Perfect thanks I'll give that a go :) On Wed, Aug 22, 2018 at 2:59 PM Ben Parees <[email protected]> wrote:
> > > On Wed, Aug 22, 2018 at 9:58 AM, Ben Parees <[email protected]> wrote: > >> >> >> On Wed, Aug 22, 2018 at 9:49 AM, David Conde <[email protected]> wrote: >> >>> Thanks, will system:unauthenticated not open up the registry to people >>> who are not authenticated at all? Also where do these permissions need to >>> be added? >>> >> >> I think you'd use oc adm policy add-cluster-role-to-group, add the >> system:image-puller role to the system:authenticated group. >> > > > Sorry, that would be if you want everyone to be able to pull everything. > > if you only want to expose one project, then just "add-role-to-group" and > specify the namespace as well. > > > >> >> >>> I have created a new service account that is dedicated to pushing the >>> images, this has been given the cluster permission of registry-admin. The >>> goal is to now have the images available to be pulled in to any project. >>> >>> Thanks again, >>> Dave >>> >>> On Wed, Aug 22, 2018 at 2:42 PM David Eads <[email protected]> wrote: >>> >>>> They are groups. "system:authenticated" and "system:unauthenticated" >>>> and you probably want to assign both. >>>> >>>> On Wed, Aug 22, 2018 at 9:39 AM Ben Parees <[email protected]> wrote: >>>> >>>>> >>>>> >>>>> On Wed, Aug 22, 2018 at 6:51 AM, David Conde <[email protected]> >>>>> wrote: >>>>> >>>>>> Is it possible to add global pull permissions to a project in the >>>>>> registry? I'm looking to have a single place for pushing images to that >>>>>> all >>>>>> projects can access, similar to how the Openshift project works for image >>>>>> and template access. >>>>>> >>>>> >>>>> you should be able to add appropriate permissions to the >>>>> "system:authenticated" role which would allow any authenticated user to >>>>> access it. CCing David+Jordan who may have a more preferred approach. >>>>> >>>>> >>>>> >>>>> >>>>>> >>>>>> Thanks, >>>>>> Dave >>>>>> >>>>>> _______________________________________________ >>>>>> users mailing list >>>>>> [email protected] >>>>>> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Ben Parees | OpenShift >>>>> >>>>> >> >> >> -- >> Ben Parees | OpenShift >> >> > > > -- > Ben Parees | OpenShift > >
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
