image pull secret

https://docs.openshift.com/container-platform/4.3/openshift_images/managing_images/using-image-pull-secrets.html

https://docs.openshift.com/container-platform/4.3/installing/install_config/installing-restricted-networks-preparations.html

# accross projects
oc policy add-role-to-user \
    system:image-puller system:serviceaccount:project-a:default \
    --namespace=project-b
oc policy add-role-to-group \
    system:image-puller system:serviceaccounts:project-a \
    --namespace=project-b

# ref outside
oc create secret generic <pull_secret_name> \
    --from-file=.dockercfg=<path/to/.dockercfg> \
    --type=kubernetes.io/dockercfg
oc create secret generic <pull_secret_name> \
    --from-file=.dockerconfigjson=<path/to/.docker/config.json> \
    --type=kubernetes.io/dockerconfigjson
oc create secret docker-registry <pull_secret_name> \
    --docker-server=<registry_server> \
    --docker-username=<user_name> \
    --docker-password=<password> \
    --docker-email=<email>
oc secrets link default <pull_secret_name> --for=pull
oc secrets link builder <pull_secret_name>


# global
oc get secret/pull-secret -n openshift-config -o yaml

oc get secret/pull-secret -n openshift-config -o json | jq -r '.data.".dockerconfigjson"' | base64 -d

oc set data secret/pull-secret -n openshift-config --from-file=.dockerconfigjson=<pull-secret-location> 

cat ./pull-secret.text | jq .  > <path>/<pull-secret-file>

# <credentials>
echo -n '<user_name>:<password>' | base64 -w0 
#   "auths": {
# ...
#     "<local_registry_host_name>:<local_registry_host_port>": { 
#       "auth": "<credentials>", 
#       "email": "you@example.com"
#   },
# ...