Using IAM IP address access restrictions in Container Registry

You can enable IAM IP address access restrictions when you're using IBM Cloud® Container Registry.

To enable IAM IP address access restrictions, you must ensure that the Cloud Identity and Access Management (IAM) access list is configured so that the Container Registry OAuth service can still function. The OAuth service is used to authenticate image pulls and pushes in Container Registry.

You must ensure that the IP addresses of any computers that can originate pulls and pushes are added to the IAM IP address access list, see Allowing specific IP addresses.

Granting access if you are using a public network

If you're using IBM Cloud Container Registry over a public network, you must ensure that the Public IP addresses of any computers that can originate pulls and pushes are added to the IAM IP allowlist.

Granting access if you are using a private network

If you're using IBM Cloud Container Registry in one of the following scenarios, you must add the private IP addresses of any computers that can originate pulls and pushes to the allowlist.

You're using one of the private.* domains, for example private.us.icr.io.
You're using an IBM Cloud Kubernetes Service cluster in a configuration that automatically talks to the registry over a private connection.