Feature #44886
cephadm: allow use of authenticated registry
0%
Description
Users may need to use an authenticated registry, e.g. in air-gapped deployments.
We could punt and require that the host have all this configured so that we can just pull... Or we could teach cephadm how to take auth credentials (user/pass? cert?) and pass it around as needed.
History
#1 Updated by Sebastian Wagner 6 months ago
and then the next request will be to support untrusted registries... and so on
#5 Updated by Sebastian Wagner 3 months ago
- Status changed from In Progress to New
#6 Updated by Sebastian Wagner 3 months ago
- Priority changed from Normal to High
#7 Updated by Sebastian Wagner 3 months ago
cephadm registry-login user pw
plus storing the credentials in the mgr/cephadm
#8 Updated by Denys Kondratenko 2 months ago
should registry management and authentication be handled on cri-o level by system admin or maybe by cephadm as helper?
crio.conf:
**global_auth_file**="" The path to a file like /var/lib/kubelet/config.json holding credentials necessary for pulling images from secure registries.
#10 Updated by Sebastian Wagner 2 months ago
Denys Kondratenko wrote:
should registry management and authentication be handled on cri-o level by system admin or maybe by cephadm as helper?
crio.conf:
[...]
cephadm doesn't use cri-o, but plain podman. but yeah, cephadm should IMO orchestrate this cluster-wide
#11 Updated by Sebastian Wagner 2 months ago
- Status changed from New to Fix Under Review
- Pull request ID changed from 35217 to 36012
#12 Updated by Adam King about 2 months ago
- Status changed from Fix Under Review to Resolved
#13 Updated by Sebastian Wagner about 1 month ago
- Category set to cephadm
- Target version set to v15.2.5