On Wed, Aug 22, 2018 at 9:58 AM, Ben Parees <[email protected]> wrote:
> > > On Wed, Aug 22, 2018 at 9:49 AM, David Conde <[email protected]> wrote: > >> Thanks, will system:unauthenticated not open up the registry to people >> who are not authenticated at all? Also where do these permissions need to >> be added? >> > > I think you'd use oc adm policy add-cluster-role-to-group, add the > system:image-puller role to the system:authenticated group. > Sorry, that would be if you want everyone to be able to pull everything. if you only want to expose one project, then just "add-role-to-group" and specify the namespace as well. > > >> I have created a new service account that is dedicated to pushing the >> images, this has been given the cluster permission of registry-admin. The >> goal is to now have the images available to be pulled in to any project. >> >> Thanks again, >> Dave >> >> On Wed, Aug 22, 2018 at 2:42 PM David Eads <[email protected]> wrote: >> >>> They are groups. "system:authenticated" and "system:unauthenticated" >>> and you probably want to assign both. >>> >>> On Wed, Aug 22, 2018 at 9:39 AM Ben Parees <[email protected]> wrote: >>> >>>> >>>> >>>> On Wed, Aug 22, 2018 at 6:51 AM, David Conde <[email protected]> wrote: >>>> >>>>> Is it possible to add global pull permissions to a project in the >>>>> registry? I'm looking to have a single place for pushing images to that >>>>> all >>>>> projects can access, similar to how the Openshift project works for image >>>>> and template access. >>>>> >>>> >>>> you should be able to add appropriate permissions to the >>>> "system:authenticated" role which would allow any authenticated user to >>>> access it. CCing David+Jordan who may have a more preferred approach. >>>> >>>> >>>> >>>> >>>>> >>>>> Thanks, >>>>> Dave >>>>> >>>>> _______________________________________________ >>>>> users mailing list >>>>> [email protected] >>>>> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >>>>> >>>>> >>>> >>>> >>>> -- >>>> Ben Parees | OpenShift >>>> >>>> > > > -- > Ben Parees | OpenShift > > -- Ben Parees | OpenShift
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
