public/rancher-docs
1
0
Fork 0
mirror of https://github.com/rancher/rancher-docs.git synced 2026-05-31 00:55:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

Copy edit K3s private registry doc

Browse Source
This commit is contained in:
Catherine Luse
2020-01-20 15:14:03 -07:00
committed by GitHub
parent 889a3f5101
commit dfd70db30c
1 changed files with 25 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files
content/k3s/latest/en/installation/private-registry/_index.md
+25 -22
View File
@@ -2,25 +2,26 @@
title: "Private Registry Configuration"
weight: 55
---
Containerd can be configured to connect to private registries and use them to pull private images on the node, private registry configuration feature was added in k3s v1.0.0.
_Available as of v1.0.0_
Containerd can be configured to connect to private registries and use them to pull private images on the node.
Upon startup, K3s will check to see if a `registries.yaml` file exists at `/etc/rancher/k3s/` and instruct containerd to use any registries defined in the file. If you wish to use a private registry, then you will need to create this file as root on each node that will be using the registry.
Note that server nodes are scheduleable by default. If you have not tainted the server nodes and will be running workloads on them please ensure you also create the registires.yaml file on each server as well.
Configuration in Containerd can be used to connect to private registry with TLS connection and with registries that enable authentication as well, the following section will explain the registries.yaml file and give different examples of using private registry configuration in k3s.
### Registries Configuration file
Note that server nodes are schedulable by default. If you have not tainted the server nodes and will be running workloads on them, please ensure you also create the registires.yaml file on each server as well.
Configuration in Containerd can be used to connect to a private registry with a TLS connection and with registries that enable authentication as well. The following section will explain the `registries.yaml` file and give different examples of using private registry configuration in K3s.
# Registries Configuration File
The file consists of two main sections:
- mirrors
- configs
#### Mirrors
### Mirrors
Mirrors is a directive that define the names and endpoints of the private registries, for example:
Mirrors is a directive that defines the names and endpoints of the private registries, for example:
```
mirrors:
@@ -29,17 +30,19 @@ mirrors:
- "https://mycustomreg.com:5000"
```
Each mirror must have a name and set of endpoints, when pulling an image from a registry, containerd will try these endpoint URLs one by one, and use the first working one.
Each mirror must have a name and set of endpoints. When pulling an image from a registry, Containerd will try these endpoint URLs one by one, and use the first working one.
### Configs
Configs section define the TLS and credential configuration for each mirror, for each mirror you can define `auth` and/or `tls`, the tls part consists of:
The configs section defines the TLS and credential configuration for each mirror. For each mirror you can define `auth` and/or `tls`. The TLS part consists of:
- cert_file: which defines the client certificate path that will be used to authenticate with the registry.
- key_file: which defines the client key path that will be used to authenticate with the registry.
- ca_file: which defines the ca certificate path to be used to verify the registry's server cert file.
Directive | Description
----------|------------
`cert_file` | The client certificate path that will be used to authenticate with the registry
`key_file` | The client key path that will be used to authenticate with the registry
`ca_file` | Defines the CA certificate path to be used to verify the registry's server cert file
The `cred` part consists of either username/password or authentication token:
The credentials consist of either username/password or authentication token:
- username: user name of the private registry basic auth
- password: user password of the private registry basic auth
@@ -49,7 +52,7 @@ Below are basic examples of using private registries in different modes:
### With TLS
Below are examples showing how you may configure `/etc/rancher/k3s/registires.yaml` on each node when using TLS.
Below are examples showing how you may configure `/etc/rancher/k3s/registries.yaml` on each node when using TLS.
{{% tabs %}}
{{% tab "With Authentication" %}}
@@ -125,10 +128,10 @@ mirrors:
endpoint:
- "http://mycustomreg.com:5000"
```
{{% /tab %}}
{{% /tabs %}}
Note that in case of no TLS communication, you need to specify `http://` for the endpoints, otherwise it will default to https.
> In case of no TLS communication, you need to specify `http://` for the endpoints, otherwise it will default to https.
In order for containerd to take an effect you need to restart K3s on each node in order to leverage the private registry.
In order for Containerd to take an effect, you need to restart K3s on each node in order to leverage the private registry.