Closed anderseknert closed 10 months ago
The package is public now. @larhauga if you try it and fint everything works as expected, let me know! Next step would be a tag, and then to have the docs updated and use the new location consistently.
Thanks @ashutosh-narkar for fixing this 👍
Awesome :raised_hands: Works great in dind in kubernetes :+1: Thanks for all your help!
# startup
until [ -S /var/run/docker.sock ]; do sleep 1; done &&
docker plugin install --grant-all-permissions --alias opa-docker-authz ghcr.io/open-policy-agent/opa-docker-authz:edge opa-args='-policy-file /opa/opa-conf.rego' >/proc/1/fd/1 2>&1 &&
echo '{"authorization-plugins": ["opa-docker-authz"]}' > /etc/docker/daemon.json &&
kill -HUP $(pidof dockerd)
# inspect
docker plugin inspect opa-docker-authz:latest
"PluginReference": "ghcr.io/open-policy-agent/opa-docker-authz:edge",
docker run --rm -it --privileged fedora:latest sh
docker: Error response from daemon: authorization denied by plugin opa-docker-authz:latest: request rejected by administrative policy.
That's awesome! Thanks for letting me know 👍
Hey, @ashutosh-narkar, @tsandall! I'm going to need your help with this one.
@larhauga has done some good work to get this plugin published automatically to ghcr.io, as part of CI. This will be a good improvement compared to the manual process that we've used for this repo, where the last release is 2 years old. I've verified that the push works as expected, but the package is currently private, and apparently only an org owner can make that change, which I am not.
Could you please help me with the following?
Thanks 👍