Bug 1331191
Summary: | Provide support for public docker registries | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Stefanie Forrester <dakini> |
Component: | RFE | Assignee: | Alexey Gladkov <agladkov> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | zhou ying <yinzhou> |
Severity: | medium | Docs Contact: | |
Priority: | unspecified | ||
Version: | 3.2.0 | CC: | akostadi, aos-bugs, dakini, haowang, jliggitt, jmatthew, jokerman, maszulik, mfojtik, miminar, mmccomas, pweil |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-09-28 16:59:56 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1303130 |
Description
Stefanie Forrester
2016-04-28 00:11:38 UTC
I'm not sure we allow at all access to any kind of resources to unauthenticated users. David or Jordan may know that, guys? We need to backport https://github.com/openshift/origin/pull/9887 for that. Ops was able to work around this by deploying an apache frontend pod to provide the authentication for pulls. So we have a publicly-readable docker registry now, using the ose-docker-registry pod as the backend. So we no longer need this functionality from the builtin registry. Thanks, I mean the authentication for *pushes, sorry. Pulls require no authentication on Ops's registry app. Today only the INT has 3.3 env , but the route for docker-registry not work. Will verify this bug when env ready. Confirmed with OCP3.3.0.17, the issue has fixed. Check the ~/.docker/config.json, make sure no credentials from your dockercfg related to your docker registry. 1)First pull image from docker-registry without the registry-viewer role, will pull failed: docker pull 172.31.224.149:5000/zhouy/deployment-example Using default tag: latest Trying to pull repository 172.31.224.149:5000/zhouy/deployment-example ... Pulling repository 172.31.224.149:5000/zhouy/deployment-example Error: image zhouy/deployment-example not found 2)Grant the registry-viewer role to system:anonymous user, then pull again, will pull succeed: oc policy add-role-to-user registry-viewer system:anonymous docker pull 172.31.224.149:5000/zhouy/deployment-example Using default tag: latest Trying to pull repository 172.31.224.149:5000/zhouy/deployment-example ... latest: Pulling from 172.31.224.149:5000/zhouy/deployment-example a3ed95caeb02: Pull complete 50438f3701c4: Pull complete Digest: sha256:ea9135488f323060cb18ab3ec06286cd49e4b3a611fce1a6a442651ecf421f99 Status: Downloaded newer image for 172.31.224.149:5000/zhouy/deployment-example:latest |