diff --git a/registries.conf.5.md b/registries.conf.5.md index 45fe632..1a7de22 100644 --- a/registries.conf.5.md +++ b/registries.conf.5.md @@ -1,50 +1,39 @@ -% registries.conf(5) System-wide registry configuration file -% Brent Baude -% Aug 2017 +% registries.conf(5) Container Registries Configuration File +% Dan Walsh +% March 2018 -# NAME -registries.conf - Syntax of System Registry Configuration File +## NAME +registries.conf - Syntax of Container Registries configuration file -# DESCRIPTION -The REGISTRIES configuration file is a system-wide configuration file for container image -registries. The file format is TOML. The valid categories are: 'registries.search', -'registries.insecure', and 'registries.block'. +## DESCRIPTION +The REGISTRIES configuration file specifies all of the available container registries for tools using shared container registries, but in a TOML format that can be more easily modified and versioned. `registries.conf` does not support recursive lists of registries. The default location for this configuration file is `/etc/containers/registries.conf`. -# FORMAT -The TOML_format is used to build a simple list format for registries under three -categories: `registries.search`, `registries.insecure`, and `registries.block`. -You can list multiple registries using a comma separated list. +The only valid categories are: `registries.search`, `registries.insecure`, and `registries.block`. -Search registries are used when the caller of a container runtime does not fully specify the -container image that they want to execute. These registries are prepended onto the front -of the specified container image until the named image is found at a registry. -Insecure Registries. By default container runtimes use TLS when retrieving images -from a registry. If the registry is not setup with TLS, then the container runtime -will fail to pull images from the registry. If you add the registry to the list of -insecure registries then the container runtime will attempt use standard web protocols to -pull the image. It also allows you to pull from a registry with self-signed certificates. -Note insecure registries can be used for any registry, not just the registries listed -under search. +## FORMAT +The [TOML format][toml] is used as the encoding of the configuration file. +Every option and subtable listed here is nested under a global "registries" table. +No bare options are used. -Block Registries. The registries in this category are are not pulled from when -retrieving images. +## Examples + [registries.search] + registries = ['quay.io', 'docker.io', 'registries.unsafe.com', 'registry.fedoraproject.org', 'registry.access.redhat.com'] -# EXAMPLE -The following example configuration defines two searchable registries, one -insecure registry, and two blocked registries. + # If you need to access insecure registries, add the registry's fully-qualified name. + # An insecure registry is one that does not have a valid SSL certificate or only does HTTP. + [registries.insecure] + registries = ['registries.unsafe.com'] -``` -[registries.search] -registries = ['registry1.com', 'registry2.com'] + # If you need to block push access from a registry, uncomment the section below + # and add the registries fully-qualified name. + # + # Docker only + [registries.block] + registries = [] -[registries.insecure] -registries = ['registry3.com'] +## Files +/etc/conainers/registries.conf -[registries.block] -registries = ['registry.untrusted.com', 'registry.unsafe.com'] -``` - -# HISTORY -Aug 2017, Originally compiled by Brent Baude -Jun 2018, Updated by Tom Sweeney +## HISTORY +March 2018, Originally compiled by Dan Walsh