Styjun

Can this note be analyzed as a non-chord tone?

Are the names of these months realistic?

Is there a way to save my career from absolute disaster?

TikZ: How to fill area with a special pattern?

How did Beeri the Hittite come up with naming his daughter Yehudit?

Audio Conversion With ADS1243

Is a distribution that is normal, but highly skewed, considered Gaussian?

Could a dragon use its wings to swim?

From jafe to El-Guest

Why do we say 'Un seul M' and not 'Une seule M' even though M is a "consonne"

Is it convenient to ask the journal's editor for two additional days to complete a review?

How to avoid supervisors with prejudiced views?

Calculate the Mean mean of two numbers

Is fine stranded wire ok for main supply line?

Won the lottery - how do I keep the money?

Inductor and Capacitor in Parallel

IC has pull-down resistors on SMBus lines?

Why am I getting "Static method cannot be referenced from a non static context: String String.valueOf(Object)"?

Can I board the first leg of the flight without having final country's visa?

Strange use of "whether ... than ..." in official text

What would be the main consequences for a country leaving the WTO?

Raspberry pi 3 B with Ubuntu 18.04 server arm64: what chip

Purpose of level-shifter with same in and out voltages

Physiological effects of huge anime eyes

Openshift 3.11 How to setup permenant token for pulling from integrated docker registry

0

I'm using openshift 3.11 and I have a very hard time figuring out how to setup permenant token for image pull and push.
After I do docker login it is ok, but eventually that token expires.
By the documentation it seems that services account : default ,builder should have access.

As you can see each of them have some default dockercfg:
Labels:
Annotations:
Image pull secrets: default-dockercfg-ttjml
Mountable secrets: default-token-q4x4w
default-dockercfg-ttjml
Tokens: default-token-729xq
default-token-q4x4w
Events:

default-dockercfg-ttjml, Which has really weird username and password. Read the documentation many times and still I can't understand how to setup a permanent token. Can someone explain me in a plain manner what is the procedure?

kubernetes openshift

share|improve this question

asked Mar 21 at 19:03

DannyDanny

278

add a comment | 

0

I'm using openshift 3.11 and I have a very hard time figuring out how to setup permenant token for image pull and push.
After I do docker login it is ok, but eventually that token expires.
By the documentation it seems that services account : default ,builder should have access.

As you can see each of them have some default dockercfg:
Labels:
Annotations:
Image pull secrets: default-dockercfg-ttjml
Mountable secrets: default-token-q4x4w
default-dockercfg-ttjml
Tokens: default-token-729xq
default-token-q4x4w
Events:

default-dockercfg-ttjml, Which has really weird username and password. Read the documentation many times and still I can't understand how to setup a permanent token. Can someone explain me in a plain manner what is the procedure?

kubernetes openshift

share|improve this question

asked Mar 21 at 19:03

DannyDanny

278

add a comment | 

I'm using openshift 3.11 and I have a very hard time figuring out how to setup permenant token for image pull and push.
After I do docker login it is ok, but eventually that token expires.
By the documentation it seems that services account : default ,builder should have access.

As you can see each of them have some default dockercfg:
Labels:
Annotations:
Image pull secrets: default-dockercfg-ttjml
Mountable secrets: default-token-q4x4w
default-dockercfg-ttjml
Tokens: default-token-729xq
default-token-q4x4w
Events:

default-dockercfg-ttjml, Which has really weird username and password. Read the documentation many times and still I can't understand how to setup a permanent token. Can someone explain me in a plain manner what is the procedure?

kubernetes openshift

share|improve this question

asked Mar 21 at 19:03

DannyDanny

278

kubernetes openshift

kubernetes openshift

share|improve this question

asked Mar 21 at 19:03

DannyDanny

278

share|improve this question

asked Mar 21 at 19:03

DannyDanny

278

asked Mar 21 at 19:03

DannyDanny

278

asked Mar 21 at 19:03

DannyDanny

278

1 Answer
1

active

oldest

votes

0

AFAIK, serviceAccount token does not expire until create it again. Look [0] for details. If you want to create docker authentication secret against external docker registry, refer [1] for details.

[0]Managing Service Accounts

The generated API token and registry credentials do not expire, but they can be revoked by deleting the secret. 

