starlingx/docs
Code Issues Proposed changes
Files
0b85a0e8f7629713a8fa4c3a797e123d2873fc1a
docs/doc/source/admintasks/kubernetes/kubernetes-admin-tutorials-authentication-and-authorization.rst
Juanita-Balaraj 265d96bed1 Fixed \_ as the output was not rendering correctly (pick r5 updates only) 
Fixed Patchset 4 comments
Fixed Patchset 3 comments and added additional updates
Signed-off-by: Juanita-Balaraj <juanita.balaraj@windriver.com>
Change-Id: I7482afc3a90bbdc94b6ecd8b6ac39d831b8a45db
Signed-off-by: Juanita-Balaraj <juanita.balaraj@windriver.com>
2021-11-02 11:27:15 -04:00

60 lines
2.3 KiB
ReStructuredText
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

.. khe1563458421728
.. _kubernetes-admin-tutorials-authentication-and-authorization:
=======================================================
 Local Docker Registry Authentication and Authorization
=======================================================
Authentication is enabled for the local Docker registry. When logging in,
users are authenticated using their platform keystone credentials.
For example:
.. code-block:: none
$ docker login registry.local:9001 -u <keystoneUserName> -p <keystonePassword>
An authorized administrator \('admin' and 'sysinv'\) can perform any Docker
action. Regular users can only interact with their own repositories \(i.e.
registry.local:9001/<keystoneUserName>/\). Any authenticated user can pull from
the following list of public images:
.. _kubernetes-admin-tutorials-authentication-and-authorization-d383e50:
- registry.local:9001:/public/\*
- registry.local:9001:/k8s.gcr.io/pause
- registry.local:9001:/quay.io/jetstack/cert-manager-acmesolver
The **mtce** user can only pull public images, but cannot push any images.
For example, only **admin** and **testuser** accounts can push to or pull from
**registry.local:9001/testuser/busybox:latest**
.. _kubernetes-admin-tutorials-authentication-and-authorization-d383e87:
---------------------------------
Username and Docker compatibility
---------------------------------
Repository names in Docker registry paths must be lower case. For this reason,
a keystone user must exist that consists of all lower case characters. For
example, the user **testuser** is correct in the following URL, while
**testUser** would result in an error:
**registry.local:9001/testuser/busybox:latest**
.. note::
Use of the auto-generated self-signed certificate for the registry
certificate is not recommended. If you must do so, then from the central
cloud/systemController, access to the local registry can only be done using
registry.local:9001. registry.central:9001 will be inaccessible. Installing
a |CA|-signed certificate for the registry and the certificate of the |CA| as
an 'ssl_ca' certificate will remove this restriction.
For more information about Docker commands, see
`https://docs.docker.com/engine/reference/commandline/docker/ <https://docs.docker.com/engine/reference/commandline/docker/>`__.
View Git Blame Copy Permalink