diff options
| author | Achilleas Pipinellis <axilleas@axilleas.me> | 2016-12-01 14:24:12 +0100 |
|---|---|---|
| committer | Achilleas Pipinellis <axilleas@axilleas.me> | 2016-12-01 14:24:12 +0100 |
| commit | c345edcb7fe7f1daf3687bf7835ef82b54a48c7f (patch) | |
| tree | 6a20206c1080f51281593a60942e8f69654073bd /doc/user | |
| parent | 42dc2033dd4f04203c6f025ee96a058e050c9312 (diff) | |
| download | gitlab-ce-c345edcb7fe7f1daf3687bf7835ef82b54a48c7f.tar.gz | |
Document the need to use a PAT with Registry when 2FA is on
GitLab 8.12 introduced a new permissions model which tightened the
security of Container Registry. It is now required to use a personal
token if 2FA is enabled.
[ci skip]
Diffstat (limited to 'doc/user')
| -rw-r--r-- | doc/user/project/container_registry.md | 16 | ||||
| -rw-r--r-- | doc/user/project/new_ci_build_permissions_model.md | 16 |
2 files changed, 20 insertions, 12 deletions
diff --git a/doc/user/project/container_registry.md b/doc/user/project/container_registry.md index b205fea2c40..47a4a3f85d0 100644 --- a/doc/user/project/container_registry.md +++ b/doc/user/project/container_registry.md @@ -4,13 +4,15 @@ --- -> **Note** -Docker Registry manifest `v1` support was added in GitLab 8.9 to support Docker -versions earlier than 1.10. -> -This document is about the user guide. To learn how to enable GitLab Container -Registry across your GitLab instance, visit the -[administrator documentation](../../administration/container_registry.md). +>**Notes:** +- Docker Registry manifest `v1` support was added in GitLab 8.9 to support Docker + versions earlier than 1.10. +- This document is about the user guide. To learn how to enable GitLab Container + Registry across your GitLab instance, visit the + [administrator documentation](../../administration/container_registry.md). +- Starting from GitLab 8.12, if you have 2FA enabled in your account, you need + to pass a personal access token instead of your password in order to login to + GitLab's Container Registry. With the Docker Container Registry integrated into GitLab, every project can have its own space to store its Docker images. diff --git a/doc/user/project/new_ci_build_permissions_model.md b/doc/user/project/new_ci_build_permissions_model.md index 4f12acb8398..320faff65c5 100644 --- a/doc/user/project/new_ci_build_permissions_model.md +++ b/doc/user/project/new_ci_build_permissions_model.md @@ -187,11 +187,17 @@ To properly configure submodules with GitLab CI, read the With the update permission model we also extended the support for accessing Container Registries for private projects. -> **Note:** -As GitLab Runner 1.6 doesn't yet incorporate the introduced changes for -permissions, this makes the `image:` directive to not work with private projects -automatically. The manual configuration by an Administrator is required to use -private images. We plan to remove that limitation in one of the upcoming releases. +> **Notes:** +- GitLab Runner versions prior to 1.8 don't incorporate the introduced changes + for permissions. This makes the `image:` directive to not work with private + projects automatically and it needs to be configured manually on Runner's host + with a predefined account (for example administrator's personal account with + access token created explicitly for this purpose). This issue is resolved with + latest changes in GitLab Runner 1.8 which receives GitLab credentials with + build data. +- Starting with GitLab 8.12, if you have 2FA enabled in your account, you need + to pass a personal access token instead of your password in order to login to + GitLab's Container Registry. Your builds can access all container images that you would normally have access to. The only implication is that you can push to the Container Registry of the |