Hi,
I’m trying to allow pull the workspace base images only from our private registry.
I found this config:
server:
defaultBaseImageRegistryWhitelist:
- some.registry.domain.com
I use it and it is in the envs of the server pod, but I still can pull images from docker hub 
Did anybody use this feature before?
Is anybody know what I did wrong?
(self-hosted 0.6.0 on aws eks)
Thanks
Hi @szell,
allowing local registries does not prohibit downloads from docker. If you want to download images directly from a specific server, you have to add the domain and the port of your registry. https://docs.docker.com/registry/deploying/
Hi,
maybe I miss understood something.
Is there a way to allow the image download only from my private registry?
I use this way:
imageBuilder:
name: image-builder
dependsOn:
- image-builder-configmap.yaml
hostDindData: /var/gitpod/docker
registry:
name: docker.< DOMAIN >
secretName: image-builder-registry-secret
path: "secrets/registry-auth.json"
baseImageName: ""
workspaceImageName: ""
bypassProxy: false
registryCerts: []
....
server:
name: server
replicas: 1
dependsOn:
- server-proxy-apikey-secret.yaml
- auth-providers-configmap.yaml
sessionSecret: VerySecretSessionSecret
resources:
cpu: 200m
github:
app: {}
blockNewUsers: false
runDbDeleter: true
storage: {}
wsman: []
defaultBaseImageRegistryWhitelist:
- docker.< DOMAIN >
defaultFeatureFlags: []
....
Thanks
Hi @szell,
Gitpod can not be configured to block access to registries. That has to be done by firewall settings in your environment.