[YARN-8376] Separate white list for docker.trusted.registries and docker.privileged-container.registries - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Sub-task
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 3.3.0
Component/s: None
Labels:
- docker

Description

In the ideal world, it would be possible to have separate white lists for docker registry depending on the security requirement for each type of docker images:

1. Registries from which we can run non-privileged containers without mounts
2. Registries from which we can run non-privileged containers with mounts
3. Registries from which we can run privileged or non-privileged containers with mounts

In the current implementation, there are only type 1 and type 2 or 3. It would be nice to definite a separate white list to differentiate between 2 and 3.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

YARN-8376.001.patch
01/Mar/19 00:01
6 kB
Eric Yang
YARN-8376.002.patch
01/Mar/19 16:15
7 kB
Eric Yang
YARN-8376.003.patch
13/Mar/19 22:52
7 kB
Eric Yang

Issue Links

duplicates

YARN-8343 YARN should have ability to run images only from a whitelist docker registries

Resolved

is related to

YARN-8342 Using docker image from a non-privileged registry, the launch_command is not honored

Resolved

Activity

People

Assignee:: Eric Yang

Reporter:: Eric Yang

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 29/May/18 19:32

Updated:: 14/Mar/19 19:54

Resolved:: 14/Mar/19 19:41