summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSteve Azzopardi <steveazz@outlook.com>2018-11-06 13:24:11 +0100
committerSteve Azzopardi <steveazz@outlook.com>2018-11-07 11:24:20 +0100
commite64b0116cfae2a6bb6eee0c69b569e94f0b81600 (patch)
tree2ed3d685e07b33d2a79af4200347f1bdc81bba51
parentd19a6f686c32ed4892b4698f77e69e47890ad678 (diff)
downloadgitlab-ce-e64b0116cfae2a6bb6eee0c69b569e94f0b81600.tar.gz
Emphasis the importance of auth registrydocs/add-warning-for-registry-configuration
The container registry requires the `auth` config to be set up properly or users will be able to download images that they are not authorized to do so. For example https://gitlab.com/gitlab-org/gitlab-runner/issues/3652
-rw-r--r--doc/administration/container_registry.md5
1 files changed, 4 insertions, 1 deletions
diff --git a/doc/administration/container_registry.md b/doc/administration/container_registry.md
index 890b780fe80..cfe7b0e05e3 100644
--- a/doc/administration/container_registry.md
+++ b/doc/administration/container_registry.md
@@ -71,7 +71,7 @@ A Registry init file is not shipped with GitLab if you install it from source.
Hence, [restarting GitLab][restart gitlab] will not restart the Registry should
you modify its settings. Read the upstream documentation on how to achieve that.
-At the absolute minimum, make sure your [Registry configuration][registry-auth]
+At the **absolute** minimum, make sure your [Registry configuration][registry-auth]
has `container_registry` as the service and `https://gitlab.example.com/jwt/auth`
as the realm:
@@ -84,6 +84,9 @@ auth:
rootcertbundle: /root/certs/certbundle
```
+CAUTION: **Caution:**
+If `auth` is not set up, users will be able to pull docker images without authentication.
+
## Container Registry domain configuration
There are two ways you can configure the Registry's external domain.