Rancher + Insecure Private Registry

So I am evaluating using Rancher over just Docker Swarm mode (1.12) and running into a couple of oddities. I have 6 hosts, three workers and three manager/workers in my swarm and I’ve also got a private registry running using VMware’s Harbor offering. This works like a dream when doing “docker service create” and such because I have the --insecure-registry flag set on all my hosts and the repositories are set to public so no auth needed to pull the images.

When I moved all this into Rancher I added my registry into the GUI with no apparent issues but when I try to start a container it continually tries to use HTTPS to access my registry instead of the HTTP that I need it to. Is there a way to change this?

I’ve also noticed when trying to create a service it also complains that the docker host isn’t available using HTTPS to the remote API, I’m betting it’s tied into the same setting of only using HTTPS, so overall the question is how do I change this?

Now before anyone starts down the rabbit whole of “you should be using HTTPS anyway, why do you want to change it?” I tend to agree except in the environment I’m in for some inexplicable reason the “higher ups” decided to not have Enterprise CA’s inside the firewall and do not want self-service certs to exist (good luck with that I say) so I need to figure out how to get this all working without HTTPS then I can fight the good fight later.

Are you using different hosts? It’s not clear to me if the Docker 1.12 env you are alluding to and the Rancher environment are two completely different setups.

If it’s the latter, have you set the --insecure-registry entry for the hosts managed by Rancher? See: http://docs.rancher.com/rancher/v1.2/en/environments/registries/

They would be the same environment but for some unexplicable reason switching over to using Cattle orchestration seems to work without issue…

So the same hosts works with Rancher/Cattle and “Native Swarm” but would fail when configured as Rancher/Swarm? Interesting. I assume you checked that the hosts in the Rancher/Swarm scenario have the --insecure-registry flag in /etc/default/docker ?

Also, are you manually creating the Rancher/Cattle and Rancher/Swarm clusters? I remember that in previous Rancher releases you could re-purporse a Rancher cluster from one container framework to another but now that option doesn’t seem to exist anymore?

I have added my private registry server in Rancher. When I try to pull image from that registry it goes into error state. Why? I don’t want to add insecure registry in the host.

Failed to allocate instance [container:1i3039]: Bad instance [container:1i3039] in state [error]: Error response from daemon: Get https://registry_ip:port/v1/_ping: http: server gave HTTP response to HTTPS client

Rancher trying to pull image from https not from http. Why?

What is the need of registry in Rancher if I add insecure registry in Host itself?