I’ve some downstream clusters which are provisioned with the Rancher 2.5.7 and a private registry. In our setup we use a Artifactory as the private registry.
Due to the password policy in our company, it’s mandatory to change the password for the registry user. After we changed the password, we’ve the issue that Kubernetes can’t pull our images.
After some research we’ve found that the environment variable RKE_KUBELET_DOCKER_CONFIG in the kubelet container uses the old credentials. Also the file /var/lib/kubelet/config.json contains the wrong credentials.
I’ve tried to change the config.json in the kubelet folder but the code in the entrypoint (/opt/rke-tools/entrypoint.sh) script overwrites my changes.
if [ ! -z "${RKE_KUBELET_DOCKER_CONFIG}" ]
dann
echo ${RKE_KUBELET_DOCKER_CONFIG} | base64 -d | tee ${RKE_KUBELET_DOCKER_FILE}
fi
I’ve found also the secret cattle-private-registry in the cattle-system namespace which also contains the wrong credentials.
Unfortunately the re-creation with the new credentials was without success.
Now I’m completely confused how we can update the password of the registry user. Is there a possibility to do this with the Rancher UI?
How is the right process to update the credentials without restarting or re-provisioning the whole stuff?
Thanks,
Manuel