diff --git a/roles/container-engine/cri-o/defaults/main.yml b/roles/container-engine/cri-o/defaults/main.yml
index a2d690b3f88fec6efccff33311b8f361347800c7..3fadc9719bc7ecb9a0613d59798d699a9b94342a 100644
--- a/roles/container-engine/cri-o/defaults/main.yml
+++ b/roles/container-engine/cri-o/defaults/main.yml
@@ -11,6 +11,9 @@ crio_pause_image: "{{ pod_infra_image_repo }}:{{ pod_infra_version }}"
 # By default unqualified images are not allowed for security reasons
 crio_registries: []
 
+# Configure insecure registries.
+crio_insecure_registries: []
+
 crio_seccomp_profile: ""
 crio_selinux: "{{ (preinstall_selinux_state == 'enforcing')|lower }}"
 crio_signature_policy: "{% if ansible_os_family == 'ClearLinux' %}/usr/share/defaults/crio/policy.json{% endif %}"
@@ -50,3 +53,7 @@ kata_runtimes:
     path: /opt/kata/bin/kata-qemu
     type: oci
     root: /run/kata-containers
+
+# When this is true, CRI-O package repositories are added. Set this to false when using an
+# environment with preconfigured CRI-O package repositories.
+crio_add_repos: true
diff --git a/roles/container-engine/cri-o/tasks/main.yaml b/roles/container-engine/cri-o/tasks/main.yaml
index 5eedfc28cda7607c266ef9145e6cfac7ae1dbb37..0a9ebc93cf4667aaa38523e1d531125bffb2b649 100644
--- a/roles/container-engine/cri-o/tasks/main.yaml
+++ b/roles/container-engine/cri-o/tasks/main.yaml
@@ -39,7 +39,9 @@
     - (ansible_distribution_major_version | int) >= 31
     - ansible_proc_cmdline['systemd.unified_cgroup_hierarchy'] is not defined or ansible_proc_cmdline['systemd.unified_cgroup_hierarchy'] != '0'
 
-- import_tasks: "crio_repo.yml"
+- name: import crio repo
+  import_tasks: "crio_repo.yml"
+  when: crio_add_repos
 
 - import_tasks: "crictl.yml"
 
diff --git a/roles/container-engine/cri-o/templates/crio.conf.j2 b/roles/container-engine/cri-o/templates/crio.conf.j2
index a456d16d48fa599abc6004e636a4b0444af7077c..7cb9f93b63aeac9da508e395720a8229f91fc84b 100644
--- a/roles/container-engine/cri-o/templates/crio.conf.j2
+++ b/roles/container-engine/cri-o/templates/crio.conf.j2
@@ -339,7 +339,11 @@ signature_policy = "{{ crio_signature_policy }}"
 # List of registries to skip TLS verification for pulling images. Please
 # consider configuring the registries via /etc/containers/registries.conf before
 # changing them here.
-#insecure_registries = "[]"
+insecure_registries = [
+  {% for insecure_registry in crio_insecure_registries %}
+  "{{ insecure_registry }}",
+  {% endfor %}
+]
 
 # Controls how image volumes are handled. The valid values are mkdir, bind and
 # ignore; the latter will ignore volumes entirely.