https://rancher.com/ logo
Title
l

limited-needle-7506

03/14/2023, 9:33 PM
Hi, When it comes to private registries, the user's credentials are stored in registries.yaml which is found in
/etc/rancher/k3s/
. But say the dev machine running k3s is shared by users with different credentials, each with access to the registries.yaml file and
/etc/rancher/k3s/
directory. How would I prevent user x from accessing/viewing user y's credentials stored in registries.yaml while at the same time using user's x credentials to pull and push to the private registry? Thanks in advance.
c

creamy-pencil-82913

03/14/2023, 9:34 PM
you wouldn’t. K3s doesn’t make any attempt to provide security from multiple administrators with access to configuration files.
l

limited-needle-7506

03/14/2023, 9:35 PM
Understood, thank you!
c

creamy-pencil-82913

03/14/2023, 9:36 PM
If you’re concerned about that, you should either give each dev a different host, or if you must all share a single cluster, lock them out of access to the host itself and give each dev a dedicated namespace that they are restricted to, and have them use ImagePullSecrets to authenticate to the registry when pulling images.
👍 1
l

limited-needle-7506

03/14/2023, 9:37 PM
Sweet, I will look into these options. Thanks much.