[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Granting all authenticated users access to the internal Docker registry



Actually what I wanted was for all unauthenticated users to be able to
pull from a given namespace.  David worked with me on irc.  In my case
I had failed to specify the namespace.  What I needed was:

oadm policy add-role-to-group system:image-puller system:authenticated -n joe

After that bob could pull images from the joe project.

On Mon, Oct 26, 2015 at 4:11 PM, Jordan Liggitt <jliggitt redhat com> wrote:
> If you really want to let any authenticated user pull any image from any
> namespace, this should work:
>
> oadm policy add-cluster-role-to-group system:image-puller
> system:authenticated
>
> Remember that your "password" to the docker registry is your OpenShift API
> token (`oc whoami -t`)
>
>
> On Mon, Oct 26, 2015 at 4:04 PM, Brenton Leanhardt <bleanhar redhat com>
> wrote:
>>
>> With the latest Origin 1.0.6 release how can I grant image pull access
>> to any image in the internal registry for authenticated users?
>>
>> I've tried:
>>
>> oadm policy add-role-to-group system:image-puller system:authenticated
>> oadm policy add-role-to-user system:image-puller bob
>>
>> Neither of those commands resulted in allowing bob to 'docker login'
>> to the internal registry and successfully pull images that user joe
>> pushed.  Am I missing something?  Am I going about this the wrong way?
>>
>> --Brenton
>>
>> _______________________________________________
>> users mailing list
>> users lists openshift redhat com
>> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>
>


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]