diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml
index 0567e412..4280af62 100644
--- a/.github/workflows/tests.yaml
+++ b/.github/workflows/tests.yaml
@@ -1,6 +1,7 @@
 name: tests
 
 on:
+  workflow_dispatch:
   pull_request:
     paths-ignore:
       - 'CHANGELOG.md'
diff --git a/internal/controller/suite_test.go b/internal/controller/suite_test.go
index ab22a187..89a51bea 100644
--- a/internal/controller/suite_test.go
+++ b/internal/controller/suite_test.go
@@ -171,7 +171,7 @@ func setupRegistryServer(ctx context.Context, workspaceDir string, opts registry
 		}
 		server.dnsServer.PatchNet(net.DefaultResolver)
 	} else {
-		server.registryHost = fmt.Sprintf("localhost:%d", port)
+		server.registryHost = fmt.Sprintf("127.0.0.1:%d", port)
 	}
 
 	config.HTTP.Addr = fmt.Sprintf(":%d", port)
diff --git a/internal/helm/getter/client_opts.go b/internal/helm/getter/client_opts.go
index 91b2f5c9..58477ca7 100644
--- a/internal/helm/getter/client_opts.go
+++ b/internal/helm/getter/client_opts.go
@@ -162,7 +162,7 @@ func GetClientOpts(ctx context.Context, c client.Client, obj *helmv1.HelmReposit
 			return nil, "", err
 		}
 		if loginOpt != nil {
-			hrOpts.RegLoginOpts = []helmreg.LoginOption{loginOpt}
+			hrOpts.RegLoginOpts = []helmreg.LoginOption{loginOpt, helmreg.LoginOptInsecure(obj.Spec.Insecure)}
 			tlsLoginOpt := registry.TLSLoginOption(certFile, keyFile, caFile)
 			if tlsLoginOpt != nil {
 				hrOpts.RegLoginOpts = append(hrOpts.RegLoginOpts, tlsLoginOpt)
diff --git a/internal/helm/getter/client_opts_test.go b/internal/helm/getter/client_opts_test.go
index c05640d7..f8acd79f 100644
--- a/internal/helm/getter/client_opts_test.go
+++ b/internal/helm/getter/client_opts_test.go
@@ -206,7 +206,7 @@ func TestGetClientOpts_registryTLSLoginOption(t *testing.T) {
 					"password": []byte("pass"),
 				},
 			},
-			loginOptsN: 2,
+			loginOptsN: 3,
 		},
 		{
 			name: "without caFile",
@@ -225,7 +225,7 @@ func TestGetClientOpts_registryTLSLoginOption(t *testing.T) {
 					"password": []byte("pass"),
 				},
 			},
-			loginOptsN: 1,
+			loginOptsN: 2,
 		},
 		{
 			name:       "without cert secret",
@@ -239,7 +239,7 @@ func TestGetClientOpts_registryTLSLoginOption(t *testing.T) {
 					"password": []byte("pass"),
 				},
 			},
-			loginOptsN: 1,
+			loginOptsN: 2,
 		},
 	}
 	for _, tt := range tests {
@@ -280,7 +280,7 @@ func TestGetClientOpts_registryTLSLoginOption(t *testing.T) {
 			}
 			if tt.loginOptsN != len(clientOpts.RegLoginOpts) {
 				// we should have a login option but no TLS option
-				t.Error("registryTLSLoginOption() != nil")
+				t.Errorf("expected length of %d for clientOpts.RegLoginOpts but got %d", tt.loginOptsN, len(clientOpts.RegLoginOpts))
 				return
 			}
 		})