Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-1435

Update docs to show how to pull from multiple organizations via robot tokens on OpenShift


    • False
    • False
    • Undefined
    • 0

      Quay robot tokens do not span organizations.  Some users however do want to pull across organizations using robot tokens.  OpenShift permits multiple namespaces to be provided within a `dockerconfigjson` secret so this can theoretically be done via a single service account.  For example:

         "auths": {
      {       "auth": "super secret",       "email": ""     }
      {       "auth": "even more secret",       "email": ""     }
      {       "auth": "oh-la-la-dont-look",       "email": ""     }


      The single SA can then be used across Kube namespaces as needed to overcome the token scoping limitation.  Docs should reflect this technique as a workaround for robot token scoping within a single namespace.

      See comment below for email thread discussion.

            rhn-support-stevsmit Steven Smith
            bdettelb@redhat.com Bill Dettelback
            0 Vote for this issue
            4 Start watching this issue