If you want to use private Image-Registries or mirrors to cache your images, you need to specify them in the
registries.yaml file on all K3S Nodes.
If you want to access your registry over http and instead of https, you have to specify the url as an insecure registry. That way You can pull and push images with an error.
You have to create a
registries.yaml file on all you K3S nodes. In there you have to specify the registry as a mirror and set the endpoint to http. In the Endpoint you can specify a different port if you need to.
If your registry requires authentication you can provide your username and password in the configs section.
vim /etc/rancher/k3s/registries.yaml mirrors: my-registry.local: endpoint: - "http://my-registry.local:5000" configs: "my-registry.local": auth: username: <username> password: <password>
If you want to cache your images or pull from an air-gapped registry, you can set your mirror in the same configuration file. That way all images that originate from
docker.io will now be pulled from
Again this configuration-file needs to be created on all K3S Nodes.
vim /etc/rancher/k3s/registries.yaml mirrors: docker.io: endpoint: "http://my-registry.local:5000" quay.io: endpoint: "http://my-registry.local:5000"