Follow each section below to configure Openshift cluster account before adding the Openshift account credential to Container Protection. The Openshift account user needs to be the cluster administrator.
- Log into the OpenShift cluster console with your administrator account.
- From OpenShift cluster console navigation pane, go to Home > Overview.
- Make a note of the Cluster API address.
- From OpenShift cluster console navigation pane, go to User Management > ServiceAccounts.
- Click Create ServiceAccount.
- Fill in a name and a namespace for the service account, and keep the rest of the YAML definitions as is.
- Click Create to create the service account.
Note: Make a note of the service account created and use it later in other configuration.
- From OpenShift cluster console navigation pane, go to User Management > Roles to enter Roles page.
- Click Create Role to create role.
- Use the minimum YAML definitions requirement below except the role name. Please enter a role name of your choice.
- Click Create to finish creating role.
kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: (user-defined) rules: - verbs: - get - watch - list apiGroups: - image.openshift.io resources: - images - imagestreamimages - imagestreams - imagestreams/layers
Note: Make a note of the role name and use it later in other configuration.
- From OpenShift cluster console navigation pane, go to User Management > RoleBindings to enter RoleBindings page.
- Click Create binding to create role binding with the service account.
- In Binding type, select "Cluster-wide role binding (ClusterRoleBinding)".
- Fill in a RoleBinding name of your choice. Click Role name drop down button and select the role created earlier.
- In Subject, select ServiceAccount. Click namespace drop down menu and select the namespace of the service account created earlier.
- In Subject name field, enter the name of the service account created earlier
- Click Create to finish.
- From OpenShift cluster console navigation pane, go to User Management > Service Accounts to enter ServiceAccounts page.
- Click on the service account created previously. Scroll down to Secrets section, and click on the secret with the type "kubernetes.io/service-account-token".
- In Secret Details page, scroll down and locate the token, click on Copy to Clipboard to copy the token for later use.