rancher
/
cluster-api-provider-rke2
mirror of https://github.com/rancher/cluster-api-provider-rke2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #673 from anmazzotti/fix_private_registry_token 

Fix private registry token authentication
This commit is contained in:
Alexander Demicev 2025-06-04 10:19:06 +00:00 committed by GitHub
parent a2f6678bba c05d4525cd
commit 30ad231886
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 16 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
docs/book/src/02_topics/04_embedded-registry.md
View File

@ -1,10 +1,12 @@
# Configuring Embedded Registry in RKE2
## Overview
RKE2 allows users to enable an **embedded registry** on control plane nodes. When the `embeddedRegistry` option is set to `true` in the `serverConfig`, users can configure the registry using the `PrivateRegistriesConfig` field.
The process follows [RKE2 docs](https://docs.rke2.io/install/registry_mirror).
## Enabling Embedded Registry
To enable the embedded registry, set the `embeddedRegistry` field to `true` in the `serverConfig` section of the `RKE2ControlPlane` configuration:
```yaml
@ -18,6 +20,7 @@ spec:
```
## Configuring Private Registries
Once the embedded registry is enabled, you can configure private registries using the `PrivateRegistriesConfig` field in `RKE2ConfigSpec`. This field allows you to define registry mirrors, authentication, and TLS settings.
Example:
@ -38,14 +41,25 @@ spec:
"myregistry.example.com":
authSecret:
name: my-registry-secret
namespace: my-secrets-namespace
tls:
tlsConfigSecret:
name: my-registry-tls-secret
namespace: my-secrets-namespace
insecureSkipVerify: false
```
## TLS Secret Format
When configuring the `tlsConfigSecret`, ensure the secret contains the following keys:
- **`ca.crt`** CA certificate
- **`tls.key`** TLS private key
- **`tls.crt`** TLS certificate
- **`tls.crt`** TLS certificate
## Auth Secret Format
When configuring the `authSecret`, ensure the secret contains the following keys:
- **`username` and `password`** - When using Basic Auth credentials
- **`identity-token`** - When using a personal access token

2
pkg/rke2/registries_types.go
View File

@ -49,7 +49,7 @@ type AuthConfig struct {
Auth string `json:"auth,omitempty" toml:"auth" yaml:"auth,omitempty"`
// IdentityToken is used to authenticate the user and get
// an access token for the registry.
IdentityToken string `json:"identity_token,omitempty" toml:"identitytoken" yaml:"identity_token,omitempty"`
IdentityToken string `json:"token,omitempty" toml:"token" yaml:"token,omitempty"`
}
// TLSConfig contains the CA/Cert/Key used for a registry.