On Sat, Feb 3, 2018 at 5:07 PM, Marc Boorshtein <[email protected]> wrote:
> I'm trying to create a service account that will let me push images into > my registry. The registry is exposed, has a commercial cert and i can push > images with my cluster admin so I'm pretty sure its configured correctly. > I'm looking at a few blog posts and tried to: > > 1. Create the service account > > $ oc create sa jenkins-ext > > 2. I then grant it the edit role in my project > > $ oc policy add-role-to-user edit system:serviceaccount:my- > project:jenkins-ext > > 3. Then I get the secret and run oc login https://myos --token=... > > I get this message: > > Logged into "https://myos:443"; as > "system:serviceaccount:my-project:jenkins-ext" > using the token provided. > > You don't have any projects. Contact your system administrator to request > a project. > > 4. Then login to docker > > $ docker login --username=$(oc whoami) --password=$(oc whoami -t) > os-registry-ext.myos.io > I don't think our auth flow likes the colons in the service account username here. You don't actually need to provide the username anyway, the token is sufficient, so just run: docker login --username=anything --password=$(oc whoami -t) yourregistry.com > > Error response from daemon: Get https://os-registry-ext.myos.io/v2/: > unauthorized: authentication required > > Same docker login command works when I login with creds from my own suer > from the dashboard. > > Am I missing a step? This is origin 3.7 > > Thanks > Marc > > > _______________________________________________ > users mailing list > [email protected] > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > > -- Ben Parees | OpenShift
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
