Configuring a registry access policy
You can set up policies for accessing a registry from specific IP addresses.
- In the management console, select the folder where the registry is located.
- Go to Cloud Registry.
- Select the registry.
- Navigate to the Access for IP addresses tab.
- Click Configure access.
- Enter the IP address and specify an action:
PULL: Permission to pull artifacts from the registry.PUSH: Permission to push artifacts to the registry.
- To configure access for multiple IPs, click Add.
- Click Save.
If you do not have the Yandex Cloud CLI yet, install and initialize it.
The folder used by default is the one specified when creating the CLI profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id options.
-
Set the registry access policy:
yc cloud-registry registry add-ip-permissions <registry_name_or_ID> \ --pull <IP_address> \ --push <IP_address>Where:
--pull: Flag that allows pulling artifacts from the registry.--push: Flag that allows pushing artifacts to the registry.
Result:
done (1s)To delete all configured registry access policies and set new ones right away, use the
yc cloud-registry registry set-ip-permissionscommand. -
Check the current permissions:
yc cloud-registry registry list-ip-permissions <registry_name_or_ID>Result:
+--------+-----------+ | ACTION | IP | +--------+-----------+ | PULL | 10.1.2.11 | | PUSH | 10.1.2.11 | +--------+-----------+
To configure a registry access policy, use the updateIpPermissions REST API method for the Registry resource or the RegistryService/UpdateIpPermissions gRPC API call.