[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: Best way to use oc client



I use oc from a utility server that’s not part of the cluster, which any developer can access.  We keep oadm on a master openshift host, which is only accessible by openshift admins.  I don’t believe oc needs access to the kube config, or at least haven’t hit any commands for it yet. Oadm does though which is why we keep it on the master.



From: users-bounces lists openshift redhat com [mailto:users-bounces lists openshift redhat com] On Behalf Of Skarbek, John
Sent: Tuesday, December 13, 2016 9:22 AM
To: users lists openshift redhat com; Den Cowboy <dencowboy hotmail com>
Subject: Re: Best way to use oc client



I’m a fan limiting interactions with the cluster using specific roles and users to help with auditing purposes. A strategy I would recommend in your case would be to create users that have the specific permissions they need, and with a password they control. This will prevent your need to copy this configuration around everywhere.



John Skarbek


On December 13, 2016 at 07:44:41, Den Cowboy (dencowboy hotmail com) wrote:



I've installed openshift 1.3.2 for the first time with atomic as OS. It went fine.
I used one normal centos as installation-server (so there ansible was installed and I executed the playbook there).


Now is my question. What is the best way to interact with my environment.

I've installed the oc-client tools on the centos server and I use ./oc login https://192.xx.xx.xx:8443 to authenticate.
But when I want to authenticate as system:admin I need the $KUBECONFIG (admin.kubeconfig). Is it a normal approach to copy this file from my os-master (atomic) to my centos server from which I try to manage everything?

Or do I need to install the client tools on my master itself? What is the most common approach?



users mailing list
users lists openshift redhat com

Information in this e-mail may be confidential. It is intended only for the addressee(s) identified above. If you are not the addressee(s), or an employee or agent of the addressee(s), please note that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this e-mail in error, please notify the sender of the error.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]