Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

let builders create new imagestreams for pushes #9066

Merged
merged 1 commit into from
Jun 2, 2016
Merged

let builders create new imagestreams for pushes #9066

merged 1 commit into from
Jun 2, 2016

Conversation

deads2k
Copy link
Contributor

@deads2k deads2k commented May 27, 2016

Reminder to myself to add a test and make sure it works:

1. Login OpenShift and create a project;

2. Use the use token to docker login the docker-registry:

  docker login -u service-account-creds -p `oc whoami -t` -e [email protected] <integrated registry>

3. Pull Image and tag the image from ;

  docker pull busybox;

    docker tag busybox   <integrated registry>/projectname/imagestreamname:tag

4. Push the image to the OpenShift registry:

docker push <integrated registry>/projectname/imagestreamname:tag

 5. Pull the image in the OpenShift registry again:

  docker pull <integrated registry>/projectname/imagestreamname:tag

@pruan-rht I think its you.

@deads2k deads2k force-pushed the let-builder-make-image-streams branch from 230d419 to a451237 Compare May 27, 2016 19:22
liggitt
liggitt reviewed May 31, 2016
View reviewed changes
pkg/cmd/server/bootstrappolicy/policy.go
@@ -397,6 +397,8 @@ func GetBootstrapClusterRoles() []authorizationapi.ClusterRole {
Rules: []authorizationapi.PolicyRule{
// push and pull images
authorizationapi.NewRule("get", "update").Groups(imageGroup).Resources("imagestreams/layers").RuleOrDie(),
// allow auto-provisioning when pushing an image that doesn't have an imagestream yet
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do we always want builders to have this power?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do we always want builders to have this power?

I can't think of a reasonable reason not to. If a cluster-admin comes up with one, he can change the default role.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

does this allow custom builders to create imagestream for arbitrary images?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

does this allow custom builders to create imagestream for arbitrary images?

Yes, but given push rights, they can destroy any existing one already. The ability to create new ones doesn't do much if nothing is wired to use them.

@mfojtik
Copy link
Contributor

mfojtik commented May 31, 2016
edited
Loading

@deads2k i would be nice to have something like oc docker login ;-) (just a wrapper that calls docker login, but fills all the required auth fields like auth, registry IP, etc.).

@deads2k
Copy link
Contributor Author

deads2k commented Jun 1, 2016

@deads2k i would be nice to have something like oc docker login ;-) (just a wrapper that calls docker login, but fills all the required auth fields like auth, registry IP, etc.).

@juanvallejo Want to give that a try? I'd want it to support --as as well.

@fabianofranz not sure what else you've got on his plate.

@0xmichalis
Copy link
Contributor

yay!

@0xmichalis
Copy link
Contributor

@deads2k i would be nice to have something like oc docker login ;-) (just a wrapper that calls docker login, but fills all the required auth fields like auth, registry IP, etc.).

@aweiteka also wants this if I am not mistaken

@aweiteka
Copy link
Contributor

aweiteka commented Jun 1, 2016

@aweiteka also wants this if I am not mistaken

+1. Yes, this would really streamline the dev experience. One blocking issue is we can't programmatically discover the registry endpoint. #2162

Also if docker requires sudo that would be problematic knowing where to write the .dockercfg.

@deads2k deads2k force-pushed the let-builder-make-image-streams branch from a451237 to 3973054 Compare June 1, 2016 20:39
@deads2k deads2k changed the title [WIP] let builders create new imagestreams for pushes let builders create new imagestreams for pushes Jun 1, 2016
@deads2k
Copy link
Contributor Author

deads2k commented Jun 1, 2016

test complete

@deads2k
Copy link
Contributor Author

deads2k commented Jun 1, 2016

[test]

@deads2k
Copy link
Contributor Author

deads2k commented Jun 2, 2016

[merge]

@openshift-bot
Copy link
Contributor

Evaluated for origin test up to 3973054

@openshift-bot
Copy link
Contributor

openshift-bot commented Jun 2, 2016
edited
Loading

continuous-integration/openshift-jenkins/merge SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pr_origin/4364/) (Image: devenv-rhel7_4304)

@openshift-bot
Copy link
Contributor

Evaluated for origin merge up to 3973054

@openshift-bot
Copy link
Contributor

continuous-integration/openshift-jenkins/test SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pr_origin/4364/)

@openshift-bot openshift-bot merged commit 605a97d into openshift:master Jun 2, 2016
@deads2k deads2k deleted the let-builder-make-image-streams branch September 6, 2016 17:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@deads2k @mfojtik @0xmichalis @aweiteka @openshift-bot @liggitt