fix: Kaniko insecure-registry for Harbor (#193) #7

Merged

forgejo_admin merged 1 commit from 193-kaniko-insecure-registry into main

2026-03-27 03:16:18 +00:00

Conversation 1 Commits 1 Files changed 1 +1

forgejo_admin commented

2026-03-27 03:03:53 +00:00

Owner

Copy link

Summary

Adds insecure-registry setting to the Kaniko build step so it skips the HTTPS probe on port 443 and connects to Harbor over HTTP directly. This eliminates the 90-second timeout caused by Kaniko attempting HTTPS against Harbor's HTTP-only internal service.

Changes

.woodpecker.yaml: Added insecure-registry: harbor.harbor.svc.cluster.local to the build-and-push step settings, after the existing insecure: true line.

Test Plan

Trigger a CI pipeline on pal-e-mail and verify the build-and-push step completes without the 90s HTTPS probe timeout
Confirm the image is pushed to Harbor successfully
No regressions in test step

Review Checklist

Passed automated review-fix loop
No secrets committed
No unnecessary file changes
Commit messages are descriptive

Related Notes

Closes forgejo_admin/pal-e-platform#193
pal-e-platform — infrastructure issue for Kaniko HTTPS probe timeout

## Summary Adds `insecure-registry` setting to the Kaniko build step so it skips the HTTPS probe on port 443 and connects to Harbor over HTTP directly. This eliminates the 90-second timeout caused by Kaniko attempting HTTPS against Harbor's HTTP-only internal service. ## Changes - `.woodpecker.yaml`: Added `insecure-registry: harbor.harbor.svc.cluster.local` to the `build-and-push` step settings, after the existing `insecure: true` line. ## Test Plan - [ ] Trigger a CI pipeline on pal-e-mail and verify the build-and-push step completes without the 90s HTTPS probe timeout - [ ] Confirm the image is pushed to Harbor successfully - [ ] No regressions in test step ## Review Checklist - [ ] Passed automated review-fix loop - [ ] No secrets committed - [ ] No unnecessary file changes - [ ] Commit messages are descriptive ## Related Notes - Closes forgejo_admin/pal-e-platform#193 - `pal-e-platform` — infrastructure issue for Kaniko HTTPS probe timeout

forgejo_admin added 1 commit

2026-03-27 03:03:53 +00:00

fix: add insecure-registry to skip Kaniko HTTPS probe timeout

All checks were successful

ci/woodpecker/pr/woodpecker Pipeline was successful

Details

1f08bb14fe

Kaniko probes HTTPS on port 443 before falling back to HTTP, causing 90s
timeout against Harbor's HTTP-only service. The insecure-registry setting
tells Kaniko to use HTTP directly.

Refs: forgejo_admin/pal-e-platform#193

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

forgejo_admin commented

2026-03-27 03:04:34 +00:00

Author

Owner

Copy link

QA Review

Scope: 1 file changed, 1 line added, 0 deleted.

Diff Analysis

The change adds insecure-registry: harbor.harbor.svc.cluster.local to the Kaniko plugin settings in .woodpecker.yaml. This is the correct fix for the HTTPS probe timeout:

insecure: true tells Kaniko to allow HTTP registries but it still probes HTTPS first
insecure-registry tells Kaniko to skip the HTTPS probe entirely for the named host
The value matches the existing registry setting, which is correct

Checklist

No secrets committed
No unnecessary file changes
YAML indentation is consistent (6 spaces, matching surrounding settings)
Setting value matches the registry field exactly
Commit message is descriptive and references parent issue
PR body follows template with all required sections

Nits

None.

VERDICT: APPROVE

## QA Review **Scope:** 1 file changed, 1 line added, 0 deleted. ### Diff Analysis The change adds `insecure-registry: harbor.harbor.svc.cluster.local` to the Kaniko plugin settings in `.woodpecker.yaml`. This is the correct fix for the HTTPS probe timeout: - `insecure: true` tells Kaniko to allow HTTP registries but it still probes HTTPS first - `insecure-registry` tells Kaniko to skip the HTTPS probe entirely for the named host - The value matches the existing `registry` setting, which is correct ### Checklist - [x] No secrets committed - [x] No unnecessary file changes - [x] YAML indentation is consistent (6 spaces, matching surrounding settings) - [x] Setting value matches the `registry` field exactly - [x] Commit message is descriptive and references parent issue - [x] PR body follows template with all required sections ### Nits None. --- **VERDICT: APPROVE**

forgejo_admin merged commit 8b15f13217 into main

2026-03-27 03:16:18 +00:00

forgejo_admin deleted branch 193-kaniko-insecure-registry

2026-03-27 03:16:18 +00:00

forgejo_admin referenced this pull request from a commit

2026-03-27 03:16:18 +00:00

fix: Kaniko insecure-registry for Harbor (#193) (#7)

Commenting is not possible because the repository is archived.

Reviewers

No reviewers

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

forgejo_admin/pal-e-mail!7

Reference in a new issue

Repository

forgejo_admin/pal-e-mail

Title

Body

No description provided.

Delete branch "193-kaniko-insecure-registry"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?

Rows
Columns