLocalRegistry(testCase.client, testCase.config, nil, nil, testCase.skipPush)
+		actual := UseLocalRegistry(testCase.client, testCase.config, testCase.imageConfig, nil, testCase.skipPush)
 		assert.Equal(t, actual, testCase.expected, "Unexpected result in test case %s", testCase.name)
 	}
 }