I am running Rancher Desktop 1.5.1 on MacBook M1.
I’m able to pull an image from my private repository using nerdctl:
nerdctl -n k8s.io pull artifactory.mycompany.com/images/hello-app:v0.0.1
Then, I can create a pod (the pod is up and running, but it uses the already pulled image):
kubectl run hello-app --image=artifactory.mycompany.com/images/hello-app:v0.0.1
But this is not the desired behavior. I want to be able to create the kubernetes resources using the private registry, without downloading the image first. So, I deleted the previously downloaded image, then I tried to recreate the pod:
nerdctl -n k8s.io rmi artifactory.mycompany.com/images/hello-app:v0.0.1 kubectl run hello-app --image=artifactory.mycompany.com/images/hello-app:v0.0.1
Now, the pod’s status is ErrImagePull:
Failed to pull image "artifactory.mycompany.com/images/hello-app:v0.0.1": rpc error: code = Unknown desc = failed to pull and unpack image "artifactory.mycompany.com/images/hello-app:v0.0.1": failed to resolve reference "artifactory.mycompany.com/images/hello-app:v0.0.1": pulling from host artifactory.mycompany.com failed with status code [manifests v0.0.1]: 403 Forbidden
I observed the forbidden message, but I ran
nerdctl login artifactory.mycompany.com
Again, if I download the image using nerdctl, the pod is up and running.
I have to mention that I tried to add the private registry using ~/Library/Application Support/rancher-desktop/lima/_config/override.yaml file, as is mentioned here, but no success: it seems that the registry is not recognized by containerd - nothing is added in the /etc/containerd/config.toml file, even if the registries.yaml file is in the /etc/rancher/k3s directory.
The content of the ~/Library/Application Support/rancher-desktop/lima/_config/override.yaml is inspired from here.
My override.yaml file:
provision: - mode: system script: | #!/bin/sh set -eux mkdir -p /etc/rancher/k3s/ cat <<'EOF' > /etc/rancher/k3s/registries.yaml mirrors: docker.io: endpoint: - "https://artifactory.mycompany" configs: "artifactory.mycompany.com": auth: username: ....... password: ....... EOF
If I run
rdctl shell -- cat /etc/rancher/k3s/registries.yaml, I see the desired file provisioned by the override.yaml.
The only solution I found is to create a Kubernetes secret with the credentials for the private docker registry, then patch the serviceaccount used by the pod. In this situation, I have to put the full path of the image in the pod definition.
So, how can I add my custom registry in Rancher Desktop, so that my registry replaces docker .io?