Fix registry verification failed

pkg/models/registries/v2/secret_authenticator.go

@@ -2,6 +2,7 @@ package v2
 
 import (
 	"context"
+	"crypto/tls"
 	"encoding/json"
 	"fmt"
 	"net/http"
@@ -93,9 +94,16 @@ func (s *secretAuthenticator) AuthRegistry(reg string) (bool, error) {
 	}
 
 	options := make([]name.Option, 0)
-	if url.Scheme == "http" || s.insecure {
+	if url.Scheme == "http" {
+		// allows image references to be fetched without TLS
+		// transport.NewWithContext will auto-select the right scheme
 		options = append(options, name.Insecure)
 	}
+	tr := http.DefaultTransport.(*http.Transport).Clone()
+	// skip tls verify
+	if s.insecure {
+		tr.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
+	}
 
 	registry, err := name.NewRegistry(url.Host, options...)
 	if err != nil {
@@ -103,7 +111,7 @@ func (s *secretAuthenticator) AuthRegistry(reg string) (bool, error) {
 	}
 
 	ctx := context.TODO()
-	_, err = transport.NewWithContext(ctx, registry, s, http.DefaultTransport, []string{})
+	_, err = transport.NewWithContext(ctx, registry, s, tr, []string{})
 	if err != nil {
 		return false, err
 	}
@@ -113,11 +121,24 @@ func (s *secretAuthenticator) AuthRegistry(reg string) (bool, error) {
 
 func (s *secretAuthenticator) Options() []Option {
 	options := make([]Option, 0)
-
 	options = append(options, WithAuth(s))
-	if s.insecure {
+	if s.registryScheme() == "http" {
 		options = append(options, Insecure)
 	}
-
+	if s.insecure {
+		tr := http.DefaultTransport.(*http.Transport).Clone()
+		tr.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
+		options = append(options, WithTransport(tr))
+	}
 	return options
 }
+
+func (s *secretAuthenticator) registryScheme() string {
+	for registry := range s.auths {
+		u, err := url.Parse(registry)
+		if err == nil {
+			return u.Scheme
+		}
+	}
+	return "https"
+}