Kaniko uses HTTP for image pull (without '--insecure')

[Igor A.]

Hello All,

I have a private registry (Artifactory) which is available only via https on port 443. Connections on port 80 are silently dropped.

After Kaniko pod got started, it tries to retrieve image from http://myregistry/docker-cache/centos:7 and fails with:

Error while retrieving image from cache: <...> Get http://myregistry/v2 dial tcp timeout on 1.2.3.4:80

After manually setting port 443 (i.e. FROM myregistry:443/docker-cache/centos:7 in my Dockerfile) I can see HTTP 400 response due "plain HTTP request was sent to HTTPS port".

"--insecure" flag is not set.

Kaniko image is the current latest (sha256:66be3f60f22b571faa82e0aaeb94731217ba0c58ac4a3b062bc84c6d8d545213).

How can I fix this?

(I have raised kaniko/issues/1157 for the same)

[Igor A.]

I looked around a bit and found the same error even with the most ancient versions of Kaniko. (02bb6dee319e7061f1e6459ed67db11acea659cc, 01329d5ac16043c0f7aa45a4be3202302bf695d5)

I can not believe that error was unnoticed for years, so I need advice on what is wrong with my setup. 

May be I shall put something like  "--secure --use-https" on the commandline?