forgejo_admin/pal-e-api
1
0
Fork 0
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity Actions

fix: Kaniko insecure-registry for Harbor (#193) #216

Merged
forgejo_admin merged 1 commit from 193-kaniko-insecure-registry into main 2026-03-27 03:16:14 +00:00
Conversation 1 Commits 1 Files changed 1 +1
forgejo_admin commented 2026-03-27 03:03:59 +00:00
Owner
Copy link

Summary

Kaniko probes HTTPS on port 443 before falling back to HTTP, causing a 90-second timeout against Harbor's HTTP-only in-cluster service. Adding insecure-registry tells Kaniko to skip the HTTPS probe and use HTTP directly.

Changes

  • .woodpecker.yaml: Added insecure-registry: harbor.harbor.svc.cluster.local to the build-and-push step settings, alongside the existing insecure: true

Test Plan

  • Tests pass locally (no test changes -- CI config only)
  • Trigger a CI pipeline on this branch and verify the build-and-push step no longer hangs for 90s on the HTTPS probe
  • Merge to main and confirm the full pipeline (test, build-and-push, smoke-test) completes successfully

Review Checklist

  • Passed automated review-fix loop
  • No secrets committed
  • No unnecessary file changes
  • Commit messages are descriptive

Related Notes

## Summary Kaniko probes HTTPS on port 443 before falling back to HTTP, causing a 90-second timeout against Harbor's HTTP-only in-cluster service. Adding `insecure-registry` tells Kaniko to skip the HTTPS probe and use HTTP directly. ## Changes - `.woodpecker.yaml`: Added `insecure-registry: harbor.harbor.svc.cluster.local` to the `build-and-push` step settings, alongside the existing `insecure: true` ## Test Plan - [ ] Tests pass locally (no test changes -- CI config only) - [ ] Trigger a CI pipeline on this branch and verify the build-and-push step no longer hangs for 90s on the HTTPS probe - [ ] Merge to main and confirm the full pipeline (test, build-and-push, smoke-test) completes successfully ## Review Checklist - [ ] Passed automated review-fix loop - [ ] No secrets committed - [ ] No unnecessary file changes - [ ] Commit messages are descriptive ## Related Notes - Closes forgejo_admin/pal-e-platform#193 -- Kaniko HTTPS probe timeout against Harbor - `pal-e-docs` -- the project this work belongs to
fix: add insecure-registry to skip Kaniko HTTPS probe timeout
Some checks failed
ci/woodpecker/pr/woodpecker Pipeline failed
Details
1d84071b8b 
Kaniko probes HTTPS on port 443 before falling back to HTTP, causing 90s
timeout against Harbor's HTTP-only service. The insecure-registry setting
tells Kaniko to use HTTP directly.

Refs: forgejo_admin/pal-e-platform#193

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
forgejo_admin commented 2026-03-27 03:05:02 +00:00
Author
Owner
Copy link

QA Review

Diff Analysis

Single-line addition to .woodpecker.yaml:

insecure-registry: harbor.harbor.svc.cluster.local

Correctness:

  • The insecure-registry setting is a valid Kaniko plugin parameter that tells Kaniko to skip the HTTPS probe and connect directly via HTTP
  • The value matches the existing registry field exactly (harbor.harbor.svc.cluster.local), which is correct
  • Placement within the settings block is syntactically correct YAML

SOP Compliance:

  • No secrets committed
  • No unnecessary file changes (1 file, 1 line)
  • Commit message is descriptive with proper issue reference
  • PR body follows template with all required sections

Risk Assessment:

  • Minimal risk -- this only affects the CI build-and-push step behavior
  • insecure: true (existing) controls the Kaniko daemon push behavior; insecure-registry controls the registry probe behavior -- both are needed for HTTP-only Harbor

No issues found.

VERDICT: APPROVE

## QA Review ### Diff Analysis Single-line addition to `.woodpecker.yaml`: ```yaml insecure-registry: harbor.harbor.svc.cluster.local ``` **Correctness:** - The `insecure-registry` setting is a valid Kaniko plugin parameter that tells Kaniko to skip the HTTPS probe and connect directly via HTTP - The value matches the existing `registry` field exactly (`harbor.harbor.svc.cluster.local`), which is correct - Placement within the `settings` block is syntactically correct YAML **SOP Compliance:** - No secrets committed - No unnecessary file changes (1 file, 1 line) - Commit message is descriptive with proper issue reference - PR body follows template with all required sections **Risk Assessment:** - Minimal risk -- this only affects the CI build-and-push step behavior - `insecure: true` (existing) controls the Kaniko daemon push behavior; `insecure-registry` controls the registry probe behavior -- both are needed for HTTP-only Harbor **No issues found.** --- **VERDICT: APPROVE**
forgejo_admin deleted branch 193-kaniko-insecure-registry 2026-03-27 03:16:14 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
domain:backend

   
domain:devops

   
domain:frontend

   
status:approved

QA passed, awaiting merge approval

  
status:in-progress

Dev agent is actively working

  
status:needs-fix

QA found issues, back to dev

  
status:qa

PR submitted, awaiting QA review

  
type:bug

Bug fix

  
type:devops

Infrastructure/CI/config work

  
type:feature

New functionality

No labels
domain:backend
domain:devops
domain:frontend
status:approved
status:in-progress
status:needs-fix
status:qa
type:bug
type:devops
type:feature
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
forgejo_admin/pal-e-api!216
No description provided.