mirror of https://github.com/docker/docs.git
jerae-duffin
GitHub
commit
4a95215f99
|
|
@ -1519,6 +1519,8 @@ manuals:
|
|||
title: FAQs
|
||||
- path: /docker-hub/image-access-management/
|
||||
title: Image Access Management
|
||||
- path: /docker-hub/registry-access-management/
|
||||
title: Registry Access Management
|
||||
- path: /docker-hub/onboarding-faqs/
|
||||
title: Onboarding FAQs
|
||||
|
||||
|
|
|
|||
|
|
@ -4,12 +4,14 @@ keywords: registry, access, managment
|
|||
title: Registry Access Management
|
||||
---
|
||||
|
||||
Registry Access Management is a feature available to organizations with a Docker Business subscription. This feature lets organization owners manage the registries that their developers can access while using Docker Desktop. When using this feature, organization owners can ensure that their developers can only access their trusted registries, such as a secure private registry on Artifactory, thereby reducing the security risks that can occur when developers interact with public registries.
|
||||
Registry Access Management is a feature available to organizations with a Docker Business subscription. With Registry Access Management, organization owners can ensure that their developers using Docker Desktop can only access registries that have been allow-listed via the Registry Access Management dashboard on Docker Hub (for example, a private Artifactory registry).
|
||||
|
||||
> **Note**
|
||||
>
|
||||
> Registry Access Management is currently offered as a closed beta to a closed group of Docker Business customers.
|
||||
{: .important}
|
||||
## Requirements:
|
||||
|
||||
Download Docker Desktop v4.8 or a later release.
|
||||
|
||||
- [Download and install for Windows](/desktop/windows/install/)
|
||||
- [Download and install for Mac](/desktop/mac/install/)
|
||||
|
||||
## Configure Registry Access Management permissions
|
||||
|
||||
|
|
@ -39,18 +41,13 @@ To ensure that each org member uses Registry Access Management on their local ma
|
|||
1. Download the latest version of Docker Desktop, and then
|
||||
2. Create a `registry.json` file.
|
||||
|
||||
Download Docker Desktop 4.5 or a later release.
|
||||
## Creating a registry.json file
|
||||
|
||||
- [Download and install for Windows](/desktop/windows/install/)
|
||||
- [Download and install for Mac](/desktop/mac/install/)
|
||||
|
||||
{% include configure-registry-json.md %}
|
||||
Create a `registry.json` file, by following the instructions for [Windows and Mac](/docker-hub/configure-sign-in/).
|
||||
|
||||
## Verify the restrictions
|
||||
|
||||
After you’ve created the registry.json file and deployed it onto the developers’ machines, you can verify whether the changes have taken effect by asking the developers to start Docker Desktop.
|
||||
|
||||
If the configuration is successful, Docker Desktop prompts the developer to authenticate using the organization credentials on start. If the developer fails to authenticate, or authenticates as a developer in the wrong organization they will see an error message, and they will be denied access to Docker Desktop.
|
||||
The new Registry Access Management policy should be in place after the developer successfully authenticates to Docker Desktop using their organization credentials. The developer can attempt to pull an image from a disallowed registry via the Docker CLI. They will then receive an error message that your organization has disallowed this registry.
|
||||
|
||||
### Caveats
|
||||
|
||||
|
|
|
|||
|
|
@ -11,7 +11,9 @@ For instance, if you run a container which binds to port 80 and you use `host`
|
|||
networking, the container's application is available on port 80 on the host's IP
|
||||
address.
|
||||
|
||||
> **Note**: Given that the container does not have its own IP-address when using
|
||||
> **Note**
|
||||
>
|
||||
> Given that the container does not have its own IP-address when using
|
||||
> `host` mode networking, [port-mapping](overlay.md#publish-ports) does not
|
||||
> take effect, and the `-p`, `--publish`, `-P`, and `--publish-all` option are
|
||||
> ignored, producing a warning instead:
|
||||
|
|
|
|||
|
|
@ -31,6 +31,7 @@ The registry is now ready to use.
|
|||
> TLS and should ideally use an access-control mechanism. Keep reading and then
|
||||
> continue to the [configuration guide](configuration.md) to deploy a
|
||||
> production-ready registry.
|
||||
{: .important}
|
||||
|
||||
## Copy an image from Docker Hub to your registry
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue