rancher: Air-gapped cluster provisioning fails when private registry requires authentication

What kind of request is this (question/bug/enhancement/feature request): Bug

Steps to reproduce (least amount of steps as possible):

1. Install Rancher HA following the HA air gapped installation docs.

2. In step 2, publish the images to a private registry (say, private.registry.com) that requires authentication to push/pull images.

3. Note how in Step 5 one configures Rancher to use the private registry in order to provision any Rancher launched Kubernetes clusters.

4. Once Rancher is installed, create a vSphere node template

5. Create a cluster using the vSphere node template, and configuring the private registry from step 2 as “default system registry” while providing credentials allowing to pull the images.

Result: Cluster creation fails. After nodes were provisioned the following error was logged:

Unable to find image 'private.registry.com/rancher/rancher-agent:v2.2.2' locally
 docker: Error response from daemon: Get https://private.registry.com/v2/:  unauthorized: authentication required

Other details that may be helpful: While Rancher uses the credentials configured for the cluster private registry when pulling the RKE system images, it does not use the credentials when pulling the initial Rancher Agent image via the docker-machine ssh connection.

Environment information

• Rancher version (rancher/rancher/rancher/server image tag or shown bottom left in the UI): v2.2.2
• Installation option (single install/HA): HA

Cluster information

• Cluster type (Hosted/Infrastructure Provider/Custom/Imported):
• Machine type (cloud/VM/metal) and specifications (CPU/memory):
• Kubernetes version (use kubectl version):

(paste the output here)

• Docker version (use docker version):

(paste the output here)