Added validation for --insecure-registry values

Fixes 8790
kubernetes · Dec 16, 2020 · 3806dbf · 3806dbf
1 parent cd9a7e7
commit 3806dbf
Showing 1 changed file with 33 additions and 0 deletions.
diff --git a/cmd/minikube/cmd/start.go b/cmd/minikube/cmd/start.go
@@ -25,6 +25,7 @@ import (
 	"os"
 	"os/exec"
 	"os/user"
+	"regexp"
 	"runtime"
 	"strings"
 
@@ -897,6 +898,7 @@ func validateRequestedMemorySize(req int, drvName string) {
 func validateCPUCount(drvName string) {
 	var cpuCount int
 	if driver.BareMetal(drvName) {
+
 		// Uses the gopsutil cpu package to count the number of physical cpu cores
 		ci, err := cpu.Counts(false)
 		if err != nil {
@@ -1041,6 +1043,8 @@ func validateFlags(cmd *cobra.Command, drvName string) {
 	}
 
 	validateRegistryMirror()
+	ValidateInsecureRegistry()
+
 }
 
 // This function validates if the --registry-mirror
@@ -1060,6 +1064,35 @@ func validateRegistryMirror() {
 	}
 }
 
+// This function validates that the --insecure-registry follows one of the following formats:
+// "<ip>:<port>" "<hostname>:<port>" "<network>/<netmask>"
+func ValidateInsecureRegistry() {
+	if len(insecureRegistry) > 0 {
+		validHostPortRegex := "^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])(\\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9]))*$"
+		for _, addr := range insecureRegistry {
+			hostnameOrIP, port, err := net.SplitHostPort(addr)
+			if err != nil {
+				_, _, err := net.ParseCIDR(addr)
+				if err == nil {
+					continue
+				}
+			}
+			if port == "" {
+				exit.Message(reason.Usage, "Sorry, the address provided with the --insecure-registry flag is invalid: {{.addr}}", out.V{"addr": addr})
+			}
+			// checks both IPv4 and IPv6
+			ipAddr := net.ParseIP(hostnameOrIP)
+			if ipAddr != nil {
+				continue
+			}
+			isValidHost, err := regexp.MatchString(validHostPortRegex, hostnameOrIP)
+			if err != nil || !isValidHost {
+				exit.Message(reason.Usage, "Sorry, the address provided with the --insecure-registry flag is invalid: {{.addr}}", out.V{"addr": addr})
+			}
+		}
+	}
+}
+
 func createNode(cc config.ClusterConfig, kubeNodeName string, existing *config.ClusterConfig) (config.ClusterConfig, config.Node, error) {
 	// Create the initial node, which will necessarily be a control plane
 	if existing != nil {