I am using IBM Cloud Code Engine to deploy my containerized apps. Now, I would like to use a service ID (or its API key) to run a toolchain and within to update an already existing app. What privileges are needed to push the new container image to a private registry and to update the app from that image?
Asked
Active
Viewed 31 times
1 Answers
0
It seems the following privileges are needed. They can be created as access policies within an IBM Cloud IAM access group. The service ID is then added to that access group.
- Viewer on resources limited to the resource group with the Code Engine project. That way, the resource group can be set and the project be seen.
- Operator and Writer for Container Registry, to be able to push a new container image.
- Operator and Writer for Code Engine, scoped to just the project, to be able to update the app.
With the above privileges my pipeline could run successfully.
data_henrik
- 16,724
- 2
- 28
- 49