There's a -z option when you add a role to a service account that I was missing.
oc adm policy add-role-to-user system:image-builder -z <servc account> Also make sure the project you are trying to push to is active when you add the role. It would be really helpful if the oc client threw an error when adding a role to user that doesn't exist. On Mon, 22 Aug 2016 at 2:24 PM, Lionel Orellana <[email protected]> wrote: > Hi > > I'm trying to use a service account to push images to the openshift > registry. > > I am able to login and push with a regular user token obtained from oc > whoami -t. But that token expires after a while so I need a more permanent > solution. > > I created a service account and added the following roles: > system:image-builder, system:registry, edit. I got the token out of the > service account secret and logged in successfully to the openshift > registry. However when I try to push an image to it I get 'unauthorized: > authentication required'. > > Sounds like it doesn't have the right permissions but I can't figure out > why. > > Any ideas? > > Thanks > > > Lionel. >
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
