Feature #44886
closed
cephadm: allow use of authenticated registry
Added by Sage Weil about 4 years ago.
Updated almost 4 years ago.
Description
Users may need to use an authenticated registry, e.g. in air-gapped deployments.
We could punt and require that the host have all this configured so that we can just pull... Or we could teach cephadm how to take auth credentials (user/pass? cert?) and pass it around as needed.
https://pad.ceph.com/p/cephadm-registry-credentials
and then the next request will be to support untrusted registries... and so on
- Status changed from New to In Progress
- Assignee set to Kefu Chai
- Pull request ID set to 35217
- Description updated (diff)
- Assignee deleted (
Kefu Chai)
- Status changed from In Progress to New
- Priority changed from Normal to High
cephadm registry-login user pw
plus storing the credentials in the mgr/cephadm
should registry management and authentication be handled on cri-o level by system admin or maybe by cephadm as helper?
crio.conf:
**global_auth_file**=""
The path to a file like /var/lib/kubelet/config.json holding credentials necessary for pulling images from secure registries.
- Assignee set to Adam King
Denys Kondratenko wrote:
should registry management and authentication be handled on cri-o level by system admin or maybe by cephadm as helper?
crio.conf:
[...]
cephadm doesn't use cri-o, but plain podman. but yeah, cephadm should IMO orchestrate this cluster-wide
- Status changed from New to Fix Under Review
- Pull request ID changed from 35217 to 36012
- Status changed from Fix Under Review to Resolved
- Category set to cephadm
- Target version set to v15.2.5
Also available in: Atom
PDF