This is what we're looking to achieve, it seems like step 1 we can only partially accomplish by an air-gap installation, if someone makes a mistake and the image archive isn't in place at boot time, images will be fetched from a repository, we can configure RKE2 to only fetch from a repository we control but if someone tampers with the images in the repository we will not verify they are the correct images before loading them into the RKE2 containerd instance.