Hide Forgot
In OSE 3.2, it is possible to whitelist docker registries for downloading images and templates and to restrict access to ONLY these registries. All other registries are denied access to. Describe: -- what is the use case for whitelisting docker registries -- how can the user specify whitelisted registries -- what happens if the user tries to access an image or template from a denied registry -- Provide examples Upstream Trello card is: https://trello.com/c/kgLCe6mN/101-ability-to-specify-a-whitelist-of-docker-registries Dev for this feature is: Dan Walsh QA for this feature is: Wei Sun Likely Guide is: https://docs.openshift.com/enterprise/3.1/install_config/install/docker_registry.html
We can talk about this from an docker point of view but not a Openshift point of view. Basically you can add an option to /etc/sysconfig/docker to block-registries. If you want to block all registries you would add --block-registries=all Now you would add registires that you would like to allow. --add-registry=redhat.io --add-registry=acme.com If a user tries to pull from docker.io/ubuntu He should get an error message stating that this is not an allowed registry.
https://github.com/openshift/openshift-docs/pull/1742 Submitted docs PR. Tagged Daniel Walsh for tech review.
https://github.com/openshift/openshift-docs/pull/1742 Dan Walsh passed tech review duties along to Antonio Murdaca, thank you. Moved along to peer review now.
Peer review also complete with notes from Brice & Thien-Thi. Docs PR merged. Moving this to RELEASE_PENDING.
https://access.redhat.com/documentation/en/openshift-enterprise/3.2/installation-and-configuration/chapter-2-installing