Loading...

XML

Word

Printable

Type: Story
Resolution: Unresolved
Priority: Undefined
Fix Version/s: None
Affects Version/s: None
Component/s: None
Labels:
None

Activity Type:
Product / Portfolio Work
Story Points:
3
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Epic Link:
InternalReleaseImage registry credentials management
Color Status:
Not Selected
Intelligence Requested:
Market:

Sprint:
Agent Sprint 285

Target Version:

openshift-4.22

SFDC Cases Links:
SFDC Cases Open:
SFDC Cases Counter:

User Story:

As a (user persona), I want to be able to:

have the IRI registry access be authenticated

so that I can

restrict access to the registry

Acceptance Criteria:

Description of criteria:

Generate IRI registry credentials (username: openshift, 32-byte random password with bcrypt hash)
Create Secret manifest “iri-registry-auth” in openshift-machine-config-operator namespace
Secret contains: htpasswd field (bcrypt hash) and password field (plaintext for pull secret)
Update agent ignition asset to merge IRI credentials into pull secret
Credentials stored in Docker config JSON format at registry hostname api-int.<cluster-domain>:22625
The credentials are merged into the global pull secret at runtime when assisted-service calls openshift-install to create the ignition files

(optional) Out of Scope:

Does not add credentials to the IRI registry running on the live ISO.

Engineering Details:

(optional) https://github/com/link.to.enhancement/
(optional) https://issues.redhat.com/link.to.spike
Engineering detail 1
Engineering detail 2

This requires/does not require a design proposal.
This requires/does not require a feature gate.

links to

openshift/installer#10389: AGENT-1448: Add IRI registry authentication support

Assignee:: Richard Su

Reporter:: Richard Su

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2026/02/11 10:57 PM

Updated:: 2026/03/12 7:46 PM