Docker 启动的 Rancher 默认会走公网获取镜像,添加了 CATTLE_SYSTEM_DEFAULT_REGISTRY 的话,helm-operation 使用的 rancher/shell 等还是会走到公网,如果要所有镜像都是用 Private Registry,可以通过下面的方式。
环境信息:
- Docker: 20.10.13
- Rancher: v2.7.15-ent
- Cgroup: v2
准备 Private Registry 认证的配置文件和 K3s 配置文件:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
| mkdir -pv /etc/rancher/k3s
cat <<EOF > /etc/rancher/k3s/registries.yaml
configs:
"harbor.warnerchen.com":
auth:
username: xxx
password: xxx
tls:
insecure_skip_verify: true
EOF
cat <<EOF > /etc/rancher/k3s/config.yaml
system-default-registry: harbor.warnerchen.com
EOF
|
启动 Rancher:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
| docker run -d --restart=unless-stopped --name rancher \
-v /var/lib/rancher:/var/lib/rancher \
-v /etc/rancher/k3s/registries.yaml:/etc/rancher/k3s/registries.yaml:ro \
-v /etc/rancher/k3s/config.yaml:/etc/rancher/k3s/config.yaml:ro \
-v /root/tls/cacerts.pem:/etc/rancher/ssl/cacerts.pem:ro \
-v /root/tls/tls.crt:/etc/rancher/ssl/cert.pem:ro \
-v /root/tls/tls.key:/etc/rancher/ssl/key.pem:ro \
-e HTTP_PROXY="http://172.16.16.12:10808" \
-e HTTPS_PROXY="http://172.16.16.12:10808" \
-e NO_PROXY="localhost,127.0.0.1,0.0.0.0,10.0.0.0/8,cattle-system.svc,172.16.16.0/24,.svc,.cluster.local,warnerchen.com" \
-e CATTLE_BOOTSTRAP_PASSWORD=xxx \
-e CATTLE_SYSTEM_DEFAULT_REGISTRY=harbor.warnerchen.com \
-p 80:80 \
-p 443:443 \
--privileged \
harbor.warnerchen.com/prime/rancher:v2.7.15-ent
|