https://rancher.com/ logo
Join Slack
Powered by
This message was deleted.
# rke2
a
This message was deleted.
c
are you looking for the docs on the structure of that specific field? or are you just asking how it works for rke2 in general?
there are two sections under privateregistriesconfig, same as in RKE2 registries.yaml - 
configs
and 
mirrors
. They are documented here: https://docs.rke2.io/install/private_registry#registries-configuration-file
f
Right, so I see that, but I don't think that is what the RKE2ConfigTemplate takes (or is it)?
ideally, I want to pass in a secret reference, and then CAPI for RKE2 puts everything in the right place
c
Can you link to which specific capi provider you’re using?
f
infra side is VMWare, but I don't think that matters
c
it would appear to take the same structure as rke2 itself. I don’t see anything about secret references.
f
But it doesn't seem to work
c
it appears to be nested under configs.additionalProperties.authSecret, at least if this CRD is to be believed.
f
so I can get it to be accepted, but it doesn't actually work
c
the auth secret namespace and name are set in the spec, and the secret contains 
username
and 
password
fields?
f
yes
and like it said, its accepted, but the new cluster can't pull images from that registry, and I don't see it anywhere in the containerd files
c
is registries.yaml getting created on the nodes? that’s the first place I’d look.
f
i'll take a look tommorow have to head out, but where would that be?
c
exactly where the rke2 docs say it is
all this stuff just ends up going into registries.yaml on each node
f
got it
In those cases, where is the encryptionconfig for etcd stored on the local cluster?
c
this is not managed by rancher, it is handled by rke2. it is part of the bootstrap data, alongside the cluster ca certs/keys.
4 Views
Open in Slack
PreviousNext
Powered by