Bug 1290118 - [RFE] There should be a setting to limit the "repositories" that build can occur with
[RFE] There should be a setting to limit the "repositories" that build can oc...
Status: NEW
Product: OpenShift Container Platform
Classification: Red Hat
Component: RFE (Show other bugs)
3.1.0
Unspecified Unspecified
low Severity low
: ---
: ---
Assigned To: Jhon Honce
Johnny Liu
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-12-09 12:04 EST by Eric Rich
Modified: 2017-08-04 17:38 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Eric Rich 2015-12-09 12:04:37 EST
Description of problem:

As a System Administrator/OpenShift Administrator I would like to be able to be able to limit the "software that can be installed into my docker images". 

- Challanges: 
  1: Yum Repositories (Subscriptions)
   - Host Subscriptons allow any repo provided by an entitlement to be used in the container.
     More information on work arounds in https://access.redhat.com/solutions/1443553 
  2: Third Party Repositories (maven, python mirrors, ruby gem mirrors)
   - Need a way to limit or set a proxy for all repositores at a global level.
   https://bugzilla.redhat.com/show_bug.cgi?id=1124928 (might be a solution)

3: What is the nature and description of the request?  
   Administrators should have the ability to limit the software installed / allowed into the "datacenter". 
      
5. How would the customer like to achieve this? (List the functional requirements here)  

  See Ideas/Suggestions above

6. For each functional requirement listed, specify how Red Hat and the customer can test to confirm the requirement is successfully implemented.  

  Testing should be done by trying to access items outside of the specified repositories. 

7. Is there already an existing RFE upstream or in Red Hat Bugzilla?  

  Not that I am aware of. 
      
8. Does the customer have any specific timeline dependencies and which release would they like to target (i.e. RHEL5, RHEL6)?  

  This should be done as an OpenShift or (Docker) setting (RHEL7)      
      
10. List any affected packages or components.  

  Docker / OpenShift
Comment 1 Jhon Honce 2016-04-14 16:59:03 EDT
This work may be tracked using https://trello.com/c/jhFrXtnb
Comment 2 Jhon Honce 2017-02-22 11:21:44 EST
See --block-registry command line option

Note You need to log in before you can comment on or make changes to this bug.