Skip to content

Latest commit

 

History

History
167 lines (138 loc) · 5.96 KB

cs_dedicated_tokens.md

File metadata and controls

167 lines (138 loc) · 5.96 KB
copyright lastupdated
years
2014, 2018
2017-11-02

{:new_window: target="_blank"} {:shortdesc: .shortdesc} {:screen: .screen} {:pre: .pre} {:table: .aria-labeledby="caption"} {:codeblock: .codeblock} {:tip: .tip} {:download: .download}

Creating an {{site.data.keyword.registryshort_notm}} token for an {{site.data.keyword.Bluemix_dedicated_notm}} image registry

{: #cs_dedicated_tokens}

Create a non-expiring token for an image registry that you used for single and scalable groups with clusters in {{site.data.keyword.containerlong}}. {:shortdesc}

  1. Log in to the {{site.data.keyword.Bluemix_dedicated_notm}} environment.

    bx login -a api.<dedicated_domain>

    {: pre}

  2. Request an oauth-token for the current session and save it as a variable.

    OAUTH_TOKEN=`bx iam oauth-tokens | awk 'FNR == 2 {print $3 " " $4}'`

    {: pre}

  3. Request the ID of the org for the current session and save it as a variable.

    ORG_GUID=`bx iam org <org_name> --guid`

    {: pre}

  4. Request a permanent registry token for the current session. Replace <dedicated_domain> with the domain for your {{site.data.keyword.Bluemix_dedicated_notm}} environment. This token grants access to the images in the current namespace.

    curl -XPOST -H "Authorization: ${OAUTH_TOKEN}" -H "Organization: ${ORG_GUID}" https://registry.<dedicated_domain>/api/v1/tokens?permanent=true

    {: pre}

    Output:

    {
    "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiI2MzdiM2Q4Yy1hMDg3LTVhZjktYTYzNi0xNmU3ZWZjNzA5NjciLCJpc3MiOiJyZWdpc3RyeS5jZnNkZWRpY2F0ZWQxLnVzLXNvdXRoLmJsdWVtaXgubmV0"
}

    {: screen}

  5. Verify the Kubernetes secret.

    kubectl describe secrets

    {: pre}

    You can use this secret to work with IBM {{site.data.keyword.Bluemix_notm}} Container Service.

  6. Create the Kubernetes secret to store your token information.

    kubectl --namespace <kubernetes_namespace> create secret docker-registry <secret_name>  --docker-server=<registry_url> --docker-username=token --docker-password=<token_value> --docker-email=<docker_email>

    {: pre}

    Table 1. Understanding this command's components
    Idea icon Understanding this command's components
    --namespace <kubernetes_namespace> Required. The Kubernetes namespace of your cluster where you want to use the secret and deploy containers to. Run kubectl get namespaces to list all namespaces in your cluster.
    <secret_name> Required. The name that you want to use for your imagePullSecret.
    --docker-server <registry_url> Required. The URL to the image registry where your namespace is set up: registry.<dedicated_domain>
    --docker-username <docker_username> Required. The user name to log in to your private registry.
    --docker-password <token_value> Required. The value of your registry token that you retrieved earlier.
    --docker-email <docker-email> Required. If you have one, enter your Docker email address. If you do not have one, enter a fictional email address, as for example [email protected]. This email is mandatory to create a Kubernetes secret, but is not used after creation.

  7. Create a pod that references the imagePullSecret.

    1. Open your preferred editor and create a pod configuration script that is named mypod.yaml.

    2. Define the pod and the imagePullSecret that you want to use to access the registry. To use a private image from a namespace:

      apiVersion: v1
kind: Pod
metadata:
  name: <pod_name>
spec:
  containers:
    - name: <container_name>
      image: registry.<dedicated_domain>/<my_namespace>/<my_image>:<tag>
  imagePullSecrets:
    - name: <secret_name>

      {: codeblock}

      Table 2. Understanding the YAML file components
      Idea icon Understanding the YAML file components
      <pod_name> The name of the pod that you want to create.
      <container_name> The name of the container that you want to deploy to your cluster.
      <my_namespace> The namespace where your image is stored. To list available namespaces, run `bx cr namespace-list`.
      <my_image> The name of the image that you want to use. To list available images in an {{site.data.keyword.Bluemix_notm}} account, run bx cr image-list.
      <tag> The version of the image that you want to use. If no tag is specified, the image that is tagged latest is used by default.
      <secret_name> The name of the imagePullSecret that you created earlier.

    3. Save your changes.

    4. Create the deployment in your cluster.

      kubectl apply -f mypod.yaml

      {: pre}