The following features included in the docker component (docker-1.4 and higher) are not yet upstream, and considered experimental. The user interface for these features may change in future releases. The features are fully supported as part of a standard Red Hat Enterprise Linux or Red Hat Enterprise Linux Atomic host deployment.
Registry Access Control: The docker daemon includes two options to manage which registries it can connect to. These can be defined in /etc/sysconfig/docker with the ADD_REGISTRY and BLOCK_REGISTRY options.
# If you want to add your own registry to be used for docker search and docker # pull use the ADD_REGISTRY option to list a set of registries, each prepended # with --add-registry flag. The first registry added will be the first registry # searched. ADD_REGISTRY='--add-registry registry.access.redhat.com'
Each registry in ADD_REGISTRY is searched in order of appearance in the configuration file. Red Hat's default includes
an entry for the Red Hat maintained registry (registry.access.redhat.com) on the Red Hat Customer Portal for images from Red Hat product families.
# If you want to block registries from being used, uncomment the BLOCK_REGISTRY # option and give it a set of registries, each prepended with --block-registry # flag. For example adding docker.io will stop users from downloading images # from docker.io # BLOCK_REGISTRY='--block-registry'
The default configuration includes access to the Docker Hub as builtin feature of the docker component, To prevent access to the Docker Hub, a special keyword "public", should be used in the BLOCK_REGISTRY option.
Network Namespace Creation: In addition to docker automatically creating namespaces needed to start a container instance, users can now specify an externally created network namespace. This will facilitate the usage of external network interface creation tools to be leveraged in a docker container context.
The PATH is replaced with the network namespace path entry in /var/run/netns/. Tools such as ip netns can be used to create manage independent network namespaces and interfaces.
- Article Type