JRehkemper.de

K3S - Use private Regestries

If you want to use private Image-Registries or mirrors to cache your images, you need to specify them in the registries.yaml file on all K3S Nodes.

Insecure Registry

If you want to access your registry over http and instead of https, you have to specify the url as an insecure registry. That way You can pull and push images with an error.

You have to create a registries.yaml file on all you K3S nodes. In there you have to specify the registry as a mirror and set the endpoint to http. In the Endpoint you can specify a different port if you need to.
If your registry requires authentication you can provide your username and password in the configs section.

vim /etc/rancher/k3s/registries.yaml

mirrors:
	my-registry.local:
		endpoint:
			- "http://my-registry.local:5000"
configs:
	"my-registry.local":
		auth:
			username: <username>
			password: <password>

Registry Mirror

If you want to cache your images or pull from an air-gapped registry, you can set your mirror in the same configuration file. That way all images that originate from docker.io will now be pulled from my-registry.local instead.
Again this configuration-file needs to be created on all K3S Nodes.

vim /etc/rancher/k3s/registries.yaml

mirrors:
	docker.io:
		endpoint:
			"http://my-registry.local:5000"
	quay.io:
		endpoint:
			"http://my-registry.local:5000"
profile picture of the author

Jannik Rehkemper

I'm an professional Linux Administrator and Hobby Programmer. My training as an IT-Professional started in 2019 and ended in 2022. Since 2023 I'm working as an Linux Administrator.