Pulling from insecure registry with skip tls verify fails with 0.15.0

[cchanley2003]

Actual behavior
Latest release seems to have broken insecure pull. Getting the following errors (I have replaced the hostname/port of my insecure registry with nexus):

INFO[0000] Resolved base name nexus/centos-jdk:7-11 to nexus/centos-jdk:7-11
INFO[0000] Resolved base name nexus/centos-jdk:7-11 to nexus/centos-jdk:7-11
INFO[0000] Retrieving image manifest nexus/centos-jdk:7-11
ERRO[0000] Error while retrieving image from cache: nexus/centos-jdk:7-11 Get https:/nexus/v2/: http: server gave HTTP response to HTTPS client
INFO[0000] Image nexus/centos-jdk:7-11 not found in cache
INFO[0000] Retrieving image manifest nexus/centos-jdk:7-11
error building image: Get https://nexus/v2/: http: server gave HTTP response to HTTPS client

Expected behavior
Expect it to work like kaniko 0.14.0 where it successfully pulls the image to build. If I replace build image with gcr.io/kaniko-project/executor:debug-v0.14.0 works

To Reproduce
Steps to reproduce the behavior:

1. Have an insecure registry with no tls
2. FROM in dockerfile reference image in insecure registry
3. make sure --insecure and --insecure-pull and --skip-tls-verify are in command line args

• Dockerfile
  The dockerfile doesn't seem to matter, it is all about the registry in the FROM statement
• Build Context
• Kaniko Image (fully qualified with digest)
  gcr.io/kaniko-project/executor:v0.15.0 or gcr.io/kaniko-project/executor:debug-v0.15.0
• Command line args:
  "-f", "Dockerfile",
  "-c", "/build",
  "--insecure", "--insecure-pull", "--skip-tls-verify",
  "--destination=nexus/cotext/registry:tag
  Triage Notes for the Maintainers

Description	Yes/No
Please check if this a new feature you are proposing
Please check if the build works in docker but not in kaniko
Please check if this error is seen when you use --cache flag
Please check if your dockerfile is a multistage dockerfile

[cvgw]

Hi @cchanley2003 I wasn't able to repro this after a quick test using the registry:2 Docker image to run a local, insecure registry.

1. Build image and push to local registry
2. Build dockerfile in kaniko with image from step 1 as base (including "--insecure", "--insecure-pull", "--skip-tls-verify")

INFO[0000] Retrieving image manifest 127.0.0.1:5000/kaniko-dev/issues:925-kaniko-v1
INFO[0000] Image 127.0.0.1:5000/kaniko-dev/issues:925-kaniko-v1 not found in cache
INFO[0000] Retrieving image manifest 127.0.0.1:5000/kaniko-dev/issues:925-kaniko-v1
.....

Any thoughts on what steps I might be missing to repro?

[cvgw]

Hmm, trying the same build again without "--insecure", "--insecure-pull", "--skip-tls-verify" didn't raise any errors so I'm guessing this registry isn't a good example for whatever reason

[cchanley2003]

I am home for the holidays so have limited ability to test this week. We are using nexus as our docker repo if that helps any. I can potentially provide some simple steps (4-5) to get that started from scratch.

[cvgw]

Was able to repro after setting up a custom hostname for my registry

error building image: Get https://www.cvgw-local-registry.org:5000/v2/: http: server gave HTTP response to HTTPS client

[pvgbabu]

@cvgw

Could you explain how do you setup up a custom hostname for registry

[abdennour]

i was confused: there are a lot of flags:

• --insecure
• --insecure-registry ( what's this ? )
• --insecure-pull

@pvgbabu i am not sure what does @cvgw means by custom hostname.
However, i did it by using k8s service and endpoints to the real IP : . is my custom hostname.