The admin.kubeconfig generated at startup contains client-certificate credentials for the system:admin user, which has full access to the system. Acting as that user, you can grant permissions (including cluster-admin) to other users
On Fri, May 20, 2016 at 8:05 AM, Charles Moulliard <[email protected]> wrote: > Is there a by default user that we could use to configure roles, ... for > the users authenticated by the identity provider ? If i try to log on using > this command > > ./oc login https://192.168.99.100:8443 -u system:admin > > that fails > > Login failed (401 Unauthorized) > You must obtain an API token by visiting > https://192.168.99.100:8443/oauth/token/request > > On Fri, May 20, 2016 at 1:55 PM, Skarbek, John <[email protected]> > wrote: > >> Charles, >> >> You’ve created a new user in the system, and by default he’s not going to >> inherit any permissions. You’ll need to add a role to the user to access >> any projects. A command such as this should provide you admin access to the >> default project: >> >> oc policy add-role-to-user admin admin -n default >> >> That command would need to be run by a user that already has access to >> manage users/policies. >> >> https://docs.openshift.org/latest/admin_guide/manage_users.html >> https://docs.openshift.org/latest/admin_guide/manage_authorization_policy.html >> >> >> >> -- >> John Skarbek >> >> On May 20, 2016 at 07:26:12, Charles Moulliard ([email protected]) >> wrote: >> >> Hi, >> >> I have configured Openshift Origin (version 18 of May 2016) with an >> external identoty provider. The user (admin/admin) can be authenticated and >> I get an openshift token that I can use with the oc client >> >> Example : >> >> oc login https://192.168.99.100:8443 >> <https://urldefense.proofpoint.com/v2/url?u=https-3A__192.168.99.100-3A8443_&d=DQMFaQ&c=_hRq4mqlUmqpqlyQ5hkoDXIVh6I6pxfkkNxQuL0p-Z0&r=8IlWeJZqFtf8Tvx1PDV9NsLfM_M0oNfzEXXNp-tpx74&m=4eKzKQcdruAb8UKtxZlpQDMyFNWvQPRX9tkRyp2HdmA&s=TBXLX44CvebArboUT84P8RtnKiaAQjIemE8VqZRRY14&e=> >> --token=g-4GsryPAdD6kttH6JV295xr3exXr46IsKtZjLt0gx4 >> Logged into "https://192.168.99.100:8443 >> <https://urldefense.proofpoint.com/v2/url?u=https-3A__192.168.99.100-3A8443_&d=DQMFaQ&c=_hRq4mqlUmqpqlyQ5hkoDXIVh6I6pxfkkNxQuL0p-Z0&r=8IlWeJZqFtf8Tvx1PDV9NsLfM_M0oNfzEXXNp-tpx74&m=4eKzKQcdruAb8UKtxZlpQDMyFNWvQPRX9tkRyp2HdmA&s=TBXLX44CvebArboUT84P8RtnKiaAQjIemE8VqZRRY14&e=>" >> as "admin" using the token provided. >> >> You don't have any projects. You can try to create a new project, by >> running >> >> $ oc new-project <projectname> >> >> As we can see, I'm connected and authenticated to the platform but no >> projects are assigned to the user 'admin' >> >> If I try to access the project default or create it, then that fails >> >> ./oc project default >> error: You are not a member of project "default". >> >> ./oc new-project default >> Error from server: project "default" already exists >> >> What should I do to get/access the projects ? >> >> Regards, >> >> Charles >> _______________________________________________ >> users mailing list >> [email protected] >> >> https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.openshift.redhat.com_openshiftmm_listinfo_users&d=DQICAg&c=_hRq4mqlUmqpqlyQ5hkoDXIVh6I6pxfkkNxQuL0p-Z0&r=8IlWeJZqFtf8Tvx1PDV9NsLfM_M0oNfzEXXNp-tpx74&m=4eKzKQcdruAb8UKtxZlpQDMyFNWvQPRX9tkRyp2HdmA&s=X6YK_Wk_emk5ygZW67RJ96aX-ROo-43r40o8Pf5Nfio&e= >> >> > > _______________________________________________ > users mailing list > [email protected] > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > >
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
