Ranieri Mazili
Reputation: 833
One service account to pull images to multiple projects
I'm working on a CI solution with Redhat Openshift and Microsoft Azure. To pull images to a project I'm creating a service account with the commands below:
oc project first-project
oc create sa azure-pipeline-svcact
oc policy add-role-to-user admin system:serviceaccount:first-project:azure-pipeline-svcact
To get the this service account token, I'm using the following command
oc sa get-token azure-pipeline-svcact
It's working well, but I've to create one user per project and each user will have different tokens.
Is there a way to create only one service account with the same token that has permissions to build and pull images to multiple projects?
Thanks
Upvotes: 0
Views: 1294
Answers (1)
Will Gordon
Reputation: 3573
You can absolutely use a service account to access multiple projects. You just have to give permissions.
oc policy add-role-to-user admin system:serviceaccount:first-project:azure-pipeline-svcact -n second-project
oc policy add-role-to-user admin system:serviceaccount:first-project:azure-pipeline-svcact -n third-project
...
etc
Upvotes: 1
Related Questions
- How to allow image pull from one project to another in openshift?
- OpenShift: Add SCC to Service Account in Yaml
- How to give service account access to two projects?
- Cross project management using service account
- openshift: allow serviceaccount to create project
- OpenShift: Is it possible to use the same secret token in two different service account?
- How to use single domain for multiple projects in OpenShift?
- OpenShift Service Account Permissions to Read Pod and Deployment Status
- Openshift - multiple auth providers
- Openshift 3.1: List projects of a serviceaccount using REST - returns empty list