diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml
index 7a21eb9..d5912d4 100644
--- a/.gitea/workflows/deploy.yml
+++ b/.gitea/workflows/deploy.yml
@@ -228,11 +228,20 @@ jobs:
             ghcr.io/fluxcd/kustomize-controller:v1.8.1 \
             ghcr.io/fluxcd/helm-controller:v1.5.1 \
             ghcr.io/fluxcd/notification-controller:v1.8.1 \
+            docker.io/rancher/mirrored-coredns-coredns:1.14.2 \
+            docker.io/rancher/mirrored-metrics-server:v0.8.1 \
+            docker.io/rancher/local-path-provisioner:v0.0.35 \
+            docker.io/rancher/mirrored-library-traefik:3.6.10 \
+            docker.io/rancher/klipper-helm:v0.9.14-build20260309 \
             oci.external-secrets.io/external-secrets/external-secrets:v2.1.0 \
             ghcr.io/tailscale/k8s-operator:v1.96.5 \
             ghcr.io/tailscale/tailscale:v1.96.5 \
             registry.k8s.io/sig-storage/nfs-subdir-external-provisioner:v4.0.2 \
             docker.io/rancher/mirrored-pause:3.6 \
+            docker.io/rancher/rancher:v2.13.3 \
+            docker.io/rancher/rancher-webhook:v0.9.3 \
+            docker.io/rancher/system-upgrade-controller:v0.17.0 \
+            docker.io/rancher/shell:v0.6.2 \
             quay.io/jetstack/cert-manager-controller:v1.17.2 \
             quay.io/jetstack/cert-manager-cainjector:v1.17.2 \
             quay.io/jetstack/cert-manager-webhook:v1.17.2 \
diff --git a/ansible/roles/bootstrap-image-prepull/tasks/main.yml b/ansible/roles/bootstrap-image-prepull/tasks/main.yml
index b1998bb..ae2806c 100644
--- a/ansible/roles/bootstrap-image-prepull/tasks/main.yml
+++ b/ansible/roles/bootstrap-image-prepull/tasks/main.yml
@@ -1,13 +1,49 @@
 ---
-- name: Pre-pull bootstrap images into containerd
+- name: Check for runner-provided bootstrap image archives
+  stat:
+    path: "{{ playbook_dir }}/../outputs/bootstrap-image-archives/{{ item | regex_replace('[/:]', '_') }}.tar"
+  delegate_to: localhost
+  become: false
+  register: bootstrap_image_archive_stats
+  loop: "{{ bootstrap_prepull_images }}"
+
+- name: Ensure remote bootstrap image archive directory exists
+  file:
+    path: /tmp/bootstrap-image-archives
+    state: directory
+    mode: "0755"
+
+- name: Copy runner-provided bootstrap image archives
+  copy:
+    src: "{{ item.stat.path }}"
+    dest: "/tmp/bootstrap-image-archives/{{ item.item | regex_replace('[/:]', '_') }}.tar"
+    mode: "0644"
+  loop: "{{ bootstrap_image_archive_stats.results }}"
+  loop_control:
+    label: "{{ item.item }}"
+  when: item.stat.exists
+
+- name: Import or pull bootstrap images into containerd
   shell: |
     if /usr/local/bin/ctr -n k8s.io images ls -q | grep -Fx -- "{{ item }}" >/dev/null; then
       echo "already present"
       exit 0
     fi
 
-    for attempt in 1 2 3; do
-      if timeout 120s /usr/local/bin/ctr -n k8s.io images pull "{{ item }}"; then
+    archive="/tmp/bootstrap-image-archives/{{ item | regex_replace('[/:]', '_') }}.tar"
+    if [ -s "${archive}" ]; then
+      for attempt in 1 2 3; do
+        if /usr/local/bin/ctr -n k8s.io images import "${archive}" && /usr/local/bin/ctr -n k8s.io images ls -q | grep -Fx -- "{{ item }}" >/dev/null; then
+          echo "imported image"
+          exit 0
+        fi
+
+        sleep 10
+      done
+    fi
+
+    for attempt in 1 2 3 4 5; do
+      if timeout 180s /usr/local/bin/ctr -n k8s.io images pull "{{ item }}"; then
         echo "pulled image"
         exit 0
       fi
@@ -20,4 +56,4 @@
     executable: /bin/bash
   register: bootstrap_image_pull
   loop: "{{ bootstrap_prepull_images }}"
-  changed_when: "'pulled image' in bootstrap_image_pull.stdout"
+  changed_when: "'imported image' in bootstrap_image_pull.stdout or 'pulled image' in bootstrap_image_pull.stdout"
diff --git a/ansible/roles/rancher-image-prepull/tasks/main.yml b/ansible/roles/rancher-image-prepull/tasks/main.yml
index eac5075..4148161 100644
--- a/ansible/roles/rancher-image-prepull/tasks/main.yml
+++ b/ansible/roles/rancher-image-prepull/tasks/main.yml
@@ -1,13 +1,49 @@
 ---
-- name: Pre-pull Rancher images into containerd
+- name: Check for runner-provided Rancher image archives
+  stat:
+    path: "{{ playbook_dir }}/../outputs/bootstrap-image-archives/{{ item | regex_replace('[/:]', '_') }}.tar"
+  delegate_to: localhost
+  become: false
+  register: rancher_image_archive_stats
+  loop: "{{ rancher_images_to_prepull }}"
+
+- name: Ensure remote Rancher image archive directory exists
+  file:
+    path: /tmp/bootstrap-image-archives
+    state: directory
+    mode: "0755"
+
+- name: Copy runner-provided Rancher image archives
+  copy:
+    src: "{{ item.stat.path }}"
+    dest: "/tmp/bootstrap-image-archives/{{ item.item | regex_replace('[/:]', '_') }}.tar"
+    mode: "0644"
+  loop: "{{ rancher_image_archive_stats.results }}"
+  loop_control:
+    label: "{{ item.item }}"
+  when: item.stat.exists
+
+- name: Import or pull Rancher images into containerd
   shell: |
     if /usr/local/bin/ctr -n k8s.io images ls -q | grep -Fx -- "{{ item }}" >/dev/null; then
       echo "already present"
       exit 0
     fi
 
-    for attempt in 1 2 3; do
-      if timeout 120s /usr/local/bin/ctr -n k8s.io images pull "{{ item }}"; then
+    archive="/tmp/bootstrap-image-archives/{{ item | regex_replace('[/:]', '_') }}.tar"
+    if [ -s "${archive}" ]; then
+      for attempt in 1 2 3; do
+        if /usr/local/bin/ctr -n k8s.io images import "${archive}" && /usr/local/bin/ctr -n k8s.io images ls -q | grep -Fx -- "{{ item }}" >/dev/null; then
+          echo "imported image"
+          exit 0
+        fi
+
+        sleep 10
+      done
+    fi
+
+    for attempt in 1 2 3 4 5; do
+      if timeout 180s /usr/local/bin/ctr -n k8s.io images pull "{{ item }}"; then
         echo "pulled image"
         exit 0
       fi
@@ -20,4 +56,4 @@
     executable: /bin/bash
   register: rancher_image_pull
   loop: "{{ rancher_images_to_prepull }}"
-  changed_when: "'pulled image' in rancher_image_pull.stdout"
+  changed_when: "'imported image' in rancher_image_pull.stdout or 'pulled image' in rancher_image_pull.stdout"