Project

General

Profile

Feature #44886

cephadm: allow use of authenticated registry

Added by Sage Weil over 2 years ago. Updated over 2 years ago.

Status:
Resolved
Priority:
High
Assignee:
Adam King
Category:
cephadm
Target version:
Ceph - v15.2.5
% Done:

0%

Source:
Tags:
Backport:
Reviewed:
Affected Versions:
Pull request ID:
36012

Description

Users may need to use an authenticated registry, e.g. in air-gapped deployments.

We could punt and require that the host have all this configured so that we can just pull... Or we could teach cephadm how to take auth credentials (user/pass? cert?) and pass it around as needed.

https://pad.ceph.com/p/cephadm-registry-credentials

History

#1 Updated by Sebastian Wagner over 2 years ago

and then the next request will be to support untrusted registries... and so on

#2 Updated by Kefu Chai over 2 years ago

  • Status changed from New to In Progress
  • Assignee set to Kefu Chai
  • Pull request ID set to 35217

#3 Updated by Kefu Chai over 2 years ago

  • Description updated (diff)

#4 Updated by Kefu Chai over 2 years ago

  • Assignee deleted (Kefu Chai)

#5 Updated by Sebastian Wagner over 2 years ago

  • Status changed from In Progress to New

#6 Updated by Sebastian Wagner over 2 years ago

  • Priority changed from Normal to High

#7 Updated by Sebastian Wagner over 2 years ago 

cephadm registry-login user pw

plus storing the credentials in the mgr/cephadm

#8 Updated by Denys Kondratenko over 2 years ago

should registry management and authentication be handled on cri-o level by system admin or maybe by cephadm as helper?

crio.conf:

**global_auth_file**="" 
  The path to a file like /var/lib/kubelet/config.json holding credentials necessary for pulling images from secure registries.

#9 Updated by Adam King over 2 years ago

  • Assignee set to Adam King

#10 Updated by Sebastian Wagner over 2 years ago

Denys Kondratenko wrote:

should registry management and authentication be handled on cri-o level by system admin or maybe by cephadm as helper?

crio.conf:
[...]

cephadm doesn't use cri-o, but plain podman. but yeah, cephadm should IMO orchestrate this cluster-wide

#11 Updated by Sebastian Wagner over 2 years ago

  • Status changed from New to Fix Under Review
  • Pull request ID changed from 35217 to 36012

#12 Updated by Adam King over 2 years ago

  • Status changed from Fix Under Review to Resolved

#13 Updated by Sebastian Wagner over 2 years ago

  • Category set to cephadm
  • Target version set to v15.2.5

Also available in: Atom PDF