New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add docker login using service account tokens #2014

Merged
merged 1 commit into from Jul 5, 2016

Conversation

Projects
None yet
4 participants
@aweiteka
Contributor

aweiteka commented May 5, 2016

This addresses a common question since docker login -p $(oc whoami -t) -u unused -e unused REGISTRY:5000 expires every 24 hours by default. I suspect we should incorporate some of this as a separate PR for users who do not want or cannot use openshift to perform docker build.

@aweiteka

This comment has been minimized.

Contributor

aweiteka commented May 5, 2016

@aweiteka

This comment has been minimized.

Contributor

aweiteka commented May 5, 2016

@v1k0d3n

This comment has been minimized.

v1k0d3n commented May 5, 2016

i fully support this awesome PR! :)

@@ -128,6 +131,16 @@ Restart the origin service to update the running configuration.
$ sudo docker restart origin
----

This comment has been minimized.

@ahardin-rh

ahardin-rh Jul 1, 2016

Contributor

Please add an anchor right before the heading to ensure that the link above works properly:

[[using-service-account-tokens-for-authentication]]
== Using Service Account Tokens for Authentication

Typically long-lived, token-based authentication is desired. As an alternative
to using user session tokens that expire, users may use
link:../../admin_guide/service_accounts.html[service account tokens] to

This comment has been minimized.

@ahardin-rh

ahardin-rh Jul 1, 2016

Contributor

We now use xrefs instead of links. This should now be:
xref:../../admin_guide/service_accounts.adoc[service account tokens]

link:../../admin_guide/service_accounts.html[service account tokens] to
authenticate with docker. This is particularly useful when integrating automation.
See
link:../developers.html#using-service-account-tokens-for-docker-login[quickstart developer guide]

This comment has been minimized.

@ahardin-rh

ahardin-rh Jul 1, 2016

Contributor

same here:
xref:../developers.adoc#using-service-account-tokens-for-docker-login[quickstart developer guide]

s/see/see the

=== Using Service Account Tokens for Docker Login
For long-lived, token-based authentication users may create

This comment has been minimized.

@ahardin-rh

ahardin-rh Jul 1, 2016

Contributor

comma after authentication

=== Using Service Account Tokens for Docker Login
For long-lived, token-based authentication users may create
link:../admin_guide/service_accounts.html[service account tokens] to

This comment has been minimized.

@ahardin-rh

ahardin-rh Jul 1, 2016

Contributor

xref:../admin_guide/service_accounts.adoc#admin-guide-service-accounts[service account tokens]

For long-lived, token-based authentication users may create
link:../admin_guide/service_accounts.html[service account tokens] to
authenticate with docker. This is particularly useful when integrating automation.

This comment has been minimized.

@ahardin-rh

ahardin-rh Jul 1, 2016

Contributor

s/docker/Docker

link:../admin_guide/service_accounts.html[service account tokens] to
authenticate with docker. This is particularly useful when integrating automation.
Service accounts must be configured using the CLI. See
link:../cli_reference/get_started_cli.html[getting started with the CLI].

This comment has been minimized.

@ahardin-rh

ahardin-rh Jul 1, 2016

Contributor

xref:../cli_reference/get_started_cli.adoc#cli-reference-get-started-cli[getting started with the CLI]

Service accounts must be configured using the CLI. See
link:../cli_reference/get_started_cli.html[getting started with the CLI].
. Create a service account in the current project named **push**.

This comment has been minimized.

@ahardin-rh

ahardin-rh Jul 1, 2016

Contributor

We can keep push in single asterisks vs double. Same for the roles and project names discussed below.

$ oc create serviceaccount push
----
. Add the registry role to the service account. In this example we grant the

This comment has been minimized.

@ahardin-rh

ahardin-rh Jul 1, 2016

Contributor

comma after example

namespace: 8 bytes
----
. Copy the token value and use as the value to the **--password** argument in the `docker login`

This comment has been minimized.

@ahardin-rh

ahardin-rh Jul 1, 2016

Contributor

single asterisks vs. double asterisks around the argument name

----
. Copy the token value and use as the value to the **--password** argument in the `docker login`
command. Notice the values for the username and email arguments are not used so

This comment has been minimized.

@ahardin-rh

ahardin-rh Jul 1, 2016

Contributor

s/Notice/Notice that
comma after used

----
Service accounts may be deleted, which disables further authentication attempts.
For example, as soon as the service account is deleted `docker push` will no longer

This comment has been minimized.

@ahardin-rh

ahardin-rh Jul 1, 2016

Contributor

comma after deleted

@aweiteka

This comment has been minimized.

Contributor

aweiteka commented Jul 5, 2016

@ahardin-rh updated, rebased, commits squashed. Thanks!

@ahardin-rh ahardin-rh merged commit e4d2798 into openshift:master Jul 5, 2016

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details
@ahardin-rh

This comment has been minimized.

Contributor

ahardin-rh commented Jul 5, 2016

[rev_history]
|xref:../registry_quickstart/administrators/system_configuration.adoc#registry-quickstart-administrators-system-configuration[Getting Started with System Configuration for Administrators]
|Added a new xref:../registry_quickstart/administrators/system_configuration.adoc#using-service-account-tokens-for-authentication[Using Service Account Tokens for Authentication] section.
%
|xref:../registry_quickstart/developers.adoc#registry-quickstart-developers[Getting Started for Developers]
|Added a new xref:../registry_quickstart/developers.adoc#using-service-account-tokens-for-docker-login[Using Service Account Tokens for Docker Login] section.
%

@adellape adellape modified the milestones: Next Release, Staging Jul 11, 2016

@adellape adellape modified the milestones: Staging, Staging (Picked) Jul 12, 2016

@adellape adellape modified the milestones: Staging, Staging (Picked), Published - 7/14/16 - 7/21/16 Jul 19, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment