OpenShift Enable system:admin Remote Access: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
Line 43: Line 43:
  - name: <font color=red>'''system:admin'''</font/>/master-openshift-example-com:443
  - name: <font color=red>'''system:admin'''</font/>/master-openshift-example-com:443
   user: {}
   user: {}
Access the OpenShift master server and get the 'client-certificate-data' and 'client-key-data' entries from /etc/origin/master/admin.kubeconfig, for the "system:admin" user.
Append them to the local .kube/config as follows:
...
users:
- name: system:admin/master-openshift-example-com:443
  user:
    client-certificate-data: LS0tLS1...
    client-key-data: LS0tLS1...

Revision as of 22:18, 5 July 2017

Internal

Overview

This procedure will enable remote access with oc for the cluster administrator.

Procedure

Log in as a regular user, this will create the .kube/config structure.

oc login
Server [https://localhost:8443]: https://master.openshift.example.com
...
Username: ...
...
Login successful.

This will create a .kube/config file.

Log out:

oc logout

Edit .kube/config file, replacing the username provided during the last login with "system:admin" as follows:

apiVersion: v1
clusters:
- cluster:
    insecure-skip-tls-verify: true
    server: https://master.openshift.example.com:443
  name: master-openshift-example-com:443
contexts:
- context:
    cluster: master-openshift-example-com:443
    user: system:admin/master-openshift-example-com:443
  name: /master-openshift-example-com:443/ovidiu
current-context: /master-openshift-example-com:443/system:admin
kind: Config
preferences: {}
users:
- name: system:admin/master-openshift-example-com:443
  user: {}

Access the OpenShift master server and get the 'client-certificate-data' and 'client-key-data' entries from /etc/origin/master/admin.kubeconfig, for the "system:admin" user.

Append them to the local .kube/config as follows:

...
users:
- name: system:admin/master-openshift-example-com:443
  user:
   client-certificate-data: LS0tLS1...
   client-key-data: LS0tLS1...