New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add docker login using service account tokens #2014

Merged

ahardin-rh merged 1 commit into openshift:master from aweiteka:using-sa-tokens

Jul 5, 2016

Contributor

aweiteka commented May 5, 2016

This addresses a common question since docker login -p $(oc whoami -t) -u unused -e unused REGISTRY:5000 expires every 24 hours by default. I suspect we should incorporate some of this as a separate PR for users who do not want or cannot use openshift to perform docker build.

Contributor

aweiteka commented May 5, 2016

Contributor

aweiteka commented May 5, 2016

v1k0d3n commented May 5, 2016

i fully support this awesome PR! :)

aweiteka referenced this pull request May 5, 2016

Merged

Enhance API integration details #1926

ahardin-rh reviewed Jul 1, 2016

View changes

registry_quickstart/administrators/system_configuration.adoc

  
      @@ -128,6 +131,16 @@ Restart the origin service to update the running configuration.
    
        $ sudo docker restart origin

        ----

ahardin-rh Jul 1, 2016

Contributor

Please add an anchor right before the heading to ensure that the link above works properly:

[[using-service-account-tokens-for-authentication]]
== Using Service Account Tokens for Authentication

ahardin-rh reviewed Jul 1, 2016

View changes

registry_quickstart/administrators/system_configuration.adoc Outdated

  
        Typically long-lived, token-based authentication is desired. As an alternative

        to using user session tokens that expire, users may use

        link:../../admin_guide/service_accounts.html[service account tokens] to

ahardin-rh Jul 1, 2016

Contributor

We now use xrefs instead of links. This should now be:
xref:../../admin_guide/service_accounts.adoc[service account tokens]

ahardin-rh reviewed Jul 1, 2016

View changes

registry_quickstart/administrators/system_configuration.adoc Outdated

  
        link:../../admin_guide/service_accounts.html[service account tokens] to

        authenticate with docker. This is particularly useful when integrating automation.

        See

        link:../developers.html#using-service-account-tokens-for-docker-login[quickstart developer guide]

ahardin-rh Jul 1, 2016

Contributor

same here:
xref:../developers.adoc#using-service-account-tokens-for-docker-login[quickstart developer guide]

s/see/see the

ahardin-rh reviewed Jul 1, 2016

View changes

registry_quickstart/developers.adoc Outdated

  
        === Using Service Account Tokens for Docker Login

        For long-lived, token-based authentication users may create

ahardin-rh Jul 1, 2016

Contributor

comma after authentication

ahardin-rh reviewed Jul 1, 2016

View changes

registry_quickstart/developers.adoc Outdated

  
        === Using Service Account Tokens for Docker Login

        For long-lived, token-based authentication users may create

        link:../admin_guide/service_accounts.html[service account tokens] to

ahardin-rh Jul 1, 2016

Contributor

xref:../admin_guide/service_accounts.adoc#admin-guide-service-accounts[service account tokens]

ahardin-rh reviewed Jul 1, 2016

View changes

registry_quickstart/developers.adoc Outdated

  
        For long-lived, token-based authentication users may create

        link:../admin_guide/service_accounts.html[service account tokens] to

        authenticate with docker. This is particularly useful when integrating automation.

ahardin-rh Jul 1, 2016

Contributor

s/docker/Docker

ahardin-rh reviewed Jul 1, 2016

View changes

registry_quickstart/developers.adoc Outdated

  
        link:../admin_guide/service_accounts.html[service account tokens] to

        authenticate with docker. This is particularly useful when integrating automation.

        Service accounts must be configured using the CLI. See

        link:../cli_reference/get_started_cli.html[getting started with the CLI].

ahardin-rh Jul 1, 2016

Contributor

xref:../cli_reference/get_started_cli.adoc#cli-reference-get-started-cli[getting started with the CLI]

ahardin-rh reviewed Jul 1, 2016

View changes

registry_quickstart/developers.adoc Outdated

  
        Service accounts must be configured using the CLI. See

        link:../cli_reference/get_started_cli.html[getting started with the CLI].

        . Create a service account in the current project named **push**.

ahardin-rh Jul 1, 2016

Contributor

We can keep push in single asterisks vs double. Same for the roles and project names discussed below.

ahardin-rh reviewed Jul 1, 2016

View changes

registry_quickstart/developers.adoc Outdated

  
        $ oc create serviceaccount push

        ----

        . Add the registry role to the service account. In this example we grant the

ahardin-rh Jul 1, 2016

Contributor

comma after example

ahardin-rh reviewed Jul 1, 2016

View changes

registry_quickstart/developers.adoc Outdated

  
        namespace:	8 bytes

        ----

        . Copy the token value and use as the value to the **--password** argument in the `docker login`

ahardin-rh Jul 1, 2016

Contributor

single asterisks vs. double asterisks around the argument name

ahardin-rh reviewed Jul 1, 2016

View changes

registry_quickstart/developers.adoc Outdated

  
        ----

        . Copy the token value and use as the value to the **--password** argument in the `docker login`

        command. Notice the values for the username and email arguments are not used so

ahardin-rh Jul 1, 2016

Contributor

s/Notice/Notice that
comma after used

ahardin-rh reviewed Jul 1, 2016

View changes

registry_quickstart/developers.adoc Outdated

  
        ----

        Service accounts may be deleted, which disables further authentication attempts.

        For example, as soon as the service account is deleted `docker push` will no longer

ahardin-rh Jul 1, 2016

Contributor

comma after deleted

ahardin-rh self-assigned this Jul 1, 2016

ahardin-rh added branch/online branch/enterprise-3.2 branch/dedicated-3.2 branch/enterprise-3.1 labels Jul 1, 2016

ahardin-rh added this to the Next Release milestone Jul 1, 2016


      add docker login using service account tokens

b75a86d

Contributor

aweiteka commented Jul 5, 2016

@ahardin-rh updated, rebased, commits squashed. Thanks!

ahardin-rh added the to_followup label Jul 5, 2016

ahardin-rh merged commit `e4d2798` into openshift:master Jul 5, 2016
1 check passed

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed

Details

Contributor

ahardin-rh commented Jul 5, 2016

[rev_history]
|xref:../registry_quickstart/administrators/system_configuration.adoc#registry-quickstart-administrators-system-configuration[Getting Started with System Configuration for Administrators]
|Added a new xref:../registry_quickstart/administrators/system_configuration.adoc#using-service-account-tokens-for-authentication[Using Service Account Tokens for Authentication] section.
%
|xref:../registry_quickstart/developers.adoc#registry-quickstart-developers[Getting Started for Developers]
|Added a new xref:../registry_quickstart/developers.adoc#using-service-account-tokens-for-docker-login[Using Service Account Tokens for Docker Login] section.
%

ahardin-rh referenced this pull request Jul 5, 2016

Merged

Follow-up to PR#2014: Fixed xrefs and added an anchor #2460

ahardin-rh removed the to_followup label Jul 5, 2016

adellape modified the milestones: Next Release, Staging Jul 11, 2016

adellape removed the branch/atomic-registry label Jul 12, 2016

adellape modified the milestones: Staging, Staging (Picked) Jul 12, 2016

adellape modified the milestones: Staging, Staging (Picked), Published - 7/14/16 - 7/21/16 Jul 19, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

You can’t perform that action at this time.