[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: cluster wide service acount



If you have the service account's token, you can use it from the command line like this:

oc login --token=...

The web console does not provide a way to log in with a service account token.


On Thu, Dec 1, 2016 at 3:19 PM, Srinivas Naga Kotaru (skotaru) <skotaru cisco com> wrote:

Jordan

 

That helps. Thanks for quick help.

 

Can we use this sa account to login into console and OC clinet? If yes how? I knew SA account only has non expired token but no password

 

 

-- 

Srinivas Kotaru

 

From: Jordan Liggitt <jliggitt redhat com>
Date: Thursday, December 1, 2016 at 12:04 PM
To: Srinivas Naga Kotaru <skotaru cisco com>
Cc: dev <dev lists openshift redhat com>
Subject: Re: cluster wide service acount

 

Service accounts exist within a namespace but can be granted permissions across the entire cluster, just like any other user. For example:

oadm policy add-cluster-role-to-user cluster-reader system:serviceaccount:openshift-infra:monitor-service-account

 

On Thu, Dec 1, 2016 at 3:02 PM, Srinivas Naga Kotaru (skotaru) <skotaru cisco com> wrote:

I knew we can create a service account per project and can be used as a password less API work and automations activities. Can we create a service account at cluster level and can be used for platform operations (monitoring, automation, shared account for operation teams)?

 

Intention is to have expiry free tokens.

 

-- 

Srinivas Kotaru


_______________________________________________
dev mailing list
dev lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/dev

 



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]