> On 7 Jun 2017, at 3:01 AM, Ulf Lilleengen <[email protected]> wrote:
>
> Hi Henryk,
>
> Not sure if this is applicable to your setup, but an alternative is to point
> oc to admin.kubeconfig. E.g.:
>
> oc --config /var/lib/origin/openshift.local.config/master/admin.kubeconfig
> adm policy add-cluster-role-to-user cluster-admin developer
>
> I've been using this way as 'oc login -u system:admin' didn't work with my
> dev setup (created using 'oc cluster up') for some reason. It seems to work
> when using minishift, so I'd love to know what's causing it as well.
If you have access to the master node that will work. Sometimes the master
nodes will already have cached login as admin from setup of cluster and just
being able to access the master node as root will leave you as admin user
anyway.
Another alternative is if you have granted specific user sudoer role access,
then such a user could use impersonation to run:
oc admin policy add-cluster-role-to-user cluster-admin developer --as
system:admin
See:
https://docs.openshift.com/online/architecture/additional_concepts/authentication.html#authentication-impersonation
<https://docs.openshift.com/online/architecture/additional_concepts/authentication.html#authentication-impersonation>
Graham
> Hth,
>
> Ulf
>
> On 06. juni 2017 16:16, Henryk Konsek wrote:
>> Hi Graham,
>> That would be probably fine. I assume that I should log in as system:admin
>> in order to execute those commands, right?
>> The problem is that I cannot switch to system:admin...
>> oc login -u system:admin
>> Authentication required for https://localhost:8443 <https://localhost:8443/>
>> (openshift)
>> Username: system:admin
>> Password:
>> error: username system:admin is invalid for basic auth
>> Any idea what I'm doing wrong?
>> Cheers!
>> pon., 5 cze 2017 o 12:28 użytkownik Graham Dumpleton <[email protected]
>> <mailto:[email protected]> <mailto:[email protected]
>> <mailto:[email protected]>>> napisał:
>> > On 5 Jun 2017, at 8:13 PM, Henryk Konsek <[email protected]
>> <mailto:[email protected]>
>> <mailto:[email protected] <mailto:[email protected]>>> wrote:
>> >
>> > Hi,
>> >
>> > Quick question. Is there an easy way to grant "system:admin"
>> privileges to "admin" user? I'd like to make it possible for 'admin'
>> user to list projects and namespaces for example. I'm aware that
>> this is not recommended for production environment, but this is
>> something we need for an automation of our integration tests suite.
>> Not sure if suits your requirements, but presuming 'username'
>> exists, as user who already has admin rights, try:
>> oc adm policy add-cluster-role-to-user cluster-reader username
>> If only want them to be able to read view stuff but not modify, or:
>> oc adm policy add-cluster-role-to-user cluster-admin username
>> if want to allow them full edit ability on cluster.
>> Replace 'username' with actual name of user.
>> Graham
>> --
>> Henryk Konsek
>> https://linkedin.com/in/hekonsek
>> _______________________________________________
>> users mailing list
>> [email protected] <mailto:[email protected]>
>> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>> <http://lists.openshift.redhat.com/openshiftmm/listinfo/users>
>
> --
> Ulf
_______________________________________________
users mailing list
[email protected]
http://lists.openshift.redhat.com/openshiftmm/listinfo/users
