From e2bacf8336c63a4d11a54f3978fc15e8bf4362ce Mon Sep 17 00:00:00 2001 From: Mathias Beaulieu-Duncan Date: Mon, 25 May 2026 17:20:32 -0400 Subject: [PATCH] imager: respect --insecure for Overlay and OverlayInstaller assets The --insecure flag on talosctl imager (and the imager docker image) only applied to BaseInstaller, ImageCache, and SystemExtensions assets. Overlay.Image and Input.OverlayInstaller never received ForceInsecure, so pulling overlay images from an insecure (HTTP) registry failed with 'http: server gave HTTP response to HTTPS client' even when --insecure was passed. Set ForceInsecure on both overlay-related ContainerAsset references when the flag is present, matching how the other inputs are handled. --- cmd/installer/cmd/imager/root.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/cmd/installer/cmd/imager/root.go b/cmd/installer/cmd/imager/root.go index d65b56089..ea16a45b3 100644 --- a/cmd/installer/cmd/imager/root.go +++ b/cmd/installer/cmd/imager/root.go @@ -120,12 +120,14 @@ var rootCmd = &cobra.Command{ prof.Overlay = &profile.OverlayOptions{ Name: cmdFlags.OverlayName, Image: profile.ContainerAsset{ - ImageRef: cmdFlags.OverlayImage, + ImageRef: cmdFlags.OverlayImage, + ForceInsecure: cmdFlags.Insecure, }, ExtraOptions: extraOverlayOptions, } prof.Input.OverlayInstaller.ImageRef = cmdFlags.OverlayImage + prof.Input.OverlayInstaller.ForceInsecure = cmdFlags.Insecure } prof.Input.SystemExtensions = xslices.Map( -- 2.50.1 (Apple Git-155)