fix: Kaniko insecure-registry for Harbor (#193) #97

Merged

forgejo_admin merged 1 commit from 193-kaniko-insecure-registry into main

2026-03-27 03:16:13 +00:00

forgejo_admin commented

2026-03-27 03:03:31 +00:00

Owner

Summary

Kaniko probes HTTPS on port 443 before falling back to HTTP, causing a 90-second timeout against Harbor's HTTP-only in-cluster service. Adding insecure-registry tells Kaniko to skip the HTTPS probe and use HTTP directly.

Changes

.woodpecker.yaml: Added insecure-registry: harbor.harbor.svc.cluster.local to the build-and-push step settings, alongside the existing insecure: true

Test Plan

Trigger a Woodpecker pipeline on this branch and verify the Kaniko build-and-push step completes without the 90s HTTPS probe timeout
Confirm the image is pushed to Harbor successfully

Review Checklist

Single-line change, minimal blast radius
insecure: true kept as-is for backward compatibility
Setting matches Kaniko plugin docs for HTTP-only registries

Closes forgejo_admin/pal-e-platform#193

## Summary Kaniko probes HTTPS on port 443 before falling back to HTTP, causing a 90-second timeout against Harbor's HTTP-only in-cluster service. Adding `insecure-registry` tells Kaniko to skip the HTTPS probe and use HTTP directly. ## Changes - `.woodpecker.yaml`: Added `insecure-registry: harbor.harbor.svc.cluster.local` to the build-and-push step settings, alongside the existing `insecure: true` ## Test Plan - Trigger a Woodpecker pipeline on this branch and verify the Kaniko build-and-push step completes without the 90s HTTPS probe timeout - Confirm the image is pushed to Harbor successfully ## Review Checklist - [x] Single-line change, minimal blast radius - [x] `insecure: true` kept as-is for backward compatibility - [x] Setting matches Kaniko plugin docs for HTTP-only registries ## Related Notes Closes forgejo_admin/pal-e-platform#193

forgejo_admin added 1 commit

2026-03-27 03:03:31 +00:00

fix: add insecure-registry to skip Kaniko HTTPS probe timeout

ci/woodpecker/pr/woodpecker Pipeline was successful

Details

60f4cfb075

Kaniko probes HTTPS on port 443 before falling back to HTTP, causing 90s
timeout against Harbor's HTTP-only service. The insecure-registry setting
tells Kaniko to use HTTP directly.

Refs: forgejo_admin/pal-e-platform#193

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

forgejo_admin commented

2026-03-27 03:04:20 +00:00

Author

Owner

QA Review -- PR #97

Diff Analysis

Single-line addition in .woodpecker.yaml:

insecure-registry: harbor.harbor.svc.cluster.local

Findings

Correctness: insecure-registry is the correct woodpeckerci/plugin-kaniko setting to bypass HTTPS probing and use HTTP directly. This addresses the 90s timeout root cause.
Consistency: The registry value (harbor.harbor.svc.cluster.local) matches the existing registry: setting on the line above. No mismatch.
Blast radius: Minimal. Single line, single file. No change to build logic, image tagging, or credentials flow.
SOP compliance: PR body has all required sections (Summary, Changes, Test Plan, Review Checklist, Related Notes). Commit message references parent issue. Branch naming follows {issue}-{slug} convention.

Nits

None.

VERDICT: APPROVED

## QA Review -- PR #97 ### Diff Analysis Single-line addition in `.woodpecker.yaml`: ```yaml insecure-registry: harbor.harbor.svc.cluster.local ``` ### Findings - **Correctness**: `insecure-registry` is the correct woodpeckerci/plugin-kaniko setting to bypass HTTPS probing and use HTTP directly. This addresses the 90s timeout root cause. - **Consistency**: The registry value (`harbor.harbor.svc.cluster.local`) matches the existing `registry:` setting on the line above. No mismatch. - **Blast radius**: Minimal. Single line, single file. No change to build logic, image tagging, or credentials flow. - **SOP compliance**: PR body has all required sections (Summary, Changes, Test Plan, Review Checklist, Related Notes). Commit message references parent issue. Branch naming follows `{issue}-{slug}` convention. ### Nits None. --- **VERDICT: APPROVED**