I use oc from a utility server that’s not part of the cluster, which any developer can access. We keep oadm on a master openshift host, which is only accessible by openshift admins. I don’t believe oc needs access to the kube config, or at least haven’t hit any commands for it yet. Oadm does though which is why we keep it on the master.
I’m a fan limiting interactions with the cluster using specific roles and users to help with auditing purposes. A strategy I would recommend in your case would be to create users that have the specific permissions they need, and with a password they control. This will prevent your need to copy this configuration around everywhere.
On December 13, 2016 at 07:44:41, Den Cowboy (dencowboy hotmail com) wrote:
Information in this e-mail may be confidential. It is intended only for the addressee(s) identified above. If you are not the addressee(s), or an employee or agent of the addressee(s), please note that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this e-mail in error, please notify the sender of the error.