Uploaded image for project: 'Hadoop YARN'
  1. Hadoop YARN
  2. YARN-8472 YARN Container Phase 2
  3. YARN-8376

Separate white list for docker.trusted.registries and docker.privileged-container.registries

VotersWatch issueWatchersLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 3.3.0
    • None

    Description

      In the ideal world, it would be possible to have separate white lists for docker registry depending on the security requirement for each type of docker images:

      1. Registries from which we can run non-privileged containers without mounts
      2. Registries from which we can run non-privileged containers with mounts
      3. Registries from which we can run privileged or non-privileged containers with mounts

      In the current implementation, there are only type 1 and type 2 or 3. It would be nice to definite a separate white list to differentiate between 2 and 3.

      Attachments

        1. YARN-8376.001.patch
          6 kB
          Eric Yang
        2. YARN-8376.002.patch
          7 kB
          Eric Yang
        3. YARN-8376.003.patch
          7 kB
          Eric Yang

        Issue Links

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            eyang Eric Yang
            eyang Eric Yang
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment