Hi, can someone explain to me the difference between defining a

Private Registry

on the RKE template and using

imagePullSecrets

in the k8s YAML file to pull an image from a private registry?

I just checked for the

imagePullSecrets

in an RKE1 cluster yaml file and didn't find it there. I believe

imagePullSecrets

can only be configured for a pod, whereas the RKE template private registry will be used to pull images for provisioning the Kubernetes cluster itself.

@tall-school-18125 Ok so if I am interested in pulling images for pods from a private registry then I would just need to use

imagePullSecrets

in the kubernetes YAML file?

The private registry on the RKE template just tells Rancher where to get the Kubernetes images from when installing or upgrading the cluster. It creates a secret of type registry, which you can then see in cluster explorer if you look for secrets in the

cattle-global-data

namespace on the

local

cluster. The issue with referencing that from your pod would be that your registry secret would need to be in the same namespace as the pod. So you are probably going to need to create a new registry secret in the same namespace as your workload to get images for your workload.

@tall-school-18125 Oh ok, so the private registry on the RKE template tells Rancher where to pull the images for pods such as

kubelet

,

rancher-agent

, etc. but is not used for application pods that I create on my own?

That's correct.

Ok, thank you for the clarification