Channels
academy
amazon
arm
azure
cabpr
chinese
ci-cd
danish
deutsch
developer
elemental
epinio
espanol
events
extensions
fleet
français
gcp
general
harvester
harvester-dev
hobbyfarm
hypper
japanese
k3d
k3os
k3s
k3s-contributor
kim
kubernetes
kubewarden
lima
logging
longhorn-dev
longhorn-storage
masterclass
mesos
mexico
nederlands
neuvector-security
office-hours
one-point-x
onlinemeetup
onlinetraining
opni
os
ozt
phillydotnet
portugues
rancher-desktop
rancher-extensions
rancher-setup
rancher-wrangler
random
rfed_ara
rio
rke
rke2
russian
s3gw
service-mesh
storage
submariner
supermicro-sixsq
swarm
terraform-controller
terraform-provider-rancher2
terraform-provider-rke
theranchcast
training-0110
training-0124
training-0131
training-0207
training-0214
training-1220
ukranian
v16-v21-migration
vsphere
windows
Title
l
limited-needle-7506
03/14/2023, 9:33 PMHi,
When it comes to private registries, the user's credentials are stored in registries.yaml which is found in
/etc/rancher/k3s//etc/rancher/k3s/c
creamy-pencil-82913
03/14/2023, 9:34 PMyou wouldn’t. K3s doesn’t make any attempt to provide security from multiple administrators with access to configuration files.
l
limited-needle-7506
03/14/2023, 9:35 PMUnderstood, thank you!
c
creamy-pencil-82913
03/14/2023, 9:36 PMIf you’re concerned about that, you should either give each dev a different host, or if you must all share a single cluster, lock them out of access to the host itself and give each dev a dedicated namespace that they are restricted to, and have them use ImagePullSecrets to authenticate to the registry when pulling images.
👍 1
l
limited-needle-7506
03/14/2023, 9:37 PMSweet, I will look into these options. Thanks much.