Bug 1511656
| Summary: | Document whitelist feature of local registry adapter for Ansible Service Broker | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Dylan Murray <dymurray> |
| Component: | Documentation | Assignee: | Vikram Goyal <vigoyal> |
| Status: | CLOSED EOL | QA Contact: | Vikram Goyal <vigoyal> |
| Severity: | unspecified | Docs Contact: | Latha S <lmurthy> |
| Priority: | unspecified | ||
| Version: | 3.7.0 | CC: | aos-bugs, jmatthew, jokerman, lmurthy, mmccomas |
| Target Milestone: | --- | ||
| Target Release: | 3.7.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-06-03 10:47:13 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Another thing to properly include in the documentation is why we suggest using the 'openshift' namespace. By default the 'openshift' namespace exposes all imagestreams to any authenticated user on the cluster. This is valuable to the Ansible Service Broker because we create a transient namespace when provisioning APBs and that dynamic service account needs to be able to pull images from the internal registry. We want to encourage users to enable the openshift namespace by default and point them towards resources that will allow users to pull images from different projects here: https://docs.openshift.com/enterprise/3.2/dev_guide/managing_images.html#allowing-pods-to-reference-images-across-projects |
Description of problem: When using registry type: `local_openshift` which is configured by default downstream, the administrator will want to whitelist the APBs in the registry he wants to make accessible. By default the adapter looks in the openshift namespace but does not have a whitelist. We would recommend they set the whitelist value to ['.*-apb$'] or ['*'] so that it will look through all available images in the openshift namespace. Version-Release number of selected component (if applicable): 3.7.0 Additional info: Example config: registry: - type: local_openshift name: lo namespaces: - openshift white_list: - ".*-apb$"