Skip to content

Additional configuration

To give the administrator a more personalized cluster configuration, the OSCAR manager searches for a config map on the cluster with the additional properties to apply. Since this is still a work in progress, the only configurable property currently is the container images' origin. As seen in the following ConfigMap definition, you can set a list of "prefixes" that you consider secure repositories, so images that do not come from one of these are restricted.

apiVersion: v1
kind: ConfigMap
metadata:
  name: config.yaml
  namespace: oscar
data:
  config.yaml: |
    images:
      allowed_image_repositories:  '["ghcr.io/grycap",...]'

Also, the administrator can use the PUT /system/config API call to modify the trusted image repositories. The next example only allows images from the ghcr.io/grycap repository/owner.

curl -vX PUT  -H "Authorization: Basic <echo 'user:password' -n | base64>"  https://<oscar_endpoint>/system/config -d '{"allowed_image_repositories":["ghcr.io/grycap"]}'

Additionally, this property can be added when creating an OSCAR cluster through the IM, which will automatically create the ConfigMap.

allowed-prefixes

Managed volumes do not require extra entries in this additional configuration file. Volume provisioning uses the cluster storage integration already configured for OSCAR.