From 9b53f96ae2a46a26cc48aec160eee6e83e6b3769 Mon Sep 17 00:00:00 2001 From: continuist Date: Sat, 28 Jun 2025 14:06:57 -0400 Subject: [PATCH] Remove unnecessary read-user from registry config --- CI_CD_PIPELINE_SETUP_GUIDE.md | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/CI_CD_PIPELINE_SETUP_GUIDE.md b/CI_CD_PIPELINE_SETUP_GUIDE.md index aa0f46c..2d039d2 100644 --- a/CI_CD_PIPELINE_SETUP_GUIDE.md +++ b/CI_CD_PIPELINE_SETUP_GUIDE.md @@ -490,20 +490,16 @@ exit # Switch to SERVICE_USER (registry directory owner) sudo su - SERVICE_USER -# Create htpasswd file for authentication (required for push operations) +# Create htpasswd file for authentication (required for push operations only) mkdir -p /opt/registry/auth htpasswd -Bbn push-user "$(openssl rand -base64 32)" > /opt/registry/auth/auth.htpasswd -# Create a read-only user (optional, for additional security) -htpasswd -Bbn read-user "$(openssl rand -base64 32)" >> /opt/registry/auth/auth.htpasswd - # Exit SERVICE_USER shell exit ``` **What this does**: Creates user credentials for registry authentication. -- `push-user`: Can push and pull images (used by CI/CD pipeline for deployments) -- `read-user`: Can only pull images (optional, for read-only access) +- `push-user`: Can push images (used by CI/CD pipeline for deployments) **Note**: Pull operations are public and don't require authentication, but push operations require these credentials.