[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Create service account for pushing images in 3.7

On Sat, Feb 3, 2018 at 5:07 PM, Marc Boorshtein <mboorshtein gmail com> wrote:
I'm trying to create a service account that will let me push images into my registry.  The registry is exposed, has a commercial cert and i can push images with my cluster admin so I'm pretty sure its configured correctly.  I'm looking at a few blog posts and tried to:

1.  Create the service account

$ oc create sa jenkins-ext

2.  I then grant it the edit role in my project

$ oc policy add-role-to-user edit system:serviceaccount:my-project:jenkins-ext

3.  Then I get the secret and run oc login https://myos --token=...

I get this message:

Logged into "https://myos:443" as "system:serviceaccount:my-project:jenkins-ext" using the token provided.

You don't have any projects. Contact your system administrator to request a project.

4.  Then login to docker 

$ docker  login --username=$(oc whoami) --password=$(oc whoami -t) os-registry-ext.myos.io

I don't think our auth flow likes the colons in the service account username here.  You don't actually need to provide the username anyway, the token is sufficient, so just run:

 docker login --username=anything --password=$(oc whoami -t) yourregistry.com

Error response from daemon: Get https://os-registry-ext.myos.io/v2/: unauthorized: authentication required

Same docker login command works when I login with creds from my own suer from the dashboard.

Am I missing a step?  This is origin 3.7


users mailing list
users lists openshift redhat com

Ben Parees | OpenShift

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]