On Wed, Aug 22, 2018 at 9:49 AM, David Conde <da...@donedeal.ie> wrote:
> Thanks, will system:unauthenticated not open up the registry to people who > are not authenticated at all? Also where do these permissions need to be > added? > I think you'd use oc adm policy add-cluster-role-to-group, add the system:image-puller role to the system:authenticated group. > I have created a new service account that is dedicated to pushing the > images, this has been given the cluster permission of registry-admin. The > goal is to now have the images available to be pulled in to any project. > > Thanks again, > Dave > > On Wed, Aug 22, 2018 at 2:42 PM David Eads <de...@redhat.com> wrote: > >> They are groups. "system:authenticated" and "system:unauthenticated" and >> you probably want to assign both. >> >> On Wed, Aug 22, 2018 at 9:39 AM Ben Parees <bpar...@redhat.com> wrote: >> >>> >>> >>> On Wed, Aug 22, 2018 at 6:51 AM, David Conde <da...@donedeal.ie> wrote: >>> >>>> Is it possible to add global pull permissions to a project in the >>>> registry? I'm looking to have a single place for pushing images to that all >>>> projects can access, similar to how the Openshift project works for image >>>> and template access. >>>> >>> >>> you should be able to add appropriate permissions to the >>> "system:authenticated" role which would allow any authenticated user to >>> access it. CCing David+Jordan who may have a more preferred approach. >>> >>> >>> >>> >>>> >>>> Thanks, >>>> Dave >>>> >>>> _______________________________________________ >>>> users mailing list >>>> users@lists.openshift.redhat.com >>>> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >>>> >>>> >>> >>> >>> -- >>> Ben Parees | OpenShift >>> >>> -- Ben Parees | OpenShift
_______________________________________________ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users