When running K3s locally, pulling images from container registries can take a significant amount of time. To address this, we set up local caching pass-through registries to store images and configure the local K3s cluster to use these proxies. A similar method can be employed in production environments, particularly in air-gapped setups. This approach can also be used to ensure that all necessary images are available in local registries. It also helps overcome issues with Docker Hub rate limits.
Regarding the guide on private registries for K3s, it provides a useful overview. However, it doesn’t go into detail about using one of the most popular open-source registries, Harbor. In this post, I will explain how this can be done.
Whenever the Harbor registry is configured as shown in the screenshots above (you can also use Terraform for this if needed), it’s time to configure containerd for K3s. Ensure that your registry is configured for HTTPS with the following settings:
# https related config
https:
# https port for harbor, default is 443
port: 443
# The path of cert and key files for nginx
certificate: /etc/letsencrypt/live/.../fullchain.pem
private_key: /etc/letsencrypt/live/.../privkey.pem`
Configure containerd mirrors:
cat registries.yaml
mirrors:
docker.io:
endpoint:
- https://your-registry-com:443/v2/proxy-docker.io
ghcr.io:
endpoint:
- https://your-registry-com:443/v2/proxy-ghcr.io
gcr.io:
endpoint:
- https://your-registry-com:443/v2/proxy-gcr.io
registry.k8s.io:
endpoint:
- https://your-registry-com:443/v2/proxy-registry.k8s.io
quay.io:
endpoint:
- https://your-registry-com:443/v2/proxy-quay.io
This file should be placed in the K3s folder before starting the cluster.
mkdir -p /etc/rancher/k3s/
cp registries.yaml /etc/rancher/k3s/registries.yaml
curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC='...' K3S_TOKEN=... sh -
By following the steps outlined in this guide, you’ll ensure that your K3s cluster is efficiently pulling images from your local registry, reducing latency and increasing reliability.
