Thanks,
we are doing that, using a new service account with the cluster-admin role,
and try pruning:
oadm --token='843 chat long token here' prune builds --orphans
--keep-complete=5 --keep-failed=1 --keep-younger-than=60m --confirm
Error from server: User "system:serviceaccount:default:pruner" cannot list
all buildconfigs in the cluster
But the policy says otherwise:
oadm policy who-can list bc --all-namespaces=true
Namespace: <all>
Verb: list
Resource: bc
Users: admin
pruner
Groups: system:cluster-admins
system:masters
This is on Openshift 1.1, what could be the problem ?
Regards.
2016-01-21 14:46 GMT+01:00 David Eads <[email protected]>:
> For cases where you want a long lived token, we recommend that you create
> a service account, grant that SA the rights you need, grab the SA's token
> and use it. That gives you a long-lived, revocable token to avoid
> annoyances like that.
>
> On Thu, Jan 21, 2016 at 8:23 AM, Philippe Lafoucrière <
> [email protected]> wrote:
>
>> Hi,
>>
>> I wonder if there's a way to have tokens with different ttl in openshift.
>> I have 2 use-cases where it's an issue:
>>
>> - CI: our ci server needs to be able to push image layers everyday,
>> obviously
>> - Pruner: we have a dedicated user for that, and of course, after a few
>> days:
>>
>> $ /bin/oadm prune images --keep-tag-revisions=3 --keep-younger-than=60m
>> --confirm
>> Error from server: the server has asked for the client to provide
>> credentials
>>
>> Thanks
>> Philippe
>>
>> _______________________________________________
>> users mailing list
>> [email protected]
>> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>>
>>
>
> _______________________________________________
> users mailing list
> [email protected]
> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>
>
--
Gilbert Roulot
_______________________________________________
users mailing list
[email protected]
http://lists.openshift.redhat.com/openshiftmm/listinfo/users
