dsf openshift service account

Table of Contents

• OpenShift Service Accounts
  • How to create a Service Account
  • How to give rights to a Service Account
  • Get the service account role

OpenShift Service Accounts

The service accounts are special system users associated with projects. As the regular users, service accounts have a token to connect with the OpenShift API. The main difference is service account tokens are long-lived. By using the service account tokens you can access to the OpenShift API without sharing/exposing your user password/token.

How to create a Service Account

The process to create a service account is very simple, you only need to execute the following command:

oc create sa <service account name>

This command will create a service account in your current project. You can create a service account in another project by using the -n parameter.

How to give rights to a Service Account

By default the service account has no rights. In order to give rights to edit the project, you need to execute the command:

oc policy add-role-to-user edit -z <service account name>

Get the service account role

In order to get the service account token, you only need to:

oc describe sa <service account name>

Get the secret name for the token:

Then:

oc describe secret <previous step token secret name>