How can I allow untrusted users to upload images to my registry?


I am designing a system which runs images for its users on a domain specific life cycle. From a security perspective, the users are untrusted, so I can not just give them full access to my registry.

Essentially, when a user defines a workload, the corresponding image needs to be uploaded to a repository in my registry. I've come up with a couple of ways this could be achieved:

  1. Create the repository for my user when they define a workload, given them temporary credentials which are scoped to be able to PUSH to that repository, have the Docker distribution on their local workstation authenticate with my registry, and push the image
  2. Export the image as a tar file, upload the tar file to my system, and have my trusted system broker the image upload to my registry
  3. Is there another design I'm over looking?

Are there registries which the community has created to support the authentication/authorization mechanism described in solution #1?

Any advice here would be welcome. Thank you.

submitted by /u/olibearo
[link] [comments]
Source: Reddit

Categorised as r/docker


Leave a Reply

Still Have Questions?

Our dedicated development team is here for you!

We can help you find answers to your question for as low as 5$.

Contact Us