Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-1435

Update docs to show how to pull from multiple organizations via robot tokens on OpenShift

XMLWordPrintable

    • False
    • False
    • Undefined
    • 0

      Quay robot tokens do not span organizations.  Some users however do want to pull across organizations using robot tokens.  OpenShift permits multiple namespaces to be provided within a `dockerconfigjson` secret so this can theoretically be done via a single service account.  For example:

      {
         "auths": {
           "quay.io/org1":
      {       "auth": "super secret",       "email": ""     }
      ,
           "quay.io/org2":
      {       "auth": "even more secret",       "email": ""     }
      ,
           "quay.io/org3":
      {       "auth": "oh-la-la-dont-look",       "email": ""     }
        }
       }
      

       

      The single SA can then be used across Kube namespaces as needed to overcome the token scoping limitation.  Docs should reflect this technique as a workaround for robot token scoping within a single namespace.

      See comment below for email thread discussion.

            rhn-support-stevsmit Steven Smith
            bdettelb@redhat.com Bill Dettelback
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated: