diff --git a/docs/config-example.md b/docs/config-example.md
index d383a0f2..c472c97e 100644
--- a/docs/config-example.md
+++ b/docs/config-example.md
@@ -73,10 +73,9 @@ spec:
       "dockerhub.kubekey.local":
         username: "xxx"
         password: "***"
-        skipTLSVerify: false # Allow contacting registries over HTTP, or HTTPS with failed TLS verification.
+        skipTLSVerify: false # Allow contacting registries over HTTPS with failed TLS verification.
+        plainHTTP: false # Allow contacting registries over HTTP.
         certsPath: "/etc/docker/certs.d/dockerhub.kubekey.local" # Use certificates at path (*.crt, *.cert, *.key) to connect to the registry.
-
-
   addons: [] # You can install cloud-native addons (Chart or YAML) by using this field.
 
 ---
diff --git a/docs/manifest-example.md b/docs/manifest-example.md
index d989b1cf..f5634d86 100644
--- a/docs/manifest-example.md
+++ b/docs/manifest-example.md
@@ -145,6 +145,7 @@ spec:
       "dockerhub.kubekey.local":
         username: "xxx"
         password: "***"
-        skipTLSVerify: false # Allow contacting registries over HTTP, or HTTPS with failed TLS verification.
+        skipTLSVerify: false # Allow contacting registries over HTTPS with failed TLS verification.
+        plainHTTP: false # Allow contacting registries over HTTP.
         certsPath: "/etc/docker/certs.d/dockerhub.kubekey.local" # Use certificates at path (*.crt, *.cert, *.key) to connect to the registry.
 ```
\ No newline at end of file
diff --git a/pkg/config/templates/cluster.go b/pkg/config/templates/cluster.go
index 42ecd914..d71245db 100644
--- a/pkg/config/templates/cluster.go
+++ b/pkg/config/templates/cluster.go
@@ -53,6 +53,8 @@ spec:
   kubernetes:
     version: {{ .Options.KubeVersion }}
     clusterName: cluster.local
+  etcd:
+    type: kubekey
   network:
     plugin: calico
     kubePodsCIDR: 10.233.64.0/18
@@ -61,7 +63,6 @@ spec:
     multusCNI:
       enabled: false
   registry:
-    plainHTTP: false
     privateRegistry: ""
     namespaceOverride: ""
     registryMirrors: []
diff --git a/pkg/images/tasks.go b/pkg/images/tasks.go
index 8c2bc52b..c5a0fdf8 100644
--- a/pkg/images/tasks.go
+++ b/pkg/images/tasks.go
@@ -325,7 +325,7 @@ func (p *PushManifest) Execute(_ connector.Runtime) error {
 		logger.Log.Infof("Push multi-arch manifest list: %s", imageName)
 		// todo: the function can't support specify a certs dir
 		digest, length, err := manifestregistry.PushManifestList(auth.Username, auth.Password, manifestSpec,
-			false, true, auth.SkipTLSVerify, "")
+			false, true, auth.PlainHTTP, "")
 		if err != nil {
 			return errors.Wrap(errors.WithStack(err), fmt.Sprintf("push image %s multi-arch manifest failed", imageName))
 		}
diff --git a/pkg/registry/docker_registry_config.go b/pkg/registry/docker_registry_config.go
index 7c59e3e4..050c60ad 100644
--- a/pkg/registry/docker_registry_config.go
+++ b/pkg/registry/docker_registry_config.go
@@ -47,6 +47,7 @@ type DockerRegistryEntry struct {
 	Username      string `json:"username,omitempty"`
 	Password      string `json:"password,omitempty"`
 	SkipTLSVerify bool   `json:"skipTLSVerify,omitempty"`
+	PlainHTTP     bool   `json:"plainHTTP,omitempty"`
 	CertsPath     string `json:"certsPath,omitempty"`
 	// CAFile is an SSL Certificate Authority file used to secure etcd communication.
 	CAFile string `yaml:"caFile" json:"caFile,omitempty"`
@@ -79,6 +80,9 @@ func DockerRegistryAuthEntries(auths runtime.RawExtension) (entries map[string]*
 			v.CertFile = cert
 			v.KeyFile = key
 		}
+		if v.PlainHTTP {
+			v.SkipTLSVerify = true
+		}
 	}
 
 	return