K
Q

Openshift 3.11 How to setup permenant token for pulling from integrated docker registry

3/21/2019

I'm using openshift 3.11 and I have a very hard time figuring out how to setup permenant token for image pull and push. After I do docker login it is ok, but eventually that token expires. By the documentation it seems that services account : default ,builder should have access.

As you can see each of them have some default dockercfg: Labels: Annotations: Image pull secrets: default-dockercfg-ttjml Mountable secrets: default-token-q4x4w default-dockercfg-ttjml Tokens: default-token-729xq default-token-q4x4w Events:

default-dockercfg-ttjml, Which has really weird username and password. Read the documentation many times and still I can't understand how to setup a permanent token. Can someone explain me in a plain manner what is the procedure?

-- Danny
kubernetes
openshift

Similar Questions

How to share a single writable file between pods, in the same directory with a non-sharable file (writable configmap)
Docker - Dockerfile publish to use selected publish profile
Failing a Kubernetes Deployment
Kubernetes: communication between containers located in different pods
Error: wsl.exe exited with code 4294967295 on Installing Rancher Desktop
Istio ingress gateway randomly returns 507 response

1 Answer

3/22/2019

AFAIK, serviceAccount token does not expire until create it again. Look [0] for details. If you want to create docker authentication secret against external docker registry, refer [1] for details.

[0]Managing Service Accounts

The generated API token and registry credentials do not expire, but they can be revoked by deleting the secret.

[1]Allowing Pods to Reference Images from Other Secured Registries

$ oc create secret generic <pull_secret_name> \
    --from-file=.dockerconfigjson=<path/to/.docker/config.json> \
    --type=kubernetes.io/dockerconfigjson
-- Daein Park
Source: StackOverflow