Often Asked Question

What is the difference between a global registry versus a cluster-wide registry? Where would I use one over the other?

Here's the skinny

Global Private Registry

Global-level private registries allow for administrators to store or proxy images through a centralized image repository. Global registries allow for air-gapped setups to pull images needed for cluster provisioning and end-user workloads without specifying the private registry server. This registry is used as the default pull location in place of DockerHub. The global private registry does not support image repositories requiring authentication. Use cluster-level registries if you need to authenticate against your image repository during cluster provisioning. Use registries within the cluster if you need to authenticate against your image repository for end-user workloads. Docs to Global private registry configuration

Cluster Provisioning Private Registry

Cluster-level private registries allow administrators to use a registry server with RKE-based clusters to provision system components required to run Kubernetes. List of system images here. Administrators can pass in credentials if the registry server requires them. Outside of the RKE system-images and RKE add-ons, the Rancher agent image used in cluster provisioning will use the cluster-level registry for custom clusters. Eventually, node drivers will pull the Rancher agent image from the cluster-level registry as well. Track progress on that feature here, give it a thumbs-up and watch it if you're interested in its progress..

Note: There are still specific images not covered by the cluster-level private registry that are part of the cluster provisioning process. Your cluster will need access to either DockerHub or have these images in your global registry: Busybox, shell, and pause.