Bug 1307210 - [DOCS] [3.2] Document whitelisting of Docker Registries
[DOCS] [3.2] Document whitelisting of Docker Registries
Status: CLOSED CURRENTRELEASE
Product: OpenShift Container Platform
Classification: Red Hat
Component: Documentation (Show other bugs)
3.1.0
Unspecified Unspecified
high Severity medium
: ---
: ---
Assigned To: Timothy
Wei Sun
Vikram Goyal
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2016-02-13 00:07 EST by Vikram Goyal
Modified: 2017-03-08 13 EST (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-05-16 21:40:13 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Vikram Goyal 2016-02-13 00:07:19 EST
In OSE 3.2, it is possible to whitelist docker registries for downloading images and templates and to restrict access to ONLY these registries. All other registries are denied access to. 

Describe:
-- what is the use case for whitelisting docker registries
-- how can the user specify whitelisted registries
-- what happens if the user tries to access an image or template from a denied registry
-- Provide examples

Upstream Trello card is:
https://trello.com/c/kgLCe6mN/101-ability-to-specify-a-whitelist-of-docker-registries

Dev for this feature is:
Dan Walsh

QA for this feature is:
Wei Sun

Likely Guide is:
https://docs.openshift.com/enterprise/3.1/install_config/install/docker_registry.html
Comment 1 Daniel Walsh 2016-03-02 17:07:57 EST
We can talk about this from an docker point of view but not a Openshift point of view.  

Basically you can add an option to /etc/sysconfig/docker to block-registries.  If you want to block all registries you would add

--block-registries=all

Now you would add registires that you would like to allow.

--add-registry=redhat.io --add-registry=acme.com

If a user tries to pull from docker.io/ubuntu  He should get an error message stating that this is not an allowed registry.
Comment 2 Timothy 2016-03-15 01:19:15 EDT
https://github.com/openshift/openshift-docs/pull/1742

Submitted docs PR. Tagged Daniel Walsh for tech review.
Comment 4 Timothy 2016-03-16 19:39:12 EDT
https://github.com/openshift/openshift-docs/pull/1742 

Dan Walsh passed tech review duties along to Antonio Murdaca, thank you.

Moved along to peer review now.
Comment 5 Timothy 2016-03-21 20:09:58 EDT
Peer review also complete with notes from Brice & Thien-Thi.

Docs PR merged. 

Moving this to RELEASE_PENDING.

Note You need to log in before you can comment on or make changes to this bug.