diff --git a/cmd/helm/push.go b/cmd/helm/push.go
index 6867c2c73..611b53e90 100644
--- a/cmd/helm/push.go
+++ b/cmd/helm/push.go
@@ -78,7 +78,8 @@ func newPushCmd(cfg *action.Configuration, out io.Writer) *cobra.Command {
 			client := action.NewPushWithOpts(action.WithPushConfig(cfg),
 				action.WithTLSClientConfig(o.certFile, o.keyFile, o.caFile),
 				action.WithInsecureSkipTLSVerify(o.insecureSkipTLSverify),
-				action.WithPushOptWriter(out))
+				action.WithPushOptWriter(out),
+				action.WithPushOptHTTP(o.plainHTTP))
 			client.Settings = settings
 			output, err := client.Run(chartRef, remote)
 			if err != nil {
diff --git a/pkg/action/pull.go b/pkg/action/pull.go
index 765b07570..93165e6cc 100644
--- a/pkg/action/pull.go
+++ b/pkg/action/pull.go
@@ -109,15 +109,16 @@ func (p *Pull) Run(chartRef string) (string, error) {
 	if registry.IsOCI(chartRef) {
 		// Provide a tls enabled client for the pull command if the user has
 		// specified the cert file or key file or ca file.
-		if (p.ChartPathOptions.CertFile != "" && p.ChartPathOptions.KeyFile != "") || p.ChartPathOptions.CaFile != "" || p.ChartPathOptions.InsecureSkipTLSverify {
-			var registryClient *registry.Client
-			var err error
-			if p.PlainHTTP {
-				registryClient, err = registry.NewRegistryClientHTTP(p.out, p.Settings.RegistryConfig, p.Settings.Debug)
-			} else {
-				registryClient, err = registry.NewRegistryClientWithTLS(p.out, p.CertFile, p.KeyFile, p.CaFile,
-					p.InsecureSkipTLSverify, p.Settings.RegistryConfig, p.Settings.Debug)
+		if p.PlainHTTP {
+			registryClient, err := registry.NewRegistryClientHTTP(p.out, p.Settings.RegistryConfig, p.Settings.Debug)
+			if err != nil {
+				return out.String(), err
 			}
+			p.cfg.RegistryClient = registryClient
+		}
+		if (p.ChartPathOptions.CertFile != "" && p.ChartPathOptions.KeyFile != "") || p.ChartPathOptions.CaFile != "" || p.ChartPathOptions.InsecureSkipTLSverify {
+			registryClient, err := registry.NewRegistryClientWithTLS(p.out, p.CertFile, p.KeyFile, p.CaFile,
+				p.InsecureSkipTLSverify, p.Settings.RegistryConfig, p.Settings.Debug)
 			if err != nil {
 				return out.String(), err
 			}
diff --git a/pkg/action/push.go b/pkg/action/push.go
index 874b4e0f8..99da182e8 100644
--- a/pkg/action/push.go
+++ b/pkg/action/push.go
@@ -73,6 +73,13 @@ func WithPushOptWriter(out io.Writer) PushOpt {
 	}
 }
 
+// WithOptWriter sets the registryOut field on the push configuration object.
+func WithPushOptHTTP(plainHTTP bool) PushOpt {
+	return func(p *Push) {
+		p.plainHTTP = plainHTTP
+	}
+}
+
 // NewPushWithOpts creates a new push, with configuration options.
 func NewPushWithOpts(opts ...PushOpt) *Push {
 	p := &Push{}
@@ -92,6 +99,7 @@ func (p *Push) Run(chartRef string, remote string) (string, error) {
 		Options: []pusher.Option{
 			pusher.WithTLSClientConfig(p.certFile, p.keyFile, p.caFile),
 			pusher.WithInsecureSkipTLSVerify(p.insecureSkipTLSverify),
+			pusher.WithPlainHTTP(p.plainHTTP),
 		},
 	}
 
diff --git a/pkg/getter/getter.go b/pkg/getter/getter.go
index 653b032fe..9d83ba8a8 100644
--- a/pkg/getter/getter.go
+++ b/pkg/getter/getter.go
@@ -45,6 +45,7 @@ type options struct {
 	registryClient        *registry.Client
 	timeout               time.Duration
 	transport             *http.Transport
+	plainHTTP             bool
 }
 
 // Option allows specifying various settings configurable by the user for overriding the defaults
diff --git a/pkg/getter/ocigetter.go b/pkg/getter/ocigetter.go
index 1705fca91..c661984ba 100644
--- a/pkg/getter/ocigetter.go
+++ b/pkg/getter/ocigetter.go
@@ -122,6 +122,14 @@ func (g *OCIGetter) newRegistryClient() (*registry.Client, error) {
 		}
 	})
 
+	if g.opts.plainHTTP {
+		registryClient, err := registry.NewClient(registry.ClientOptPlainHTTP(g.opts.plainHTTP))
+		if err != nil {
+			return nil, err
+		}
+		return registryClient, nil
+	}
+
 	if (g.opts.certFile != "" && g.opts.keyFile != "") || g.opts.caFile != "" || g.opts.insecureSkipVerifyTLS {
 		tlsConf, err := tlsutil.NewClientTLS(g.opts.certFile, g.opts.keyFile, g.opts.caFile, g.opts.insecureSkipVerifyTLS)
 		if err != nil {
diff --git a/pkg/pusher/ocipusher.go b/pkg/pusher/ocipusher.go
index 614141698..48201665c 100644
--- a/pkg/pusher/ocipusher.go
+++ b/pkg/pusher/ocipusher.go
@@ -106,6 +106,13 @@ func NewOCIPusher(ops ...Option) (Pusher, error) {
 }
 
 func (pusher *OCIPusher) newRegistryClient() (*registry.Client, error) {
+	if pusher.opts.plainHTTP {
+		registryClient, err := registry.NewClient(registry.ClientOptPlainHTTP(pusher.opts.plainHTTP))
+		if err != nil {
+			return nil, err
+		}
+		return registryClient, nil
+	}
 	if (pusher.opts.certFile != "" && pusher.opts.keyFile != "") || pusher.opts.caFile != "" || pusher.opts.insecureSkipTLSverify {
 		tlsConf, err := tlsutil.NewClientTLS(pusher.opts.certFile, pusher.opts.keyFile, pusher.opts.caFile, pusher.opts.insecureSkipTLSverify)
 		if err != nil {
diff --git a/pkg/pusher/pusher.go b/pkg/pusher/pusher.go
index e325ce498..5d80c72c6 100644
--- a/pkg/pusher/pusher.go
+++ b/pkg/pusher/pusher.go
@@ -32,6 +32,7 @@ type options struct {
 	keyFile               string
 	caFile                string
 	insecureSkipTLSverify bool
+	plainHTTP             bool
 }
 
 // Option allows specifying various settings configurable by the user for overriding the defaults
@@ -61,6 +62,13 @@ func WithInsecureSkipTLSVerify(insecureSkipTLSVerify bool) Option {
 	}
 }
 
+// WithPlainHTTP determines if a connection to registry is done over HTTP
+func WithPlainHTTP(plainHTTP bool) Option {
+	return func(opts *options) {
+		opts.plainHTTP = plainHTTP
+	}
+}
+
 // Pusher is an interface to support upload to the specified URL.
 type Pusher interface {
 	// Push file content by url string