diff --git a/roles/container-engine/cri-o/templates/crio.conf.j2 b/roles/container-engine/cri-o/templates/crio.conf.j2
index c8a3741bf61a9e83e4943ac9740f177a6c704284..f882ed62008770decf951f80aa0dac309bafb150 100644
--- a/roles/container-engine/cri-o/templates/crio.conf.j2
+++ b/roles/container-engine/cri-o/templates/crio.conf.j2
@@ -313,6 +313,9 @@ allowed_annotations = {{ runtime.allowed_annotations|default([])|to_json }}
 # this file. Otherwise, leave insecure_registries and registries commented out to
 # use the system's defaults from /etc/containers/registries.conf.
 [crio.image]
+{% if crio_insecure_registries is defined and crio_insecure_registries|length>0 %}
+insecure_registries = {{ crio_insecure_registries }}
+{% endif %}
 
 # Default transport for pulling images from a remote container storage.
 default_transport = "docker://"
diff --git a/roles/kubespray-defaults/defaults/main.yaml b/roles/kubespray-defaults/defaults/main.yaml
index 029c808ec6ce86a2f846d566744c02a1a5b7639b..be0dff35bebbab02087429cc47f2609b7425fc61 100644
--- a/roles/kubespray-defaults/defaults/main.yaml
+++ b/roles/kubespray-defaults/defaults/main.yaml
@@ -299,6 +299,8 @@ cri_socket: >-
   unix:///var/run/cri-dockerd.sock
   {%- endif -%}
 
+crio_insecure_registries: []
+
 ## Uncomment this if you want to force overlay/overlay2 as docker storage driver
 ## Please note that overlay2 is only supported on newer kernels
 # docker_storage_options: -s overlay2