Today Docker released Docker 1.3.2, immediately after which we began automatically rolling out an OS update. We were able to work with Docker to ensure that the CoreOS update could ship as soon as the Docker patch was released to the public. At the time of this writing, a significant number of CoreOS instances have already been updated.
Along with the aforementioned security patches, Docker 1.3.2 introduced the
--insecure-registry flag which accepts a CIDR notation block of whitelisted addresses. If your installation requires access to an insecure registry, you will need to launch the Docker daemon with the
--insecure-registry flag and the CIDR block appropriate for your deployment. The recommended method is via a
write_files directive in your cloud-config.
#cloud-config write_files: - path: /etc/systemd/system/docker.service.d/50-insecure-registry.conf content: | [Service] Environment=DOCKER_OPTS='--insecure-registry="10.0.1.0/24"'
As a practice, CoreOS doesn’t like to roll out breaking updates like this, but the security content of Docker 1.3.2 was deemed important enough to make an exception.
If you have any questions or concerns, please join us in IRC #coreos.