Bug 1307210 - [DOCS] [3.2] Document whitelisting of Docker Registries
Summary: [DOCS] [3.2] Document whitelisting of Docker Registries
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Deadline: 2016-03-15
Product: OpenShift Container Platform
Classification: Red Hat
Component: Documentation
Version: 3.1.0
Hardware: Unspecified
OS: Unspecified
high
medium
Target Milestone: ---
: ---
Assignee: Timothy
QA Contact: Wei Sun
Vikram Goyal
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-02-13 05:07 UTC by Vikram Goyal
Modified: 2017-03-08 18:14 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-05-17 01:40:13 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description Vikram Goyal 2016-02-13 05:07:19 UTC
In OSE 3.2, it is possible to whitelist docker registries for downloading images and templates and to restrict access to ONLY these registries. All other registries are denied access to. 

Describe:
-- what is the use case for whitelisting docker registries
-- how can the user specify whitelisted registries
-- what happens if the user tries to access an image or template from a denied registry
-- Provide examples

Upstream Trello card is:
https://trello.com/c/kgLCe6mN/101-ability-to-specify-a-whitelist-of-docker-registries

Dev for this feature is:
Dan Walsh

QA for this feature is:
Wei Sun

Likely Guide is:
https://docs.openshift.com/enterprise/3.1/install_config/install/docker_registry.html

Comment 1 Daniel Walsh 2016-03-02 22:07:57 UTC
We can talk about this from an docker point of view but not a Openshift point of view.  

Basically you can add an option to /etc/sysconfig/docker to block-registries.  If you want to block all registries you would add

--block-registries=all

Now you would add registires that you would like to allow.

--add-registry=redhat.io --add-registry=acme.com

If a user tries to pull from docker.io/ubuntu  He should get an error message stating that this is not an allowed registry.

Comment 2 Timothy 2016-03-15 05:19:15 UTC
https://github.com/openshift/openshift-docs/pull/1742

Submitted docs PR. Tagged Daniel Walsh for tech review.

Comment 4 Timothy 2016-03-16 23:39:12 UTC
https://github.com/openshift/openshift-docs/pull/1742 

Dan Walsh passed tech review duties along to Antonio Murdaca, thank you.

Moved along to peer review now.

Comment 5 Timothy 2016-03-22 00:09:58 UTC
Peer review also complete with notes from Brice & Thien-Thi.

Docs PR merged. 

Moving this to RELEASE_PENDING.


Note You need to log in before you can comment on or make changes to this bug.