[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Use token of a default service account to pull images



Hi,

We have an external jenkins which is pushing images in our OpenShift Registry.
So in jenkins we perform:

docker login -u user \
-p token registry.xxx.xxx

How do we obtain this token?
Well, for every project we perform these steps:

$ oc new-project test-push


$ oc create serviceaccount pusher


$ oc policy add-role-to-user system:image-builder system:serviceaccount:test-push:pusher

 

$ oc describe sa pusher

Name: pusher

Namespace: pushed

Labels: <none>

 

 

Mountable secrets:  pusher-token-fxg2k

 

                    pusher-dockercfg-vwddo

 

 

Tokens:             pusher-token-98rix

 

                    pusher-token-fxg2k




$ oc describe secret pusher-token-98rix

And copy the token part. We use this token to authenticate on our registry in Jenkins.
token: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MixxxlYVz8LYsNpkd1PGQGE5Jtegnr5GoFDk5wKxzA7GT1zXt2vVg

Inspirated by this blog: https://blog.openshift.com/remotely-push-pull-container-images-openshift/

But now we have the following question:
Is there a way to create a global service account which is automatically generated when we create a new project. (so that we have 4 default sa).
And this service account has automatically a pusher-token which is always the same?

So that every login via Jenkins can use the same token (no unique token for each openshift project).

Thanks in advance


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]