In OSE 3.2, it is possible to whitelist docker registries for downloading images and templates and to restrict access to ONLY these registries. All other registries are denied access to. Describe: -- what is the use case for whitelisting docker registries -- how can the user specify whitelisted registries -- what happens if the user tries to access an image or template from a denied registry -- Provide examples Upstream Trello card is: https://trello.com/c/kgLCe6mN/101-ability-to-specify-a-whitelist-of-docker-registries Dev for this feature is: Dan Walsh QA for this feature is: Wei Sun Likely Guide is: https://docs.openshift.com/enterprise/3.1/install_config/install/docker_registry.html
We can talk about this from an docker point of view but not a Openshift point of view. Basically you can add an option to /etc/sysconfig/docker to block-registries. If you want to block all registries you would add --block-registries=all Now you would add registires that you would like to allow. --add-registry=redhat.io --add-registry=acme.com If a user tries to pull from docker.io/ubuntu He should get an error message stating that this is not an allowed registry.
https://github.com/openshift/openshift-docs/pull/1742 Submitted docs PR. Tagged Daniel Walsh for tech review.
https://github.com/openshift/openshift-docs/pull/1742 Dan Walsh passed tech review duties along to Antonio Murdaca, thank you. Moved along to peer review now.
Peer review also complete with notes from Brice & Thien-Thi. Docs PR merged. Moving this to RELEASE_PENDING.
https://access.redhat.com/documentation/en/openshift-enterprise/3.2/installation-and-configuration/chapter-2-installing