On Wed, Apr 20, 2016 at 2:59 AM, Lorenz Vanthillo <
[email protected]> wrote:

> And what about authenticating on the environment? So our jenins is
> building our images. Than it's pushing our images to the registry we want.
> (This could be a registry on a whole other OpenShift Cluster).
> To access the registry you also need a token (docker login -u.. -e .. -p
> TOKEN ...).
> You can only get a token after authenticating in your cluster.
> So now we're performing something like this: oc login -u admin -p admin
> ${DESTIONATIONMASTER} --certificate-authority=/cert/${CERT}
>
> in our Jenkins Job but this does not seem as a good approach. Do you have
> some recommendations?
>
>
​you could give the service account you're running jenkins under, access to
push images.  then you could just use your service account credentials to
authenticate to the registry and push.

​



>
> ------------------------------
> From: [email protected]
> Date: Tue, 12 Apr 2016 08:47:34 -0400
> Subject: Re: Best way to add ca.crt to jenkins container
> To: [email protected]
> CC: [email protected]
>
>
>
>
> On Tue, Apr 12, 2016 at 8:13 AM, Lorenz Vanthillo <
> [email protected]> wrote:
>
> We have a Jenkins Container on our OpenShift 1.1 DEV environment
> We're able to push images to our different environments (exposed secure
> registry). (for example environment TEST)
> But we have 2 "issues".
> - We have to mount the ca.crt of our environment TEST to our jenkins
> container so it's able to authenticate on our environment.
> - We need to create
> /etc/docker/certs.d/docker-registry.test.xxx:443/ca.crt on our DEV
> environment so It's able to authenticate on our docker-registry on TEST.
>
> We have to perform this steps for every new environment which we're
> setting up. Is there some better way to achieve this?
>
>
> ​if the certs are the same you could always build your own jenkins image
> layered on top of the openshift one that includes those certs, and set it
> up as an openshift docker build so you can respin it any time the openshift
> jenkins image changes.
>
> You could also create the certs as Secrets and use a template to define a
> deployment config that will mount those secrets to the right place every
> time.  (but you'd still have to create the Secrets in every project of
> every environment)
> ​
>
>
>
>
> _______________________________________________
> users mailing list
> [email protected]
> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>
>
>
>
> --
> Ben Parees | OpenShift
>
>


-- 
Ben Parees | OpenShift
_______________________________________________
users mailing list
[email protected]
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Reply via email to