rke2 registries.yaml dockerhub

Question

I am trying to understand how to authenticate pulls from the dockerhub registry from rke2.

To ensure that the user and password are read from the /etc/rancher/rke2/registries.yaml file i am setting a wrong password in order to have an error.

The file si written like so:

# cat /etc/rancher/rke2/registries.yaml                                                                             mirrors:
  harbor.mydomain.xyz:
    endpoint:
      - "harbor.mydomain.xyz"
configs:
  "harbor.mydomain.xyz":
    auth:
      username: robot$user
      password: my-harbor-pass
    tls:
      insecure_skip_verify: True
  registry-1.docker.io:
    auth:
      username: my-user
      password: wrongpass

The file works for the harbor registry and the credentials are correctly written into the /var/lib/rancher/rke2/agent/etc/containerd/config.toml file.

[...]
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
  runtime_type = "io.containerd.runc.v2"
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
  SystemdCgroup = true
[plugins."io.containerd.grpc.v1.cri".registry]
  config_path = "/var/lib/rancher/rke2/agent/etc/containerd/certs.d"
[plugins."io.containerd.grpc.v1.cri".registry.configs."container.cub-otto.it".auth]
  username = "robot$user"
  password = "my-harbor-pass"
[plugins."io.containerd.grpc.v1.cri".registry.configs."registry-1.docker.io".auth]
  username = "my-user"
  password = "wrongpass"

But when I try to pull an image from docker hub it works, which it should not happen:

/var/lib/rancher/rke2/bin/ctr --address /run/k3s/containerd/containerd.sock --namespace k8s.io image pull docker.io/library/wordpress:latest
WARN[0000] DEPRECATION: The `configs` property of `[plugins."io.containerd.grpc.v1.cri".registry]` is deprecated since containerd v1.5 and will be removed in containerd v2.0. Use `config_path` instead.
docker.io/library/wordpress:latest:                                               resolved       |++++++++++++++++++++++++++++++++++++++|
index-sha256:92951775334a184513ebc2a7bee22ad9848507be924c5df9f0b3ddb627d46634:    done           |++++++++++++++++++++++++++++++++++++++|
manifest-sha256:0f2e4f6559d73782760c886b78329187a64db51bce55e32f234b819cc6f6d938: done           |++++++++++++++++++++++++++++++++++++++|
[...]

I tried also to use docker.io instead of registry-1.docker.io but it had the same result.

Can someone please help me ?

rke2 registries.yaml dockerhub

0 Answers0