Thanks! exactly where I'm looking for. Can you maybe give some more information about that project in which I will create the sa.
How it has to be secured. Or is it recommended to create such an account in openshift-management or some of the default projects.
From: jliggitt redhat com
Date: Tue, 19 Jul 2016 09:23:50 -0400
Subject: Re: Use token of a default service account to pull images
To: lorenz vanthillo outlook com
CC: users lists openshift redhat com
If you want a single external integration to have push access to all projects, you don't need a service account in every namespace. You can create a single service account, and grant that service account push access to all namespaces.
oc sa create external-jenkins -n myns
oadm policy add-cluster-role-to-user system:image-builder system:serviceaccount:myns:external-jenkins
oc sa get-token external-jenkins -n myns
That service account would then have push/pull access to every namespace on the cluster. Note that the service account and its credentials should live in a closely guarded project.
On Tue, Jul 19, 2016 at 9:12 AM, Lorenz Vanthillo <lorenz vanthillo outlook com> wrote: