Description of problem: From Federico Simoncelli: Hi, I'd like to document the ManageIQ service account creation, more or less: http://talk.manageiq.org/t/announcing-the-alpha-release-of-capablanca/939/3 in a more official page, and then add a link in the ManageIQ containers provider page to that documentation so that a sysadmin knows how to proceed to add Kubernetes/OpenShift/Atomic. Do you have a suggestion on where I can put that documentation? Also, remember that it will also reach downstream and since we want to limit the differences (upstream vs downstream) it would be great if the documentation page would be the same one. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: See the talk article referenced above. Would be good to have KB as well as in Guides. Document URL: Section Number and Name: Describe the issue: Suggestions for improvement: Additional information:
My latest notes for ManageIQ service account creation are: $ oc create -n default -f - <<EOF apiVersion: v1 kind: ServiceAccount metadata: name: manageiq EOF $ oadm policy add-cluster-role-to-user cluster-reader system:serviceaccount:default:manageiq $ oadm policy add-scc-to-user privileged system:serviceaccount:default:manageiq To fetch the token then we currently have: $ oc get secrets `oc describe serviceaccount manageiq | awk '/Tokens:/ { print $2 }'` --template '{{.data.token}}' | base64 -d which is a little shaky as the line with "Tokens:" may get a secret that is not a token. David, Clayton do you have something nicer for this? Maybe we can bake something out of this starting point: $ oc get serviceaccount -n default manageiq --template '{{range .secrets}}{{.name}} {{end}}'
I would try something like: oc get sa/builder --template='{{range .secrets}}{{ .name }} {{end}}' | xargs -n 1 oc get secret --template='{{ if .data.token }}{{ .data.token }}{{end}}' | base64 -d - gets the service account, iterates over the secret names, checks them one by one to see if they have a token key in the map, does a decode. You can add an echo and a head to get just one.
Here's one with the head. oc get sa/default --template='{{range .secrets}}{{ .name }} {{end}}' | xargs -n 1 oc get secret --template='{{ if .data.token }}{{ .data.token }}{{ printf "\n" }}{{end}}' | head -n 1 | base64 -d -
Assigning to Petr for review.
This content is now live on the Customer Portal. Closing.