image: fix signature import from secure registries

Author: mfojtik

pkg/image/controller/signature/container_image_downloader.go

@@ -7,6 +7,8 @@ import (
 	"time"
 
 	"github.com/containers/image/docker"
+	"github.com/containers/image/types"
+	"github.com/golang/glog"
 
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
@@ -30,9 +32,19 @@ func (s *containerImageSignatureDownloader) DownloadImageSignatures(image *image
 	if err != nil {
 		return nil, err
 	}
-	source, err := reference.NewImageSource(nil, nil)
+	// TODO: We just need to trick ping() to pass and not error, we don't care
+	// whether the registry is secure or not at this point as GetSignatures() use
+	// different client for signature retrieval?
+	sctx := types.SystemContext{
+		DockerInsecureSkipTLSVerify: true,
+	}
+	source, err := reference.NewImageSource(&sctx, nil)
 	if err != nil {
-		return nil, err
+		// In case we fail to talk to registry to get the image metadata (private
+		// registry, internal registry, etc...), do not fail with error to avoid
+		// spamming logs.
+		glog.V(4).Infof("Failed to get %q: %v", image.DockerImageReference, err)
+		return []imageapi.ImageSignature{}, nil
 	}
 	defer source.Close()