Bug 1290118 - [RFE] There should be a setting to limit the "repositories" that build can occur with
Summary: [RFE] There should be a setting to limit the "repositories" that build can oc...
Keywords:
Status: CLOSED DEFERRED
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: RFE
Version: 3.1.0
Hardware: Unspecified
OS: Unspecified
low
low
Target Milestone: ---
: ---
Assignee: Jhon Honce
QA Contact: Johnny Liu
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-12-09 17:04 UTC by Eric Rich
Modified: 2019-10-10 10:39 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-01-09 10:50:05 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description Eric Rich 2015-12-09 17:04:37 UTC
Description of problem:

As a System Administrator/OpenShift Administrator I would like to be able to be able to limit the "software that can be installed into my docker images". 

- Challanges: 
  1: Yum Repositories (Subscriptions)
   - Host Subscriptons allow any repo provided by an entitlement to be used in the container.
     More information on work arounds in https://access.redhat.com/solutions/1443553 
  2: Third Party Repositories (maven, python mirrors, ruby gem mirrors)
   - Need a way to limit or set a proxy for all repositores at a global level.
   https://bugzilla.redhat.com/show_bug.cgi?id=1124928 (might be a solution)

3: What is the nature and description of the request?  
   Administrators should have the ability to limit the software installed / allowed into the "datacenter". 
      
5. How would the customer like to achieve this? (List the functional requirements here)  

  See Ideas/Suggestions above

6. For each functional requirement listed, specify how Red Hat and the customer can test to confirm the requirement is successfully implemented.  

  Testing should be done by trying to access items outside of the specified repositories. 

7. Is there already an existing RFE upstream or in Red Hat Bugzilla?  

  Not that I am aware of. 
      
8. Does the customer have any specific timeline dependencies and which release would they like to target (i.e. RHEL5, RHEL6)?  

  This should be done as an OpenShift or (Docker) setting (RHEL7)      
      
10. List any affected packages or components.  

  Docker / OpenShift

Comment 1 Jhon Honce 2016-04-14 20:59:03 UTC
This work may be tracked using https://trello.com/c/jhFrXtnb

Comment 2 Jhon Honce 2017-02-22 16:21:44 UTC
See --block-registry command line option


Note You need to log in before you can comment on or make changes to this bug.