-
Notifications
You must be signed in to change notification settings - Fork 18.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
--insecure-regitsry, request for way to enable for all registries, without listing each registry. #8889
Comments
+1. Having everyone hand update their docker daemon arguments within boot2docker is a real pain. |
This topic is related to #8887. |
Why not |
The culprid seems to be 6a1ff02 But I couldn't find the corresponding PR or issues where that change was discussed. @tiborvass any ideas? |
Also lock to 1.3.0 due to issues in 1.3.1 (moby/moby#8889)
Also lock to 1.3.0 due to issues in 1.3.1 (moby/moby#8889)
Also lock to 1.3.0 due to issues in 1.3.1 (moby/moby#8889) (cherry picked from commit 2945539)
What about |
|
A more flexible way to do insecure whitelists would be great. Ideally, if I trust the physical security of my local network, I should be able to whitelist that. Can we support it based on a CIDR?
But we could also do |
+1 for support via CIDR. allowing a way to only allow insecure registries from a trusted network would be awesome, rather than the current implementation of having to whitelist every host a registry could land on. For our use case, we're running our registry on Fleet, backed by cephfs. Fleet can re-schedule the registry on any node in the cluster. With docker 1.3.1 we have to supply |
@jbeda or @bacongobbler can you file a different issue about |
Fixed by #9100 |
Also lock to 1.3.0 due to issues in 1.3.1 (moby/moby#8889) (cherry picked from commit 2945539)
We run internal unsecured docker registries in all CI and production datacenters. I must say that it would be very useful to simply enable access to all insecure registries without having to list them out one by one. We have multiple registries in each environment for HA, so the list is very long and as we add more datacenters we need to make certain we update that list.
Can we have an option to simply allow insecure registry access to any remote? i.e. --insecure-registry-all or something like that.
The text was updated successfully, but these errors were encountered: