Skip to content

Add support in Quay Bridge Operator to create and bind Quay robot account credentials to a customizable service account (defaulting to builder, but optionally pipeline or any user-defined SA). #148

@singha200

Description

@singha200

In CI/CD setups using OpenShift Pipelines, the pipeline ServiceAccount is the default SA used by PipelineRuns.

Quay Bridge Operator currently only configures the builder SA to push images to quay, which is primarily used by BuildConfig/S2I, not Tekton.
  • This forces users to either:
  • Rebind secrets manually.
  • Grant high-permission SCCs to builder, which may not be desirable.
Suggested Enhancements
  • New ConfigMap/CR parameter to set the SA name (quay.targetServiceAccount: pipeline).
  • Auto-bind Quay robot secret to that SA in the target namespace.
  • Optionally generate imagePullSecrets or mount options.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions