OpenShift Role-based Access Control - RBAC (OpenShift Administration Part-5) RedHat Ex280
...................................
** If new to Docker, Podman, Kubernetes and Openshift then first see -- kzread.info/head/PLnFCwVWiQz4kASpMbCXRmAu6nKtPOBE4Q
** For detail about OpenShift development --
kzread.info/head/PLnFCwVWiQz4lrK7s1S409fsfm59qdFVOX
Role-based Access Control - RBAC
Authorization Roles
Cluster roles -
cluster-admin
cluster-status
self-provisioner
Local roles -
admin
basic-user
edit
view
Lab: Configuring Authentication and Authorization
1. Create 4 types of users - admin, leader, developer, tester
2. Make the 'admin' user a cluster administrator
3. As the 'admin' user, remove the ability to create projects cluster wide.
4. Create 'managers' group, and add the 'leader' user to the group
5. Grant project creation privileges to the 'managers' group
4. Create 'developers' and 'testers' group, and add the 'developer' and 'tester' user to the group
5. Grant edit role to 'developers' and view role to 'testers' group
commands--
htpasswd -c -b tmp_users admin admin
htpasswd -b tmp_users leader leader
htpasswd -b tmp_users developer developer
htpasswd -b tmp_users tester tester
oc create secret generic auth-secret --from-file htpasswd=tmp_users -n openshift-config
oc get oauth cluster -o yaml gt oauth1.yaml
spec:
identityProviders:
- htpasswd:
fileData:
name: auth-secret
mappingMethod: claim
name: myusers
type: HTPasswd
oc replace -f oauth.yaml
watch oc get pods -n openshift-authentication
oc adm policy add-cluster-role-to-user cluster-admin admin
oc login -u admin -p admin
oc get nodes
oc adm policy remove-cluster-role-from-group self-provisioner system:authenticated:oauth
oc login -u developer -p developer
oc new-project test-proj
oc adm groups new managers
oc adm groups add-users managers leader
oc adm policy add-cluster-role-to-group self-provisioner managers
oc new-project test-proj
oc login -u admin -p admin
oc adm groups new developers
oc adm groups add-users developers developer
oc policy add-role-to-group edit developers
oc adm groups new testers
oc adm groups add-users testers tester
oc policy add-role-to-group view testers
Пікірлер: 4
Awesome Thank you
Nice explanation
awesome ..!! Thanks you so much
@techtejendra4782
Жыл бұрын
You are welcome!