f63f0912c6
Fixed typo in LetsEncrypt example Removed duplicate Datanet entry from main index.rst Reworked Use Kubernetes CPU Manager Static Policy prerequisite block. Restored fault/index version of FM toctree in top-level index. Added merged doc entries to top level index.rst. Incorporated review comments. Also some generic formatting clean-up such as converting abbreviations to rST-style :abbr: markup. Moved url with embedded substitution out of code-block. Addressed patch 2 review comments. Some addtional rST tidying. See comment replies for open questions/issues. This patch fixes an issue with 'stx' in filenames that may differ downstream using-an-image-from-the-local-docker-registry-in-a-container-spec new substitution and changing code-blocks to parsed-literals as required. Initial submission for review. Note that a couple of references to WR persist in examples. These will be marked up with comments in the review. Signed-off-by: Stone <ronald.stone@windriver.com> Change-Id: I1efef569842caff5def9dc00395b594d91d7a5d0 Signed-off-by: Stone <ronald.stone@windriver.com>
46 lines
1.5 KiB
ReStructuredText
46 lines
1.5 KiB
ReStructuredText
|
|
.. qly1582054834918
|
|
.. _kubernetes-user-tutorials-authentication-and-authorization:
|
|
|
|
======================================================
|
|
Local Docker Registry Authentication and Authorization
|
|
======================================================
|
|
|
|
Authentication is enabled for the local docker registry. When logging in, users
|
|
are authenticated using their platform keystone credentials.
|
|
|
|
For example:
|
|
|
|
.. code-block:: none
|
|
|
|
$ docker login registry.local:9001 -u <keystoneUserName> -p <keystonePassword>
|
|
|
|
An authorized administrator can perform any docker action, while regular users
|
|
can only interact with their own repositories \(i.e.
|
|
``registry.local:9001/<keystoneUserName>/``\). For example, only **admin** and
|
|
**testuser** accounts can push to or pull from:
|
|
|
|
.. code-block:: none
|
|
|
|
registry.local:9001/testuser/busybox:latest
|
|
|
|
.. _kubernetes-user-tutorials-authentication-and-authorization-d315e59:
|
|
|
|
---------------------------------
|
|
Username and Docker Compatibility
|
|
---------------------------------
|
|
|
|
Repository names in Docker registry paths must be lower case. For this reason,
|
|
a keystone user must exist that consists of all lower case characters. For
|
|
example, the user **testuser** is correct in the following URL, while
|
|
**testUser** would result in an error:
|
|
|
|
.. code-block:: none
|
|
|
|
registry.local:9001/testuser/busybox:latest
|
|
|
|
.. seealso::
|
|
`https://docs.docker.com/engine/reference/commandline/docker/
|
|
<https://docs.docker.com/engine/reference/commandline/docker/>`__ for more
|
|
information about docker commands.
|