Hi,
We have an external jenkins which is pushing images in our OpenShift Registry.
So in jenkins we perform:
docker login -u user \
-p token registry.xxx.xxx
How do we obtain this token?
Well, for every project we perform these steps:
$ oc new-project test-push
$ oc create serviceaccount pusher
$ oc policy add-role-to-user system:image-builder
system:serviceaccount:test-push:pusher
$ oc describe sa pusher
Name: pusher
Namespace: pushed
Labels: <none>
Mountable secrets:
pusher-token-fxg2k
pusher-dockercfg-vwddo
Tokens: pusher-token-98rix
pusher-token-fxg2k
$ oc describe secret pusher-token-98rix
And copy the token part. We use this token to authenticate on our registry in
Jenkins.token:
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MixxxlYVz8LYsNpkd1PGQGE5Jtegnr5GoFDk5wKxzA7GT1zXt2vVg
Inspirated by this blog:
https://blog.openshift.com/remotely-push-pull-container-images-openshift/
But now we have the following question:
Is there a way to create a global service account which is automatically
generated when we create a new project. (so that we have 4 default sa).
And this service account has automatically a pusher-token which is always the
same?
So that every login via Jenkins can use the same token (no unique token for
each openshift project).
Thanks in advance
_______________________________________________
users mailing list
[email protected]
http://lists.openshift.redhat.com/openshiftmm/listinfo/users
