This message was deleted.

If I understand correctly - you create and add your registries; does not matter if the cluster is created by rancher or not... https://docs.rke2.io/install/containerd_registry_configuration ----- if you are talking about "global default registry" for rancher then check out this doc: https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permiss[…]-global-configuration/global-default-private-registry

If you are provisioning your cluster via Rancher, there is a section of the cluster edit UI that allows you to configure registry mirrors and credentials.

I was trying to do it via Terraform and struggled a bit to find the correct way to do it, but found a solution that works. For anyone else who struggles with this:

resource "rancher2_cluster_v2" "mycluster"
rke_config {
    registries {
      configs {
        hostname                = "<http://my.registry.com|my.registry.com>"
        auth_config_secret_name = "k8s-secret-name"
      }
      configs {
        hostname                = "<http://docker.io|docker.io>"
        auth_config_secret_name = "k8s-secret-name"
      }

    }

Then what was a bit unclear in the docs is that you have to create this auth_config_secret_name in the

fleet-default

namespace on the admin cluster and the secret should be created with

--type="<http://rke.cattle.io/auth-config|rke.cattle.io/auth-config>"