OpenShift Users
Identity providers
-
Allow all – this allows all users and any passwords
-
Deny all – denies alls
-
HTPasswd – use the basic auth of htpasswd. /etc/origin/master has the master-config.yml file that will tell you what Oauth you are using. HTPasswd usually located at /etc/origin/master/htpasswd. Setup user – htpasswd -b /etc/origin/master/htpasswd <user> <passwd>
-
Keystone – Used with Openstack
-
LDAP – connection with LDAP authentication
-
Basic auth remote – generic backend for remote authentication backends
-
Request header – uses header values such as X-Remote-User. Kubernetes, Ldap or SAML authentication can do this
User access.
Initial setup of user is basic user. To elevate a users access you would use “oc adm policy”. To give cluster admin you can do “oc adm policy add-cluster-role-admin cluster-admin <user>:
oc get cluster roles
users and groups are cluster centered.
-
-
gives the options for roles to give or take from users
-
Self-provisioners. To remove this from all users.
-
oc adm policy remove-cluster-role-from-group self-provisioner system:authenticated system:authenticated:oauth
View/Edit role to project
-
Add a view for a project to a user
-
oc adm policy add–role-to-user view <user> -n <project
-
You can give “edit” by replacing view with edit.
Consolidate users to groups
-
oc adm groups new <group-name> <user1> <user2>
-
After you have the group, you can add self-provisioning to the group
-
oc adm policy add-cluster-role-to-group self-provisioner <group>
-
Now the new group can create projects
Related Posts
About The Author
