[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Registry login with service account

There's a -z option when you add a role to a service account that I was missing.

oc adm policy add-role-to-user system:image-builder -z <servc account>

Also make sure the project you are trying to push to is active when you add the role.

It would be really helpful if the oc client threw an error when adding a role to user that doesn't exist.
On Mon, 22 Aug 2016 at 2:24 PM, Lionel Orellana <lionelve gmail com> wrote:

I'm trying to use a service account to push images to the openshift registry.

I am able to login and push with a regular user token obtained from oc whoami -t. But that token expires after a while so I need a more permanent solution.

I created a service account and added the following roles: system:image-builder, system:registry, edit. I got the token out of the service account secret and logged in successfully to the openshift registry. However when I try to push an image to it I get 'unauthorized: authentication required'.

Sounds like it doesn't have the right permissions but I can't figure out why.

Any ideas?



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]