https://rancher.com/ logo
Title
r

rapid-napkin-54569

05/16/2023, 6:39 PM
So I know there have been some others that have maybe mentioned it before, but have any others ran into issues with using the network tunnel and allowed image list? It seems that as soon as I enable allowed images, I can no longer connect to docker registries on Windows. Is this a known issue?
Is this a known issue? @fast-garage-66093
f

fast-garage-66093

05/16/2023, 9:48 PM
I'm not aware of it. @calm-sugar-3169 have you tried the image allow list together with the new network tunnel mechanism?
c

calm-sugar-3169

05/16/2023, 10:34 PM
I don’t think it has been tested together during the experimental release. @rapid-napkin-54569 are you able to create an issue so I can take a look at it?
feel free to assign it to me.
r

rapid-napkin-54569

05/16/2023, 10:34 PM
Yessir! I was just about to. Thanks for taking a look!
c

calm-sugar-3169

05/16/2023, 10:35 PM
Thanks, I will take a look shortly.
r

rapid-napkin-54569

05/17/2023, 12:22 AM
f

fast-garage-66093

05/17/2023, 12:24 AM
But I can 😄
👍 1
r

rapid-napkin-54569

05/17/2023, 12:24 AM
Hahaha thank you
@calm-sugar-3169 please feel to reach out to me if you need assistance in replicating the issue. This is the last big hurdle of getting this rolled out at our company
👍 1
f

fast-garage-66093

05/17/2023, 8:44 PM
Oh, so you are not blocked on being able to lock down other fields besides Allowed Images? We are trying to get the required UI changes into 1.9, but I'm not sure if that will be done in time.
r

rapid-napkin-54569

05/17/2023, 8:48 PM
I mean we are doing the whole chmod and stuff still on the kubernetes files (so not great but still works). Allowed images is crucial because it stops even the work around people found. The vpn fix is crucial because it simply does not work until 1.8 on our systems. The auto update and telemetry were the other two if have to investigate but not total show-stoppers
f

fast-garage-66093

05/17/2023, 8:51 PM
Note that telemetry is not implemented, so that setting does do anything. Auto-update obviously sends your current version (and in 1.9 your OS version) to a server to get a list of available updates.
If you want to control updates, then you probably want to lock auto-updates to false. There is then no notification that a newer version is available, but if users can't upgrade by themselves anyways, then maybe that doesn't matter. But we should probably split the update checking from the installation code
r

rapid-napkin-54569

05/17/2023, 9:08 PM
Yeah the biggest right now for us is that allowed images with the vpn tunnel and hopefully the auto update