-
Story
-
Resolution: Unresolved
-
Minor
-
None
-
False
-
None
-
False
-
-
-
0
Story: As a Quay user, I want to be able to set the scope of the pull secret I create via the Quay UI from a robot token to the organization of said robot, so that I can incrementally add pull secrets to my OpenShift namespace that have overshadowing of global pull secrets which are scoped to the entire registry, e.g. quay.io.
Background:
This changes the UI screen for the Kubernetes pull secret creation to allow the scope of the pull secret to be set. What is normally
.dockerconfigjson: { "auths": { "<quay-server-hostname>": { "auth": "TOKEN", "email": ""} } }
now becomes
.dockerconfigjson: { "auths": { "<quay-server-hostname>/<organization>": { "auth": "TOKEN", "email": ""} } }
This makes using this pull secret in an OpenShift project easier when a cluster-wide global pull secret scoped to the same registry is already available. This requires support from the container runtime to scope the pull secret to a certain namespace only, e.g. CRI-O via c/image: https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md - other runtimes may ignore this scope.
- incorporates
-
RFE-5382 Append the Organization to the robot account's pull secret's URL
- Accepted
- links to