[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Registry Permissions





On Wed, Aug 22, 2018 at 9:58 AM, Ben Parees <bparees redhat com> wrote:


On Wed, Aug 22, 2018 at 9:49 AM, David Conde <david donedeal ie> wrote:
Thanks, will system:unauthenticated not open up the registry to people who are not authenticated at all? Also where do these permissions need to be added? 

I think you'd use oc adm policy add-cluster-role-to-group, add the system:image-puller role to the system:authenticated group.


Sorry, that would be if you want everyone to be able to pull everything.

if you only want to expose one project, then just "add-role-to-group" and specify the namespace as well.

 


I have created a new service account that is dedicated to pushing the images, this has been given the cluster permission of registry-admin. The goal is to now have the images available to be pulled in to any project.

Thanks again,
Dave

On Wed, Aug 22, 2018 at 2:42 PM David Eads <deads redhat com> wrote:
They are groups.  "system:authenticated" and "system:unauthenticated" and you probably want to assign both.

On Wed, Aug 22, 2018 at 9:39 AM Ben Parees <bparees redhat com> wrote:


On Wed, Aug 22, 2018 at 6:51 AM, David Conde <david donedeal ie> wrote:
Is it possible to add global pull permissions to a project in the registry? I'm looking to have a single place for pushing images to that all projects can access, similar to how the Openshift project works for image and template access.

you should be able to add appropriate permissions to the "system:authenticated" role which would allow any authenticated user to access it.  CCing David+Jordan who may have a more preferred approach.


 

Thanks,
Dave

_______________________________________________
users mailing list
users lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users




--
Ben Parees | OpenShift




--
Ben Parees | OpenShift




--
Ben Parees | OpenShift


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]