Mirrors is a directive that defines the names and endpoints of the private registries. The following section will explain the registries.yaml file and give different examples of using private registry configuration in RKE2. Consult the airgap installation documentation if you plan on using this containerd registry feature to bootstrap nodes.Ĭonfiguration in containerd can be used to connect to a private registry with a TLS connection and with registries that enable authentication as well. Note: Prior to RKE2 v1.20, containerd registry configuration is not honored for the initial RKE2 node bootstrapping, only for Kubernetes workloads that are launched after the node is joined to the cluster. If you have not tainted the server nodes and will be running workloads on them, please ensure you also create the registries.yaml file on each server as well. Note that server nodes are schedulable by default. If you wish to use a private registry, then you will need to create this file as root on each node that will be using the registry. Upon startup, RKE2 will check to see if a registries.yaml file exists at /etc/rancher/rke2/ and instruct containerd to use any registries defined in the file. # since nginx is auth-ing before proxying.Anatomy of a Next Generation Kubernetes DistributionĬontainerd can be configured to connect to private registries and use them to pull private images on each node. # In the case of nginx performing auth, the header is unset # 'Docker-Distribution-Api-Version' header. # Set a variable to help us decide if we need to add the