Skip to content
This repository has been archived by the owner on Mar 16, 2024. It is now read-only.

Commit

Permalink
Add info about the shared image registry (#1885)
Browse files Browse the repository at this point in the history 
Signed-off-by: Grant Linville <grant@acorn.io>
Co-authored-by: Craig Jellick <craig.jellick@gmail.com>
  • Loading branch information
@g-linville @cjellick
g-linville and cjellick committed Jul 6, 2023
1 parent 36e45cb commit d591c99
Showing 1 changed file with 8 additions and 0 deletions.
8 changes: 8 additions & 0 deletions docs/docs/60-architecture/02-security-considerations.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,14 @@ acorn:project:view
acorn:project:view-logs
```

### Shared Image Registry

Default installations of Acorn Runtime will deploy an OCI registry into Kubernetes, which will be the default image storage for all projects.
This registry is not secured with credentials.
Acorn's API server performs basic checks to try to prevent users from trivially accessing images that belong to other projects, but this is not guaranteed.

You can configure Acorn to use an external OCI registry, but the credentials are shared between all projects, so the security implications around image access are the same. Future releases will improve upon this by providing a framework for isolating registries.

## Credentials

Credentials refer to credentials used to pull from and/or push to OCI registries.
Expand Down

0 comments on commit d591c99

Please sign in to comment.