Bootstrap FreeKB - OpenShift - Log into OpenShift using a service account token
OpenShift - Log into OpenShift using a service account token
Updated:   |  OpenShift articles

If you are not familiar with the oc command, refer to OpenShift - Getting Started with the oc command.

The oc create serviceaccount (or oc create sa) command can be used to create a Service Account.

~]$ oc create serviceaccount my-service-account
serviceaccount/my-service-account created

 

This should create a secret <service account name>-token-xxxxx.

~]# oc get secrets
NAME                                 TYPE                                  DATA   AGE
my-service-account-token-kvv5c       kubernetes.io/service-account-token   4      6s

 

The oc describe secret command can be used to list the token.

~]$ oc describe secret my-service-account-token-kvv5c
Name:         my-service-account-token-kvv5c
Namespace:    my-project
Labels:       <none>
Annotations:  kubernetes.io/created-by: openshift.io/create-dockercfg-secrets
              kubernetes.io/service-account.name: my-service-account
              kubernetes.io/service-account.uid: 0af56e29-af9f-4d06-9b5a-6f83c42804b9

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:          9608 bytes
namespace:       10 bytes
service-ca.crt:  12033 bytes
token:           eyJhbGciOiJSUzI1NiIsImtpZCI6Im9tUmE3WElBRWNnanJPZUxYaHdyUWg1YWVheENnWHhLUlBHNmtmSlNCcm8ifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJteS1wcm9qZWN0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6Im15LXNlcnZpY2UtYWNjb3VudC10b2tlbi1rdnY1YyIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJteS1zZXJ2aWNlLWFjY291bnQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIwYWY1NmUyOS1hZjlmLTRkMDYtOWI1YS02ZjgzYzQyODA0YjkiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6bXktcHJvamVjdDpteS1zZXJ2aWNlLWFjY291bnQifQ.GmueLO0W-FCfnVngGBwGmNLrCicCPQ01tRsd-TSxvW2QyZNHxpGv8Y75m11Ul6zkdItDU3ROaTTrpcSJ3Kv0kDdL4ZfbDFR1s9ROMdD70noZToAXyQU2KHDky1DmroF0ZTVkvID9MDL-L59BzWioxdDcrI8t2kEMBEZhGssw5VVKPzTXldP4xoCfoCUf6DrPNrWw9cqD_oL0wRmzwK7If7-U9TeF-Yd2bXBNj8sQk9V5FaNN3Z27X1cr6Kyz5CMJSr_TiOnnqrHAFm5qethUYgld2S8okvON5kommXcbLBYFyUiurG3zy2IyO2vsiWh1LlmH5Mpj4fRxKCTwUE7D7Q

 

And add the service account to a cluster role binding.

~]$ oc adm policy add-cluster-role-to-user cluster-admin -z my-service-account
clusterrole.rbac.authorization.k8s.io/cluster-admin added: "my-service-account"

 

And then the oc login command with the --token option can be used to log into OpenShift.

~]# oc login --token <token> api.openshift.example.com:6443
Logged into "https://api.openshift.example.com:6443" as "system:serviceaccount:my-project:my-service-account" using the token provided.

 

Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee


Comments


Add a Comment


Please enter 239ff1 in the box below so that we can be sure you are a human.