On Wed, Mar 29, 2017 at 2:19 AM, Burr Sutter <[email protected]> wrote: > > > On Tue, Mar 28, 2017 at 4:47 PM, Hardy Ferentschik <[email protected]> > wrote: >> >> Hi, >> >> > OK, but when I login into the console as 'developer' and 'developer', I >> > do >> > not see the OpenShift namespace/project like a "administrator" would. >> >> and you want to see this why? > > > I am adding templates and image streams in order to use the FIS capabilities > we offer
So achieve that I think you should login as 'system:admin' first and add required template to defined namespace and make additional changes (which might only can be done as administrator) or you can use developer as sudo and use '--as system:admin' when adding the templates to defined namespace which normal developer user doesn't have access. > > >> >> >> > The ultimate goal is to let the human (end-user) log in to the console >> > as >> > the Admin so he/she can see their work. >> >> This part I don't get. A user should not create application (their work) >> in the default/openshift namespace. They are reserved namespaces. >> Your work is in 'myproject' or any other namespace you are going to >> create. > > > I said "see" not "create" :-) > >> >> >> > Right now, I would say our current approach of system:admin with no >> > password is a bug >> >> AFAIU, there is even no other way then to use certificate based >> authentication >> for sytem:admin. This account is special. You literally cannot login any >> other way. This is different to the 'admin' user in CDK. In CDK we had an >> 'admin' user (on top of the openshift-dev user) which got assigned the >> cluster admin role - >> https://github.com/projectatomic/adb-utils/blob/master/services/openshift/scripts/openshift_provision#L196 >> >> So one can add the same role to the developer user in Minishift, either >> per default or via an addon (something we are working on right now) or >> one creates another admin user as per CDK. Addon might be the best way to >> go. > > > I do not care if the user is "foomanchew" and the password is "haveaniceday" > but I do need access to web console as the "super user"/"cluster admin" of > the openshift instance. > > It is my personal openshift instance, why can't I be the administrator? You are the administrator of your instance it's just the way `oc cluster up` setting up users doesn't create a separate user for admin with password but have system:admin which can be used to gain administrator privilege for your instance and then add any user as admin with password. Now as per thread you need something similar experience for user like we had for CDK-2.x and that something we can do once addon features are in place which will be soon. -- Praveen Kumar https://fedoraproject.org/wiki/User:Kumarpraveen _______________________________________________ Devtools mailing list [email protected] https://www.redhat.com/mailman/listinfo/devtools
