I want to get a user/passowrd. or serviceaccount/token, that has a admin permisson for openshift internal registry
I have a use case that a user with password (will not be expired) can access the OCP image-registry
oc whoami -t
9XIUr1LqQ7eIzR4DnFVaWundefinedwFAeHtsFnYQcB97u4AiH90
bash-4.4$ curl -k -s -u admin:9XIUr1LqQ7eIzR4DnFVaWundefinedwFAeHtsFnYQcB97u4AiH90 "https://image-registry.openshift-image-registry.svc:5000/openshift/token?service=token-service&scope=registry:catalog:*"
{"access_token":"9XIUr1LqQ7eIzR4DnFVaWundefinedwFAeHtsFnYQcB97u4AiH90","token":"9XIUr1LqQ7eIzR4DnFVaWundefinedwFAeHtsFnYQcB97u4AiH90"}
bash-4.4$ export TOKEN=9XIUr1LqQ7eIzR4DnFVaWundefinedwFAeHtsFnYQcB97u4AiH90
bash-4.4$ curl -k -s -H "Authorization: Bearer $TOKEN " "https://image-registry.openshift-image-registry.svc.cluster.local:5000/v2/_catalog"
{"repositories":["openshift/apicast-gateway","openshift/apicurito-ui","openshift/cli","openshift/cli-artifacts","openshift/dotnet","openshift/dotnet-runtime","openshift/eap-cd-openshift","openshift/fis-java-openshift","openshift/fis-karaf-openshift","openshift/fuse-apicurito-generator","openshift/fuse7-console","openshift/fuse7-eap-openshift","openshift/fuse7-java-openshift","openshift/fuse7-karaf-openshift","openshift/golang","openshift/httpd","openshift/installer","openshift/installer-artifacts","openshift/java","openshift/jboss-amq-62","openshift/jboss-amq-63","openshift/jboss-datagrid65-client-openshift","openshift/jboss-datagrid65-openshift","openshift/jboss-datagrid71-client-openshift","openshift/jboss-datagrid71-openshift","openshift/jboss-datagrid72-openshift","openshift/jboss-datagrid73-openshift","openshift/jboss-datavirt64-driver-openshift","openshift/jboss-datavirt64-openshift","openshift/jboss-decisionserver64-openshift","openshift/jboss-eap64-openshift","openshift/jboss-eap70-openshift","openshift/jboss-eap71-openshift","openshift/jboss-eap72-openshift","openshift/jboss-fuse70-console","openshift/jboss-fuse70-eap-openshift","openshift/jboss-fuse70-java-openshift","openshift/jboss-fuse70-karaf-openshift","openshift/jboss-processserver64-openshift","openshift/jboss-webserver30-tomcat7-openshift","openshift/jboss-webserver30-tomcat8-openshift","openshift/jboss-webserver31-tomcat7-openshift","openshift/jboss-webserver31-tomcat8-openshift","openshift/jboss-webserver50-tomcat9-openshift","openshift/jenkins","openshift/jenkins-agent-maven","openshift/jenkins-agent-nodejs","openshift/mariadb","openshift/modern-webapp","openshift/mongodb","openshift/must-gather","openshift/mysql","openshift/nginx","openshift/nodejs","openshift/openjdk-11-rhel7","openshift/perl","openshift/php","openshift/postgresql","openshift/python","openshift/redhat-openjdk18-openshift","openshift/redhat-sso70-openshift","openshift/redhat-sso71-openshift","openshift/redhat-sso72-openshift","openshift/redhat-sso73-openshift","openshift/redis","openshift/rhdm74-decisioncentral-openshift","openshift/rhdm74-kieserver-openshift","openshift/rhdm74-optaweb-employee-rostering-openshift","openshift/rhpam74-businesscentral-monitoring-openshift","openshift/rhpam74-businesscentral-openshift","openshift/rhpam74-kieserver-openshift","openshift/rhpam74-smartrouter-openshift","openshift/ruby","openshift/tests"]}
this method can has a permission to list all images in the OCP registry but the password generated by
How could I get a user name and password/token, that will not expired, ? and has a admin permission to the OCP internal registry ? or some service account token with username serviceaccount
in the default docker secret created by Openshift in namespaces