Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-7837

Add support in Quay Bridge Operator to create and bind Quay robot account credentials to a customizable service account (defaulting to builder, but optionally pipeline or any user-defined SA).

XMLWordPrintable

    • Icon: Feature Request Feature Request
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • None
    • Quay
    • None
    • None
    • Product / Portfolio Work
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      In CI/CD setups using OpenShift Pipelines, the pipeline ServiceAccount is the default SA used by PipelineRuns.

      Quay Bridge Operator currently only configures the builder SA to push images to quay, which is primarily used by BuildConfig/S2I, not Tekton.
      • This forces users to either:
      • Rebind secrets manually.
      • Grant high-permission SCCs to builder, which may not be desirable.
      Suggested Enhancements
      • New ConfigMap/CR parameter to set the SA name (quay.targetServiceAccount: pipeline).
      • Auto-bind Quay robot secret to that SA in the target namespace.
      • Optionally generate imagePullSecrets or mount options.

              rhn-coreos-tunwu Tony Wu
              acvtnzz Ashwani Kumar Singh
              None
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                None
                None