Support of insecure registry

README.md

@@ -36,6 +36,8 @@ Alternatively you can specify a filter for the services you want updated using t
 
 You can enable private registry authentication by setting the `WITH_REGISTRY_AUTH` variable.
 
+You can enable connection to insecure private registry by setting the `WITH_INSECURE_REGISTRY` variable.
+
 You can enable notifications on service update with apprise, using the [apprise microservice](https://github.com/djmaze/apprise-microservice) and the `APPRISE_SIDECAR_URL` variable. See the file [docker-compose.apprise.yml](docker-compose.apprise.yml) for an example.
 
 Example:
@@ -45,6 +47,7 @@ Example:
                         --env SLEEP_TIME="5m" \
                         --env BLACKLIST_SERVICES="shepherd my-other-service" \
                         --env WITH_REGISTRY_AUTH="true" \
+                        --env WITH_INSECURE_REGISTRY="true" \
                         --env FILTER_SERVICES="label=com.mydomain.autodeploy" \
                         --env APPRISE_SIDECAR_URL="apprise-microservice:5000" \
                         --mount type=bind,source=/var/run/docker.sock,target=/var/run/docker.sock,ro \

shepherd

@@ -9,21 +9,24 @@ update_services() {
   local blacklist="$1"
   local supports_detach_option=$2
   local supports_registry_auth=$3
+  local supports_insecure_registry=$4
   local detach_option=""
   local registry_auth=""
+  local insecure_registry_flag=""
   local name
   local apprise_sidecar_url="${APPRISE_SIDECAR_URL:-}"
 
   [ $supports_detach_option = true ] && detach_option="--detach=false"
   [ $supports_registry_auth = true ] && registry_auth="--with-registry-auth"
+  [ "$supports_insecure_registry" = true ] && insecure_registry_flag="--insecure"
 
   for name in $(IFS=$'\n' docker service ls --quiet --filter "${FILTER_SERVICES}" --format '{{.Name}}'); do
     local image_with_digest image
     if [[ " $blacklist " != *" $name "* ]]; then
       image_with_digest="$(docker service inspect "$name" -f '{{.Spec.TaskTemplate.ContainerSpec.Image}}')"
       image=$(echo "$image_with_digest" | cut -d@ -f1)
 
-      if ! DOCKER_CLI_EXPERIMENTAL=enabled docker manifest inspect $image > /dev/null; then
+      if ! DOCKER_CLI_EXPERIMENTAL=enabled docker manifest inspect $insecure_registry_flag $image > /dev/null; then
         echo "Error updating service $name! Image $image does not exist or it is not available"
       else
         echo "Trying to update service $name with image $image"
@@ -63,10 +66,16 @@ main() {
     echo "Send registry authentication details to swarm agents"
   fi
 
+  supports_insecure_registry=false
+  if [[ ${WITH_INSECURE_REGISTRY+x} ]]; then
+    supports_insecure_registry=true
+    echo "Connection to insecure registry available"
+  fi
+
   [[ "$blacklist" != "" ]] && echo "Excluding services: $blacklist"
 
   while true; do
-    update_services "$blacklist" "$supports_detach_option" "$supports_registry_auth"
+    update_services "$blacklist" "$supports_detach_option" "$supports_registry_auth" "$supports_insecure_registry"
     echo "Sleeping $sleep_time before next update"
     sleep "$sleep_time"
   done