Rancher Manager Configuration
This page will walk you through how to configure Rancher Manager images instead of the upstream Docker hub images, both for its own components and downstream Rancher Kubernetes clusters (RKE2/K3s).
NOTE: Due to current limitations of cloud providers, this project will not work for managing Cloud Provider clusters (AKS, EKS, GKE). If you're currently using Rancher to manage those workloads, do not use this project. We intend to improve this experience in the future.
Compatibility Matrix
Infra | Provisioner | Registry Auth Strategy | Test Status |
---|---|---|---|
Any | Rancher (Cloud provisioner) | Global Registry (Rancher) | Validated |
Any | Rancher (Custom provisioner) | Authenticated Registry (Manual registries.yaml) | Validated |
Any | Self Installation | Global Registry (Rancher) | Validated |
Any | Imported Cluster | Unknown | |
AWS-EKS | Rancher | ECR (public or private) |
Configuring Cert Manager
As Rancher has a dependency on Cert Manager, you'll need to update your Helm install of Cert Manager to use Carbide Secured Registry (CSR) images that are validated and signed by Rancher Government.
If you're following Rancher's Connected installation instructions, you'll need to follow the next steps to use the Carbide Secured Registry (CSR) images for cert-manager.
If using the Airgapped installation instructions, make sure you've pulled the images to your local/airgapped registry.
Cert Manager Helm Install
Follow Rancher's Connected installation instructions, but using the following steps instead of the helm install
command from the docs.
After adding the Cert Manager repo and installing the CRDs, use the following to create a temporary values.yaml
for your chart, subsituting your registry domain:
cat <<EOT > /tmp/cert-manager-values.yaml
image:
registry: <registry-url>
repository: jetstack/cert-manager-controller
webhook:
image:
registry: <registry-url>
repository: jetstack/cert-manager-webhook
cainjector:
image:
registry: <registry-url>
repository: jetstack/cert-manager-cainjector
startupapicheck:
image:
registry: <registry-url>
repository: jetstack/cert-manager-startupapicheck
acmesolver:
image:
registry: <registry-url>
repository: jetstack/cert-manager-acmesolver
EOT
Then use the following helm install
command to use the images:
helm install cert-manager jetstack/cert-manager \
--namespace cert-manager \
--create-namespace \
--version v1.7.1 \
-f /tmp/values.yaml
Registry Auth Scenarios
Global Registry
Setting a Private Registry with No Credentials as the Default Registry
- Log into Rancher and configure the default administrator password.
- Click