I’ve some downstream clusters which are provisioned with the Rancher 2.5.7 and a private registry. In our setup we use a Artifactory as the private registry.
Due to the password policy in our company, it’s mandatory to change the password for the registry user. After we changed the password, we’ve the issue that Kubernetes can’t pull our images.
After some research we’ve found that the environment variable RKE_KUBELET_DOCKER_CONFIG
in the kubelet container uses the old credentials. Also the file /var/lib/kubelet/config.json
contains the wrong credentials.
I’ve tried to change the config.json
in the kubelet
folder but the code in the entrypoint (/opt/rke-tools/entrypoint.sh
) script overwrites my changes.
if [ ! -z "${RKE_KUBELET_DOCKER_CONFIG}" ]
dann
echo ${RKE_KUBELET_DOCKER_CONFIG} | base64 -d | tee ${RKE_KUBELET_DOCKER_FILE}
fi
I’ve found also the secret cattle-private-registry
in the cattle-system
namespace which also contains the wrong credentials.
Unfortunately the re-creation with the new credentials was without success.
Now I’m completely confused how we can update the password of the registry user. Is there a possibility to do this with the Rancher UI?
How is the right process to update the credentials without restarting or re-provisioning the whole stuff?
Thanks,
Manuel