From 582ae24e73a17e256cdffa74891667e24e77be67 Mon Sep 17 00:00:00 2001 From: Jerry Sun Date: Thu, 8 Aug 2024 13:57:45 -0400 Subject: [PATCH] Add new pause image to public image list The pause image used to be hosted at k8s.gcr.io/pause, and is treated as a public image (anyone can pull) by registry.local:9001. The image is moving from k8s.gcr.io/pause to registry.k8s.io/pause. This commit adds its new home at registry.k8s.io/pause to the public image list, allowing anyone to pull it. Testing PASS: docker pull registry.k8s.io/pause with our guest account (mtce) as well as a new user PASS: crictl pull registry.k8s.io/pause with our guest account (mtce) as well as a new user PASS: Install and bootstrap Partial-Bug: 2076368 Change-Id: I49354b92b3ab90859c0e57a9aea7aa662b6c4038 Signed-off-by: Jerry Sun --- registry-token-server/src/main.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/registry-token-server/src/main.go b/registry-token-server/src/main.go index 895026e..49f6229 100644 --- a/registry-token-server/src/main.go +++ b/registry-token-server/src/main.go @@ -1,6 +1,6 @@ // Initial file was taken from https://github.com/docker/distribution 2018 Sept // -// Copyright (c) 2018 Wind River Systems, Inc. +// Copyright (c) 2018-2024 Wind River Systems, Inc. // // SPDX-License-Identifier: Apache-2.0 // @@ -208,6 +208,7 @@ func filterAccessList(ctx context.Context, scope string, requestedAccessList []a // acmesolver is deployed in a namespace that don't have access to pull secrets // n3000-opae is used during puppet manifest at which point credentials cannot be obtained publicImages := []string{"k8s.gcr.io/pause", + "registry.k8s.io/pause", "docker.io/starlingx/n3000-opae", "quay.io/jetstack/cert-manager-acmesolver"}