Project

General

Profile

Actions
Copy link

Feature #44886

closed

cephadm: allow use of authenticated registry

Added by Sage Weil almost 6 years ago. Updated 8 months ago.

Status:
Resolved
Priority:
High
Assignee:
Adam King
Category:
cephadm
Target version:
Ceph - v15.2.5
% Done:

0%

Source:
Backport:
Reviewed:
Affected Versions:
Pull request ID:
36012
Tags (freeform):
Merge Commit:
2a25db1cf14a8dc9dfa0505ae3ade86580580bde
Fixed In:
v16.0.0-3876-g2a25db1cf1
Released In:
v16.2.0~1859
Upkeep Timestamp:
2025-07-15T01:16:04+00:00

Description

Users may need to use an authenticated registry, e.g. in air-gapped deployments.

We could punt and require that the host have all this configured so that we can just pull... Or we could teach cephadm how to take auth credentials (user/pass? cert?) and pass it around as needed.

https://pad.ceph.com/p/cephadm-registry-credentials

Actions
Copy link
 #1

Updated by Sebastian Wagner almost 6 years ago

and then the next request will be to support untrusted registries... and so on

Actions
Copy link
 #2

Updated by Kefu Chai almost 6 years ago

  • Status changed from New to In Progress
  • Assignee set to Kefu Chai
  • Pull request ID set to 35217
Actions
Copy link
 #3

Updated by Kefu Chai almost 6 years ago

  • Description updated (diff)
Actions
Copy link
 #4

Updated by Kefu Chai almost 6 years ago

  • Assignee deleted (Kefu Chai)
Actions
Copy link
 #5

Updated by Sebastian Wagner almost 6 years ago

  • Status changed from In Progress to New
Actions
Copy link
 #6

Updated by Sebastian Wagner over 5 years ago

  • Priority changed from Normal to High
Actions
Copy link
 #7

Updated by Sebastian Wagner over 5 years ago 

cephadm registry-login user pw

plus storing the credentials in the mgr/cephadm

Actions
Copy link
 #8

Updated by Denys Kondratenko over 5 years ago

should registry management and authentication be handled on cri-o level by system admin or maybe by cephadm as helper?

crio.conf:

**global_auth_file**="" 
  The path to a file like /var/lib/kubelet/config.json holding credentials necessary for pulling images from secure registries.

Actions
Copy link
 #9

Updated by Adam King over 5 years ago

  • Assignee set to Adam King
Actions
Copy link
 #10

Updated by Sebastian Wagner over 5 years ago

Denys Kondratenko wrote:

should registry management and authentication be handled on cri-o level by system admin or maybe by cephadm as helper?

crio.conf:
[...]

cephadm doesn't use cri-o, but plain podman. but yeah, cephadm should IMO orchestrate this cluster-wide

Actions
Copy link
 #11

Updated by Sebastian Wagner over 5 years ago

  • Status changed from New to Fix Under Review
  • Pull request ID changed from 35217 to 36012
Actions
Copy link
 #12

Updated by Adam King over 5 years ago

  • Status changed from Fix Under Review to Resolved
Actions
Copy link
 #13

Updated by Sebastian Wagner over 5 years ago

  • Category set to cephadm
  • Target version set to v15.2.5
Actions
Copy link
 #14

Updated by Upkeep Bot 8 months ago

  • Merge Commit set to 2a25db1cf14a8dc9dfa0505ae3ade86580580bde
  • Fixed In set to v16.0.0-3876-g2a25db1cf1
  • Released In set to v16.2.0~1859
  • Upkeep Timestamp set to 2025-07-15T01:16:04+00:00
Actions
Copy link

Also available in: Atom PDF