Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature Request: Allow for the configuration of private registries #594

Closed
nheinemans-asml opened this issue Dec 9, 2024 · 3 comments
Closed

Comments

@nheinemans-asml
Copy link

Is your feature request related to a problem?

We are running Rancher in an air-gapped environment, using a private registry. After moving to Rancher Prime, our installation points to a separate private registry which mirrors only the rancher prime images. Unfortunately, the Kubewarden helm chart doesn't allow us to independently point to a private registry. It will automatically use the systemDefaultRegistry or no registry at all (https://github.com/kubewarden/helm-charts/blob/main/charts/kubewarden-controller/templates/_helpers.tpl#L107-L113).

Solution you'd like

Just like you did for policy-reporter.image.registry, add these helm values so we can use a separate registry for the kubewarden images.
kubewarden-controller helm chart:
image.registry
kubewarden-defaults helm chart:
policyServer.image.registry

Alternatives you've considered

Create our own private registry which contains images for Rancher Prime and Kubewarden. However we'd rather keep those separated.

Anything else?

No response

@viccuad
Copy link
Member

viccuad commented Dec 9, 2024

Hi, thanks for opening this issue.

This definitely sounds like something that can be worked out. Yet, I'm not sure I fully understand the problem. Let me rephrase:
You have a Rancher air-gapped deployment, and have 2 private registries, one only for Rancher images (e.g: rancher-reg.example.com), and one for Kubewarden ones (e.g: kubewarden-reg.example.com).

One can set Kubewarden's global.cattle.systemDefaultRegistry to kubewarden-reg.example.com, just as any other value in Kubewarden's charts, and that should be sufficient, irrespective of the deployment values of Rancher charts that may be setting their global.cattle.systemDefaultRegistry to other value.

@nheinemans-asml
Copy link
Author

Hi, I had to double check, but it turns out that this issue is limited to RKE1. Although we set global.cattle.systemDefaultRegistry in the helm chart, the resulting value is still identical to the value we configured in our Rancher deployment (which is the rancher-prime mirror).

On our RKE2 clusters, it works as you described.

@viccuad
Copy link
Member

viccuad commented Jan 10, 2025

I have opened rancher/terraform-provider-rke#491, as a request to backport this feature from RKE2 into RKE1 Terraform provider. Still, it may be not prioritized as RKE1 is indeed nearing EOL.

I will close this issue here, since there's nothing much we can do on Kubewarden side.

@viccuad viccuad closed this as completed Jan 10, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants