From 0ffb3755b4eac05330c5f63ea543ffabf3a6a379 Mon Sep 17 00:00:00 2001
From: izeau <izeau@users.noreply.github.com>
Date: Wed, 16 Aug 2023 23:32:43 +0200
Subject: [PATCH] Fix registry insecure flag

Fixes #3333
---
 internal/pkg/epinject/ociregistry/server.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/internal/pkg/epinject/ociregistry/server.go b/internal/pkg/epinject/ociregistry/server.go
index 7ef2ea59af2..831327360bf 100644
--- a/internal/pkg/epinject/ociregistry/server.go
+++ b/internal/pkg/epinject/ociregistry/server.go
@@ -175,7 +175,12 @@ func (s *Server) getClient(ctx context.Context, repoStr string) (*http.Client, e
 	// auth as well as the bearer token protocol used when the server returns WWW-Authenticate.
 	// Plus it's well tested.
 
-	repo, err := name.NewRepository(repoStr)
+	opts := []name.Option{}
+	if strings.HasPrefix(s.Upstream, "http://") {
+		opts = append(opts, name.Insecure)
+	}
+
+	repo, err := name.NewRepository(repoStr, opts...)
 	if err != nil {
 		return nil, err
 	}