search

techno-tim / k3s-ansible

The easiest way to bootstrap a self-hosted High Availability Kubernetes cluster. A fully automated HA k3s etcd install with kube-vip, MetalLB, and more. Build. Destroy. Repeat.
https://technotim.live/posts/k3s-etcd-ansible/
Apache License 2.0
2.41k stars 1.05k forks source link

Add option for custom registries / mirrors #382

Closed balazshasprai closed 1 year ago

balazshasprai commented 1 year ago

Proposed Changes

Added support for custom, private registries in k3s, according to their documentation. (Got inspired after getting rate limited by docker hub at work..)

As I've documented in the sample/all.yml comments, it could be useful if you're getting rate limited (for example by running your CI/CD jobs over and over in your cluster), or you're in an air-gapped environment where you don't have Internet access after the initial setup, or if you're bandwidth limited. If you've set up a private registry (for example using Sonatype Nexus, or Docker's Registry image, or Harbor), to act as a "pull-through cache" as docker calls it, you can specify and override those docker.io / quay.io / ghcr.io endpoints with your own in /etc/rancher/k3s/registries.yaml.

Doing that also allows you to use your actual private registry, the one that stores your images, without having to store registry credentials in a secret and using imagePullSecrets in your deployments.

Of course you don't have to cache / proxy the docker.io / quay.io / ghcr.io images if you don't want / need to, you can just use this to add only your private registry.

I've tested both the caching and the private registry parts using my Harbor instance, works flawlessly.

Edit: I didn't add an "undo part" for the reset playbook, because the /etc/rancher/k3s dir gets cleaned up already.

Checklist

timothystewart6 commented 1 year ago

This is awesome, thank you so much!