RKE2/K3s Configuration

This page will walk you through how to configure Rancher Kubernetes distributions (K3s, RKE2) to utilize the secured images instead of the upstream Docker hub images.

Usage with `k3s`

To modify the system images that k3s uses upon bootstrapping, configure k3s' mirror settings as described here.

The full configuration using your authenticated registry is below:

# /etc/rancher/k3s/registries.yaml
configs:
  "YOUR_REGISTRY_DOMAIN_HERE":
    auth:
      username: <redacted>
      password: <redacted>

You will also need to utilize the system-default-registry flag when installing K3s to ensure it uses the registry. For instance:

curl -sfL https://get.k3s.io | sh - --system-default-registry YOUR_REGISTRY_DOMAIN_HERE

Usage with `rke2`

Similar to k3s, the SSF images are pulled upon bootstrapping by configuring rke2's mirroring configuration as described here.

The full configuration using the shared alpha account is below:

# /etc/rancher/rke2/registries.yaml
configs:
  "YOUR_REGISTRY_DOMAIN_HERE":
    auth:
      username: <redacted>
      password: <redacted>

You will also need to utilize the system-default-registry flag when installing RKE2 to ensure it uses the registry. For instance, if using the configuration file:

# /etc/rancher/rke2/config.yaml
node-name: controlplane1
write-kubeconfig-mode: 0640
system-default-registry: YOUR_REGISTRY_DOMAIN_HERE
...

RKE2/K3s Configuration

Usage with k3s​

Usage with rke2​

Usage with `k3s`

Usage with `rke2`