I faced such a task, there is a kubernetes cluster in a private network without Internet access, it is necessary for k8s deployments to pull an image from a private docker repository that does not have tls configured. Due to this lack of tls, when deploying to my pods, the following error occurs: ImagePullBackOff (x509 certificate signed by unknown author). From many articles on the Internet, I learned that you can fix this by changing the /etc/docker/daemon.json configuration on each node. And everything would be fine, but nodes without ssh access. So, maybe someone has come across this and has some kind of working solution that does not require re-creating all the nodes in the cluster. I go in a vicious circle because everything that I come up with does not fit from the fact that there is no access to the nodes or there is no Internet access.
I thought about different options, for example: fix the configuration using a daemonset on each node. init container, which will insert the configuration through the configmap, etc. But none of these options worked in my case.
If you are on OpenShift, you can do
$ oc edit image.config.openshift.io/cluster
and add Harbor to spec/registrySources/insecureRegistries
This will let Machine Config Operator
to reboot the nodes to reflect new configuration.