Replace default docker registry

1

So I have a Harbor instance that I’m now using to proxy cache the docker hub due to the limitation, plus container scanning. Problem is how do I actually get Rancher to use Harbor instead?

I’ve tried setting it in the cluster settings, that seems to not really do much - all requests still going through Docker Hub. I then set it globally in global settings. That seems to cause all sorts of issues.

It successfully updates the system containers in most clusters.

In the cluster that Harbor is hosted in, it all goes sideways. Rancher attempts to update the system containers to use Harbor, but when it recycles the coredns pod, that bring down Harbor which requires dns to resolve the services. That leaves all the system contains in a failed state since they can’t pull images from Harbor, and Harbor in a bad state as it can no longer resolve the services.

What I want is for harbor to be a drop in replacement for dockerhub. So i can do things like deploy centos:latest. Seems I have to do harbor.domain.com/dockerhub/library/centos:latest instead of just centos:latest. Shouldn’t setting the registry globally force it to use Harbor?

Thanks!

2

The setting for default registry is just for the components of Rancher, not arbitrary containers run in the cluster. To make arbitrary containers run on the cluster go through it you’d have to configure Docker (for RKE1) to use it as a registry-mirror: Registry as a pull through cache | Docker Documentation

Trying to use a registry as a mirror for the cluster that contains it is not going to work. Even if you get it running once, if you ever lose all the nodes temporarily you’d be back to the cluster trying to pull from a registry that’s not running because it can’t pull the registry image from itself to start the registry.