Limit "docker pull" to certain image tags based on the user? #4279
Answered
by
jaydrogers
jaydrogers
asked this question in
Q&A
-
Hi everyone, Quick question
Example
The problem we're encounteringWhen someone runs Received payload on {
"account": "usera",
"scope": "repository:my-org/my-repo:pull",
"service": "my-registry.test"
} |
Beta Was this translation helpful? Give feedback.
Answered by
jaydrogers
Feb 15, 2024
Replies: 1 comment 2 replies
-
WorkaroundWe found the registry was not designed to set permissions on a per tag basis, so we were able to write our own authentication and wrap the registry in a proxy with Traefik: https://doc.traefik.io/traefik/middlewares/http/forwardauth/ |
Beta Was this translation helpful? Give feedback.
2 replies
Answer selected by
jaydrogers
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Workaround
We found the registry was not designed to set permissions on a per tag basis, so we were able to write our own authentication and wrap the registry in a proxy with Traefik: https://doc.traefik.io/traefik/middlewares/http/forwardauth/