[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: How to grant system:admin rights to admin?



Hi Henryk,

Not sure if this is applicable to your setup, but an alternative is to point oc to admin.kubeconfig. E.g.:

oc --config /var/lib/origin/openshift.local.config/master/admin.kubeconfig adm policy add-cluster-role-to-user cluster-admin developer

I've been using this way as 'oc login -u system:admin' didn't work with my dev setup (created using 'oc cluster up') for some reason. It seems to work when using minishift, so I'd love to know what's causing it as well.

Hth,

Ulf

On 06. juni 2017 16:16, Henryk Konsek wrote:
Hi Graham,

That would be probably fine. I assume that I should log in as system:admin in order to execute those commands, right?

The problem is that I cannot switch to system:admin...

oc login -u system:admin
Authentication required for https://localhost:8443 (openshift)
Username: system:admin
Password:
error: username system:admin is invalid for basic auth

Any idea what I'm doing wrong?

Cheers!


pon., 5 cze 2017 o 12:28 użytkownik Graham Dumpleton <gdumplet redhat com <mailto:gdumplet redhat com>> napisał:


     > On 5 Jun 2017, at 8:13 PM, Henryk Konsek <hekonsek gmail com
    <mailto:hekonsek gmail com>> wrote:
     >
     > Hi,
     >
     > Quick question. Is there an easy way to grant "system:admin"
    privileges to "admin" user? I'd like to make it possible for 'admin'
    user to list projects and namespaces for example. I'm aware that
    this is not recommended for production environment, but this is
    something we need for an automation of our integration tests suite.

    Not sure if suits your requirements, but presuming 'username'
    exists, as user who already has admin rights, try:

             oc adm policy add-cluster-role-to-user cluster-reader username

    If only want them to be able to read view stuff but not modify, or:

             oc adm policy add-cluster-role-to-user cluster-admin username

    if want to allow them full edit ability on cluster.

    Replace 'username' with actual name of user.

    Graham



--
Henryk Konsek
https://linkedin.com/in/hekonsek


_______________________________________________
users mailing list
users lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users


--
Ulf


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]