Hello I am trying to install airgap rke2 cluster via federal Rancher Users #rke2

Hello, I am trying to install airgap rke2 cluster ...

average-queen-4764

04/08/2025, 7:25 PM

Hello, I am trying to install airgap rke2 cluster via federal ansible repo private registry. I installed harbor repo and configured dockerhub proxy for rke2 images. But There is a problem My rke2 cluster can not pull images from private registry Can you help me ? https://github.com/rancherfederal/rke2-ansible/blob/main/docs/tarball_install.md

creamy-pencil-82913

04/08/2025, 7:55 PM

You would need to reach out to the RGS/Rancher Federal folks if you want to use their registry. https://ranchergovernment.com/contact

creamy-pencil-82913

04/08/2025, 7:56 PM

If you’re just trying to use your own registry, then I would look at the RKE2 docs on using a private registry.

average-queen-4764

04/09/2025, 11:48 AM

@creamy-pencil-82913 hi I added system-default-registry my config.yaml and I configured harbor registyry via docker.io proxy but when I start rke2-server images can not pull because rke2-server is triying to pull registry/images but as I said I configure proxy registry/docker.io my mirror config is not work why I dont know ----------------------------- group_rke2_config: system-default-registry: 10.0.11.122:8090 # Use Calico cni: - calico disable: - canal - kube-proxy etcd-snapshot-schedule-cron: "0 */8 * * *" etcd-snapshot-retention: 21 node-name: "{{ node_name }}" node-taint: - CriticalAddonsOnly=true:NoSchedule audit-policy-file: /etc/rancher/rke2/audit-policy.yaml kube-apiserver-arg: - audit-policy-file=/etc/rancher/rke2/audit-policy.yaml - audit-log-path=/var/lib/rancher/rke2/server/logs/audit.log ----------------------------------------------------------------- mirrors: docker.io: endpoint: - "http://10.0.11.122" rewrite: "^rancher/(.*)": "docker.io/$1" configs: "10.0.11.122": auth: username: "admin" password: "Harbor12345" tls: insecure_skip_verify: true

creamy-pencil-82913

04/09/2025, 8:50 PM

If you configure system-default-registry, then having your registry as a mirror for docker.io with rewrites does nothing - because you’re not pulling from docker.io.

creamy-pencil-82913

04/09/2025, 8:50 PM

If you want to use your registry as a mirror, with rewrites, ONLY configure it as a mirror. do NOT set it as system-default-registry.

average-queen-4764

04/14/2025, 9:27 AM

@creamy-pencil-82913 Thank you very much for the advice; when I tried it this way, the necessary images were pulled through the Harbor proxy, and the cluster is now running. What I’m curious about is whether not specifying a default registry in the

config.yaml

and only using mirrors might cause issues in the future, especially for an air-gapped cluster?

creamy-pencil-82913

04/14/2025, 5:29 PM

4 Views

Open in Slack

Previous Next