Rancher Desktop - configure custom docker registry

Hi all,

I am running Rancher Desktop 1.5.1 on MacBook M1.

I’m able to pull an image from my private repository using nerdctl:

nerdctl -n k8s.io pull artifactory.mycompany.com/images/hello-app:v0.0.1

Then, I can create a pod (the pod is up and running, but it uses the already pulled image):
kubectl run hello-app --image=artifactory.mycompany.com/images/hello-app:v0.0.1

But this is not the desired behavior. I want to be able to create the kubernetes resources using the private registry, without downloading the image first. So, I deleted the previously downloaded image, then I tried to recreate the pod:

nerdctl -n k8s.io rmi artifactory.mycompany.com/images/hello-app:v0.0.1
kubectl run hello-app --image=artifactory.mycompany.com/images/hello-app:v0.0.1

Now, the pod’s status is ErrImagePull:

Failed to pull image "artifactory.mycompany.com/images/hello-app:v0.0.1": rpc error: code = Unknown desc = failed to pull and unpack image "artifactory.mycompany.com/images/hello-app:v0.0.1": failed to resolve reference "artifactory.mycompany.com/images/hello-app:v0.0.1": pulling from host artifactory.mycompany.com failed with status code [manifests v0.0.1]: 403 Forbidden

I observed the forbidden message, but I ran nerdctl login artifactory.mycompany.com
Again, if I download the image using nerdctl, the pod is up and running.

I have to mention that I tried to add the private registry using ~/Library/Application Support/rancher-desktop/lima/_config/override.yaml file, as is mentioned here, but no success: it seems that the registry is not recognized by containerd - nothing is added in the /etc/containerd/config.toml file, even if the registries.yaml file is in the /etc/rancher/k3s directory.

The content of the ~/Library/Application Support/rancher-desktop/lima/_config/override.yaml is inspired from here.

My override.yaml file:

provision:
  - mode: system
    script: |
      #!/bin/sh
      set -eux
      mkdir -p /etc/rancher/k3s/
      cat <<'EOF' > /etc/rancher/k3s/registries.yaml
      mirrors:
        docker.io:
          endpoint:
            - "https://artifactory.mycompany"
      configs:
        "artifactory.mycompany.com":
          auth:
            username: .......
            password: .......
      EOF

If I run rdctl shell -- cat /etc/rancher/k3s/registries.yaml, I see the desired file provisioned by the override.yaml.

The only solution I found is to create a Kubernetes secret with the credentials for the private docker registry, then patch the serviceaccount used by the pod. In this situation, I have to put the full path of the image in the pod definition.

So, how can I add my custom registry in Rancher Desktop, so that my registry replaces docker .io?