Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-2137

Expose "Blob public access" option when configure the OpenShift - Registry in Azure

XMLWordPrintable

    • Icon: Feature Request Feature Request
    • Resolution: Done
    • Icon: Major Major
    • None
    • None
    • Registry
    • False
    • False

      1. Proposed title of this feature request
      Expose "Blob public access" option when configure the OpenShift - Registry in Azure

      2. What is the nature and description of the request?
      When configure the OpenShift Container Platform - Image Registry in Microsoft Azure, the following procedure shall be used:

      + Configuring registry storage for Azure

      As there is no option to set Blob public access, the default value of true will be taken. This is exposing some risk and specifically for Security sensitive customers they would like to have control over Blob public access and thus the ability to set this to false

      Exposing this in configs.imageregistry.operator.openshift.io for azure storage configruation could address this and allow security sensitive installation to set Blob public access to false while it would not impact existing customers as the default should still be true.

      3. Why does the customer need this? (List the business requirements here)
      For Security sensitive customers, they wish to restrict all components as best as possible. Since Blob public access can not be set for the OpenShift Container Platform - Image Registry Blob it would be useful to have this option. Even though Blob public access set to true does not allow anonymous access it's still considered a risk and something that should be possible to be configured.

      4. List any affected packages or components.
      Red Hat OpenShift Container Platform - Image Registry

              DanielMesser Daniel Messer
              rhn-support-sreber Simon Reber
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: