summaryrefslogtreecommitdiff
path: root/data/templates/containers/registries.conf.j2
diff options
context:
space:
mode:
Diffstat (limited to 'data/templates/containers/registries.conf.j2')
-rw-r--r--data/templates/containers/registries.conf.j227
1 files changed, 0 insertions, 27 deletions
diff --git a/data/templates/containers/registries.conf.j2 b/data/templates/containers/registries.conf.j2
deleted file mode 100644
index 4057bb452..000000000
--- a/data/templates/containers/registries.conf.j2
+++ /dev/null
@@ -1,27 +0,0 @@
-### Autogenerated by /usr/libexec/vyos/conf_mode/containers.py ###
-
-# For more information on this configuration file, see containers-registries.conf(5).
-#
-# NOTE: RISK OF USING UNQUALIFIED IMAGE NAMES
-# We recommend always using fully qualified image names including the registry
-# server (full dns name), namespace, image name, and tag
-# (e.g., registry.redhat.io/ubi8/ubi:latest). Pulling by digest (i.e.,
-# quay.io/repository/name@digest) further eliminates the ambiguity of tags.
-# When using short names, there is always an inherent risk that the image being
-# pulled could be spoofed. For example, a user wants to pull an image named
-# `foobar` from a registry and expects it to come from myregistry.com. If
-# myregistry.com is not first in the search list, an attacker could place a
-# different `foobar` image at a registry earlier in the search list. The user
-# would accidentally pull and run the attacker's image and code rather than the
-# intended content. We recommend only adding registries which are completely
-# trusted (i.e., registries which don't allow unknown or anonymous users to
-# create accounts with arbitrary names). This will prevent an image from being
-# spoofed, squatted or otherwise made insecure. If it is necessary to use one
-# of these registries, it should be added at the end of the list.
-#
-# An array of host[:port] registries to try when pulling an unqualified image, in order.
-# unqualified-search-registries = ["example.com"]
-
-{% if registry is vyos_defined %}
-unqualified-search-registries = {{ registry }}
-{% endif %}