[1]Allowing Pods to Reference Images from Other Secured Registries

$ oc create secret generic <pull_secret_name> 
 --from-file=.dockerconfigjson=<path/to/.docker/config.json> 
 --type=kubernetes.io/dockerconfigjson

share|improve this answer

answered Mar 22 at 5:02

Daein ParkDaein Park

1,287410

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Hello, the question is that I don't want to use for external but for the internal docker registry that is cluster wide
  
  – Danny
  Mar 22 at 6:50
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I don't want to access external registry. I need a token for the internal default registry of openshift. It seems that permenant token is needed for that as well.
  
  – Danny
  Mar 22 at 6:58
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  The default serviceaccount (default, builder) do not expire, and their serviceaccount is built in and the authentication token is also created by internal process. You can verify as you delete above secret, it will create again automatically.
  
  – Daein Park
  Mar 22 at 11:54
  

  
  
  
  

add a comment | 

StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55287584%2fopenshift-3-11-how-to-setup-permenant-token-for-pulling-from-integrated-docker-r%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

0

AFAIK, serviceAccount token does not expire until create it again. Look [0] for details. If you want to create docker authentication secret against external docker registry, refer [1] for details.

[0]Managing Service Accounts

The generated API token and registry credentials do not expire, but they can be revoked by deleting the secret. 

[1]Allowing Pods to Reference Images from Other Secured Registries

$ oc create secret generic <pull_secret_name> 
 --from-file=.dockerconfigjson=<path/to/.docker/config.json> 
 --type=kubernetes.io/dockerconfigjson

share|improve this answer

answered Mar 22 at 5:02

Daein ParkDaein Park

1,287410

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Hello, the question is that I don't want to use for external but for the internal docker registry that is cluster wide
  
  – Danny
  Mar 22 at 6:50
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I don't want to access external registry. I need a token for the internal default registry of openshift. It seems that permenant token is needed for that as well.
  
  – Danny
  Mar 22 at 6:58
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  The default serviceaccount (default, builder) do not expire, and their serviceaccount is built in and the authentication token is also created by internal process. You can verify as you delete above secret, it will create again automatically.
  
  – Daein Park
  Mar 22 at 11:54
  

  
  
  
  

add a comment | 

0

AFAIK, serviceAccount token does not expire until create it again. Look [0] for details. If you want to create docker authentication secret against external docker registry, refer [1] for details.

[0]Managing Service Accounts

The generated API token and registry credentials do not expire, but they can be revoked by deleting the secret. 

[1]Allowing Pods to Reference Images from Other Secured Registries

$ oc create secret generic <pull_secret_name> 
 --from-file=.dockerconfigjson=<path/to/.docker/config.json> 
 --type=kubernetes.io/dockerconfigjson

share|improve this answer

answered Mar 22 at 5:02

Daein ParkDaein Park

1,287410

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Hello, the question is that I don't want to use for external but for the internal docker registry that is cluster wide
  
  – Danny
  Mar 22 at 6:50
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I don't want to access external registry. I need a token for the internal default registry of openshift. It seems that permenant token is needed for that as well.
  
  – Danny
  Mar 22 at 6:58
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  The default serviceaccount (default, builder) do not expire, and their serviceaccount is built in and the authentication token is also created by internal process. You can verify as you delete above secret, it will create again automatically.
  
  – Daein Park
  Mar 22 at 11:54
  

  
  
  
  

add a comment | 

AFAIK, serviceAccount token does not expire until create it again. Look [0] for details. If you want to create docker authentication secret against external docker registry, refer [1] for details.

[0]Managing Service Accounts

The generated API token and registry credentials do not expire, but they can be revoked by deleting the secret. 

[1]Allowing Pods to Reference Images from Other Secured Registries

$ oc create secret generic <pull_secret_name> 
 --from-file=.dockerconfigjson=<path/to/.docker/config.json> 
 --type=kubernetes.io/dockerconfigjson

share|improve this answer

answered Mar 22 at 5:02

Daein ParkDaein Park

1,287410

The generated API token and registry credentials do not expire, but they can be revoked by deleting the secret. 

$ oc create secret generic <pull_secret_name> 
 --from-file=.dockerconfigjson=<path/to/.docker/config.json> 
 --type=kubernetes.io/dockerconfigjson

share|improve this answer

answered Mar 22 at 5:02

Daein ParkDaein Park

1,287410

answered Mar 22 at 5:02

Daein ParkDaein Park

1,287410

answered Mar 22 at 5:02

Daein ParkDaein Park

1,287410