| Server IP : 62.109.13.187 / Your IP : 216.73.216.11 [ Web Server : Apache/2.4.6 (CentOS) mpm-itk/2.4.7-04 OpenSSL/1.0.2k-fips PHP/8.2.28 System : Linux robothost.ru 3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024 x86_64 User : mosrembit ( 6064) PHP Version : 8.2.28 Disable Function : NONE Domains : 0 Domains MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : ON Directory : /etc/containers/ |
Upload File : |
# For more information on this configuration file, see containers-registries.conf(5). # # There are multiple versions of the configuration syntax available, where the # second iteration is backwards compatible to the first one. Mixing up both # formats will result in an runtime error. # # The initial configuration format looks like this: # # NOTE: RISK OF USING UNQUALIFIED IMAGE NAMES # Red Hat recommends always using fully qualified image names including the registry server (full dns name), # namespace, image name, and tag (ex. registry.redhat.io/ubi8/ubu:latest). When using short names, there is # always an inherent risk that the image being pulled could be spoofed. For example, a user wants to. # pull an image named `foobar` from a registry and expects it to come from myregistry.com. If myregistry.com # is not first in the search list, an attacker could place a different `foobar` image at a registry earlier # in the search list. The user would accidentally pull and run the attacker's image and code rather than the # intended content. Red Hat recommends only adding registries which are completely trusted, i.e. registries # which don't allow unknown or anonymous users to create accounts with arbitrary names. This will prevent # an image from being spoofed, squatted or otherwise made insecure. If it is necessary to use one of these # registries, it should be added at the end of the list. # # It is recommended to use fully-qualified images for pulling as the # destination registry is unambiguous. Pulling by digest # (i.e., quay.io/repository/name@digest) further eliminates the ambiguity of # tags. # The following registries are a set of secure defaults provided by Red Hat. # Each of these registries provides container images curated, patched # and maintained by Red Hat and its partners #[registries.search] #registries = ['registry.access.redhat.com', 'registry.redhat.io'] # To ensure compatibility with docker we've included docker.io in the default search list. However Red Hat # does not curate, patch or maintain container images from the docker.io registry. [registries.search] registries = ['registry.access.redhat.com', 'registry.redhat.io', 'docker.io'] # The following registries entry can be used for convenience but includes # container images built by the community. This set of content comes with all # of the risks of any user generated content including security and performance # issues. To use this list first comment out the default list, then uncomment # the following list #[registries.search] #registries = ['registry.access.redhat.com', 'registry.redhat.io', 'docker.io', 'quay.io'] # Registries that do not use TLS when pulling images or uses self-signed # certificates. [registries.insecure] registries = [] # Blocked Registries, blocks the `docker daemon` from pulling from the blocked registry. If you specify # "*", then the docker daemon will only be allowed to pull from registries listed above in the search # registries. Blocked Registries is deprecated because other container runtimes and tools will not use it. # It is recommended that you use the trust policy file /etc/containers/policy.json to control which # registries you want to allow users to pull and push from. policy.json gives greater flexibility, and # supports all container runtimes and tools including the docker daemon, cri-o, buildah ... # The atomic CLI `atomic trust` can be used to easily configure the policy.json file. [registries.block] registries = [] # The second version of the configuration format allows to specify registry # mirrors: # # # An array of host[:port] registries to try when pulling an unqualified image, in order. # unqualified-search-registries = ["example.com"] # # [[registry]] # # The "prefix" field is used to choose the relevant [[registry]] TOML table; # # (only) the TOML table with the longest match for the input image name # # (taking into account namespace/repo/tag/digest separators) is used. # # # # If the prefix field is missing, it defaults to be the same as the "location" field. # prefix = "example.com/foo" # # # If true, unencrypted HTTP as well as TLS connections with untrusted # # certificates are allowed. # insecure = false # # # If true, pulling images with matching names is forbidden. # blocked = false # # # The physical location of the "prefix"-rooted namespace. # # # # By default, this equal to "prefix" (in which case "prefix" can be omitted # # and the [[registry]] TOML table can only specify "location"). # # # # Example: Given # # prefix = "example.com/foo" # # location = "internal-registry-for-example.net/bar" # # requests for the image example.com/foo/myimage:latest will actually work with the # # internal-registry-for-example.net/bar/myimage:latest image. # location = internal-registry-for-example.com/bar" # # # (Possibly-partial) mirrors for the "prefix"-rooted namespace. # # # # The mirrors are attempted in the specified order; the first one that can be # # contacted and contains the image will be used (and if none of the mirrors contains the image, # # the primary location specified by the "registry.location" field, or using the unmodified # # user-specified reference, is tried last). # # # # Each TOML table in the "mirror" array can contain the following fields, with the same semantics # # as if specified in the [[registry]] TOML table directly: # # - location # # - insecure # [[registry.mirror]] # location = "example-mirror-0.local/mirror-for-foo" # [[registry.mirror]] # location = "example-mirror-1.local/mirrors/foo" # insecure = true # # Given the above, a pull of example.com/foo/image:latest will try: # # 1. example-mirror-0.local/mirror-for-foo/image:latest # # 2. example-mirror-1.local/mirrors/foo/image:latest # # 3. internal-registry-for-example.net/bar/myimage:latest # # in order, and use the first one that exists.