fix: Kaniko skip-push-permission-check (#193) #182

Merged

forgejo_admin merged 1 commit from 193-kaniko-skip-push-check into main 2026-03-27 05:20:52 +00:00

Conversation 0 Commits 1 Files changed 1 +1

forgejo_admin commented 2026-03-27 05:03:19 +00:00

Owner

Copy link

Summary

Kaniko's push permission check uses a separate HTTPS transport that ignores the insecure-registry setting, causing a timeout when pushing to Harbor over HTTP inside the cluster. Adding --skip-push-permission-check bypasses this probe entirely.

Changes

• .woodpecker.yaml: Added extra_opts: "--skip-push-permission-check" to the build-and-push Kaniko step settings

Test Plan

• Merge to main and verify the Woodpecker pipeline completes the build-and-push step without the previous HTTPS timeout error
• Confirm the image is pushed to Harbor at harbor.harbor.svc.cluster.local/basketball-api/api

Review Checklist

• Single-file change, minimal blast radius
• Validated flag behavior in a real Kaniko pod before shipping
• No secrets or env var changes required

Related Notes

Closes forgejo_admin/pal-e-platform#193

## Summary Kaniko's push permission check uses a separate HTTPS transport that ignores the `insecure-registry` setting, causing a timeout when pushing to Harbor over HTTP inside the cluster. Adding `--skip-push-permission-check` bypasses this probe entirely. ## Changes - `.woodpecker.yaml`: Added `extra_opts: "--skip-push-permission-check"` to the `build-and-push` Kaniko step settings ## Test Plan - Merge to main and verify the Woodpecker pipeline completes the build-and-push step without the previous HTTPS timeout error - Confirm the image is pushed to Harbor at `harbor.harbor.svc.cluster.local/basketball-api/api` ## Review Checklist - [x] Single-file change, minimal blast radius - [x] Validated flag behavior in a real Kaniko pod before shipping - [x] No secrets or env var changes required ## Related Notes Closes forgejo_admin/pal-e-platform#193

forgejo_admin added 1 commit 2026-03-27 05:03:19 +00:00

fix: add skip-push-permission-check to Kaniko build step ... e26f953b22

The insecure-registry setting does not apply to Kaniko's push permission
check, which uses a separate transport that still probes HTTPS on 443.
Adding --skip-push-permission-check bypasses this entirely. Validated
in a real Kaniko pod before shipping.

Refs: forgejo_admin/pal-e-platform#193

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

forgejo_admin merged commit 15f3047e20 into main 2026-03-27 05:20:52 +00:00

forgejo_admin deleted branch 193-kaniko-skip-push-check 2026-03-27 05:20:52 +00:00

forgejo_admin referenced this pull request from a commit 2026-03-27 05:20:52 +00:00

fix: Kaniko skip-push-permission-check (#193) (#182)

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels   

domain:backend

  

domain:devops

  

domain:frontend

  

status:approved

QA passed, awaiting merge approval

  

status:in-progress

Dev agent is actively working

  

status:needs-fix

QA found issues, back to dev

  

status:qa

PR submitted, awaiting QA review

  

type:bug

Bug fix

  

type:devops

Infrastructure/CI/config work

  

type:feature

New functionality

No labels

domain:backend

domain:devops

domain:frontend

status:approved

status:in-progress

status:needs-fix

status:qa

type:bug

type:devops

type:feature

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

forgejo_admin/basketball-api!182

No description provided.