diff --git a/pkg/cache/cache.go b/pkg/cache/cache.go
index 102411c5d..0953a28f6 100644
--- a/pkg/cache/cache.go
+++ b/pkg/cache/cache.go
@@ -59,7 +59,7 @@ func (rc *RegistryCache) RetrieveLayer(ck string) (v1.Image, error) {
 	}
 
 	registryName := cacheRef.Repository.Registry.Name()
-	if rc.Opts.InsecureRegistries.Contains(registryName) {
+	if rc.Opts.Insecure || rc.Opts.InsecureRegistries.Contains(registryName) {
 		newReg, err := name.NewRegistry(registryName, name.WeakValidation, name.Insecure)
 		if err != nil {
 			return nil, err
diff --git a/pkg/executor/push.go b/pkg/executor/push.go
index e21fdc5fe..4ee4b0d2b 100644
--- a/pkg/executor/push.go
+++ b/pkg/executor/push.go
@@ -77,6 +77,13 @@ func CheckPushPermissions(opts *config.KanikoOptions) error {
 		}
 
 		registryName := destRef.Repository.Registry.Name()
+		if opts.Insecure || opts.InsecureRegistries.Contains(registryName) {
+			newReg, err := name.NewRegistry(registryName, name.WeakValidation, name.Insecure)
+			if err != nil {
+				return errors.Wrap(err, "getting new insecure registry")
+			}
+			destRef.Repository.Registry = newReg
+		}
 		tr := makeTransport(opts, registryName)
 		if err := remote.CheckPushPermission(destRef, creds.GetKeychain(), tr); err != nil {
 			return errors.Wrapf(err, "checking push permission for %q", destRef)