Description
Related Issues
Somewhat Related - rancher/rke2#5302
Summary
I needed to add an additional private registry to my Rancher provisioned RKE2 cluster, but did not want to use that private registry as the system registry for Rancher System Container Images. The documentation linked from the Rancher UI points to instructions on how to add this to the individual nodes themselves, but not via the Rancher UI. When I added to /etc/rancher/rke2/registries.yaml like the documentation suggests, that file gets wiped on reboot. https://docs.rke2.io/install/containerd_registry_configuration/
Details
Rancher 2.8.2
Downstream Cluster - RKE2 1.27.8
The only documentation I could find explaining how to add a private registry for containerd was here - https://docs.rke2.io/install/containerd_registry_configuration/ and that does not explain how to add it via the Rancher UI. As I understand it, for this to work properly in a downstream RKE2 cluster provisioned by Rancher, you need to add this to the cluster config itself.
When going to the Registries tab, it looks like your only option is to add a container registry for Rancher System Images, which is not what I wanted to do and would not work in our environment.
Checking the box, again, makes it look like your only option is to add a registry for system images.
Clicking "Show Advanced" opens other options, but it doesn't make it clear how you can add JUST an additional registry without changing the system registry.
With the help of @brandond I was able to add an additional registry at the bottom, while leaving the top registry blank. This isn't very intuitive and it's not noted anywhere in the UI. Even the documentation linked in the UI is the standard RKE2 documentation that doesn't necessarily apply here. https://docs.rke2.io/install/containerd_registry_configuration/
There's also the issue of adding the CA Bundle. It doesn't say what format it expects, when trying to paste in PEM format it throws a pretty generic Rancher Webhook error. I thought the issue was with formatting from copy/paste. It turns out you need to base64 encode the CA Bundle and then paste it in. Ideally you could just use a configmap, which I already have loaded with that same CA bundle to work with helm.
Aside from changing the UI to be a little more intuitive and adding more helpful field descriptors, documentation describing these steps and caveats would be really helpful.