Description of problem: When using registry type: `local_openshift` which is configured by default downstream, the administrator will want to whitelist the APBs in the registry he wants to make accessible. By default the adapter looks in the openshift namespace but does not have a whitelist. We would recommend they set the whitelist value to ['.*-apb$'] or ['*'] so that it will look through all available images in the openshift namespace. Version-Release number of selected component (if applicable): 3.7.0 Additional info: Example config: registry: - type: local_openshift name: lo namespaces: - openshift white_list: - ".*-apb$"
Another thing to properly include in the documentation is why we suggest using the 'openshift' namespace. By default the 'openshift' namespace exposes all imagestreams to any authenticated user on the cluster. This is valuable to the Ansible Service Broker because we create a transient namespace when provisioning APBs and that dynamic service account needs to be able to pull images from the internal registry. We want to encourage users to enable the openshift namespace by default and point them towards resources that will allow users to pull images from different projects here: https://docs.openshift.com/enterprise/3.2/dev_guide/managing_images.html#allowing-pods-to-reference-images-across-projects