Emphasis the importance of auth registrydocs/add-warning-for-registry-configuration

The container registry requires the `auth` config to be set up properly
or users will be able to download images that they are not authorized to
do so.

For example https://gitlab.com/gitlab-org/gitlab-runner/issues/3652

1 files changed, 4 insertions, 1 deletions

diff --git a/doc/administration/container_registry.md b/doc/administration/container_registry.md
index 890b780fe80..cfe7b0e05e3 100644
--- a/doc/administration/container_registry.md
+++ b/doc/administration/container_registry.md
@@ -71,7 +71,7 @@ A Registry init file is not shipped with GitLab if you install it from source.
 Hence, [restarting GitLab][restart gitlab] will not restart the Registry should
 you modify its settings. Read the upstream documentation on how to achieve that.
 
-At the absolute minimum, make sure your [Registry configuration][registry-auth]
+At the **absolute** minimum, make sure your [Registry configuration][registry-auth]
 has `container_registry` as the service and `https://gitlab.example.com/jwt/auth`
 as the realm:
 
@@ -84,6 +84,9 @@ auth:
     rootcertbundle: /root/certs/certbundle
 ```
 
+CAUTION: **Caution:**
+If `auth` is not set up, users will be able to pull docker images without authentication.
+
 ## Container Registry domain configuration
 
 There are two ways you can configure the Registry's external domain.