diff --git a/cluster/plan.go b/cluster/plan.go
index a944a590..d3765f9c 100644
--- a/cluster/plan.go
+++ b/cluster/plan.go
@@ -31,6 +31,10 @@ const (
 	DefaultToolsEntrypoint        = "/opt/rke-tools/entrypoint.sh"
 	DefaultToolsEntrypointVersion = "0.1.13"
 	LegacyToolsEntrypoint         = "/opt/rke/entrypoint.sh"
+
+	KubeletDockerConfigEnv     = "RKE_KUBELET_DOCKER_CONFIG"
+	KubeletDockerConfigFileEnv = "RKE_KUBELET_DOCKER_FILE"
+	KubeletDockerConfigPath    = "/var/lib/kubelet/config.json"
 )
 
 func GeneratePlan(ctx context.Context, rkeConfig *v3.RancherKubernetesEngineConfig, hostsInfoMap map[string]types.Info) (v3.RKEPlan, error) {
@@ -346,6 +350,17 @@ func (c *Cluster) BuildKubeletProcess(host *hosts.Host, prefixPath string) v3.Pr
 			c.Services.Kubelet.ExtraEnv,
 			fmt.Sprintf("%s=%s", CloudConfigSumEnv, getCloudConfigChecksum(c.CloudProvider)))
 	}
+	if len(c.PrivateRegistriesMap) > 0 {
+		kubeletDcokerConfig, _ := docker.GetKubeletDockerConfig(c.PrivateRegistriesMap)
+		c.Services.Kubelet.ExtraEnv = append(
+			c.Services.Kubelet.ExtraEnv,
+			fmt.Sprintf("%s=%s", KubeletDockerConfigEnv,
+				b64.StdEncoding.EncodeToString([]byte(kubeletDcokerConfig))))
+
+		c.Services.Kubelet.ExtraEnv = append(
+			c.Services.Kubelet.ExtraEnv,
+			fmt.Sprintf("%s=%s", KubeletDockerConfigFileEnv, path.Join(prefixPath, KubeletDockerConfigPath)))
+	}
 	// check if our version has specific options for this component
 	serviceOptions := c.GetKubernetesServicesOptions()
 	if serviceOptions.Kubelet != nil {
diff --git a/docker/docker.go b/docker/docker.go
index bd285050..f7cf6226 100644
--- a/docker/docker.go
+++ b/docker/docker.go
@@ -37,6 +37,12 @@ var K8sDockerVersions = map[string][]string{
 	"1.11": {"1.11.x", "1.12.x", "1.13.x", "17.03.x"},
 }
 
+type dockerConfig struct {
+	Auths map[string]authConfig `json:"auths,omitempty"`
+}
+
+type authConfig types.AuthConfig
+
 func DoRunContainer(ctx context.Context, dClient *client.Client, imageCfg *container.Config, hostCfg *container.HostConfig, containerName string, hostname string, plane string, prsMap map[string]v3.PrivateRegistry) error {
 	container, err := dClient.ContainerInspect(ctx, containerName)
 	if err != nil {
@@ -435,3 +441,17 @@ func isContainerEnvChanged(containerEnv, imageConfigEnv, dockerfileEnv []string)
 	allImageEnv := append(imageConfigEnv, dockerfileEnv...)
 	return sliceEqualsIgnoreOrder(allImageEnv, containerEnv)
 }
+
+func GetKubeletDockerConfig(prsMap map[string]v3.PrivateRegistry) (string, error) {
+	auths := map[string]authConfig{}
+
+	for url, pr := range prsMap {
+		auth := base64.URLEncoding.EncodeToString([]byte(fmt.Sprintf("%s:%s", pr.User, pr.Password)))
+		auths[url] = authConfig{Auth: auth}
+	}
+	cfg, err := json.Marshal(dockerConfig{auths})
+	if err != nil {
+		return "", err
+	}
+	return string(cfg), nil
+}