Reputation: 41
Docker registry: Limit access by account to subset of images
Maybe a simple-to-answer Question: How can I set up a private docker reposiory and limit the Access to only a subset of the Images there that one can pull ? E.g. I have Image1 and Image2 pushed, but want to allow one Image2 being pullable by account USER1 ?
Upvotes: 3
Views: 1129
Answers (1)
Reputation: 263856
This tends to get into the commercial offerings of docker (DTR). The spec itself for the registry includes all of the capabilities for auth, and you can configure a simple htpasswd based login on the standalone registry. However for the next step up, you get into a token server which docker doesn't have an open source implementation of themselves. You could work around this limitation by deploying multiple registry servers, each with a different set of users in a htpasswd file.
There are various third party implementations of the docker registry that may include these features. In the open source space, there's a project called cesanta/docker_auth that works with docker's stand alone registry and does exactly what you're looking for. The next step up is the harbor project that should be all most organizations need from a registry, but may be more complicated and have more overhead for a small project.
Upvotes: 2
Related Questions
- Allow one private registry with docker
- Creating Docker image hierarchy with private registry
- Docker registry (local): how to limit the number of unique tags per image?
- Can I limit a service account's authorization to specific images within GCP container registery?
- Account based image pull permission in Azure Container Registry
- Multiple users for private Docker registry?
- Google Container Registry Per Image ACLs
- how to restrict docker to pull/push to specific registry
- Specifics access to a external docker registry with multi-users
- Access control for private docker registry