image pull secret
https://docs.openshift.com/container-platform/4.3/openshift_images/managing_images/using-image-pull-secrets.html
https://docs.openshift.com/container-platform/4.3/installing/install_config/installing-restricted-networks-preparations.html
# accross projects
oc policy add-role-to-user \
system:image-puller system:serviceaccount:project-a:default \
--namespace=project-b
oc policy add-role-to-group \
system:image-puller system:serviceaccounts:project-a \
--namespace=project-b
# ref outside
oc create secret generic <pull_secret_name> \
--from-file=.dockercfg=<path/to/.dockercfg> \
--type=kubernetes.io/dockercfg
oc create secret generic <pull_secret_name> \
--from-file=.dockerconfigjson=<path/to/.docker/config.json> \
--type=kubernetes.io/dockerconfigjson
oc create secret docker-registry <pull_secret_name> \
--docker-server=<registry_server> \
--docker-username=<user_name> \
--docker-password=<password> \
--docker-email=<email>
oc secrets link default <pull_secret_name> --for=pull
oc secrets link builder <pull_secret_name>
# global
oc get secret/pull-secret -n openshift-config -o yaml
oc get secret/pull-secret -n openshift-config -o json | jq -r '.data.".dockerconfigjson"' | base64 -d
oc set data secret/pull-secret -n openshift-config --from-file=.dockerconfigjson=<pull-secret-location>
cat ./pull-secret.text | jq . > <path>/<pull-secret-file>
# <credentials>
echo -n '<user_name>:<password>' | base64 -w0
# "auths": {
# ...
# "<local_registry_host_name>:<local_registry_host_port>": {
# "auth": "<credentials>",
# "email": "you@example.com"
# },
# ...