local registry could be accessed without authentication
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
High
|
Jerry Sun |
Bug Description
Brief Description
-----------------
StarlingX's local registry (registry.
But with latest code, authentication is skipped due to there is default username and password configured in containerd. So user doesn't need provide auth info anymore, and could access registry.
This issue should relate to patch https:/
Severity
--------
Major
Steps to Reproduce
------------------
1. sudo docker pull busybox:latest
2. sudo docker login registry.local:9001 with admin account
3. sudo docker tag busybox:latest registry.
4. sudo docker push registry.
5. kubectl apply -f busybox.yaml
Here is the busybox.yaml file:
apiVersion: v1
kind: Pod
metadata:
name: busybox
namespace: default
spec:
containers:
- image: registry.
command:
- sleep
- "3600"
imagePullPo
name: busybox
restartPolicy: Always
Expected Behavior
------------------
Pod should fail to run due to containerd cannot pull the image from registry due to lack of secret info.
Actual Behavior
----------------
Pod could run successfully.
Reproducibility
---------------
100%
System Configuration
-------
AIO
Branch/Pull Time/Commit
-------
latest master code
Last Pass
---------
N/A
Timestamp/Logs
--------------
N/A
Test Activity
-------------
Developer Testing
Workaround
----------
N/A
tags: | added: stx.5.0 stx.containers |
Changed in starlingx: | |
importance: | Undecided → High |
status: | New → Triaged |
assignee: | nobody → Jerry Sun (jerry-sun-u) |
Fix proposed to branch: master /review. opendev. org/756557
Review: https:/