OpenShift Enable system:admin Remote Access: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
Line 54: Line 54:
     client-certificate-data: LS0tLS1...
     client-certificate-data: LS0tLS1...
     client-key-data: LS0tLS1...
     client-key-data: LS0tLS1...
When the changes are saved, the "system:admin" user is automatically logged in:
oc whoami
system:admin

Revision as of 22:21, 5 July 2017

Internal

Overview

This procedure will enable remote access with oc for the cluster administrator.

Procedure

Log in as a regular user, this will create the .kube/config structure.

oc login
Server [https://localhost:8443]: https://master.openshift.example.com
...
Username: ...
...
Login successful.

This will create a .kube/config file.

Log out:

oc logout

Edit .kube/config file, replacing the username provided during the last login with "system:admin" as follows:

apiVersion: v1
clusters:
- cluster:
    insecure-skip-tls-verify: true
    server: https://master.openshift.example.com:443
  name: master-openshift-example-com:443
contexts:
- context:
    cluster: master-openshift-example-com:443
    user: system:admin/master-openshift-example-com:443
  name: /master-openshift-example-com:443/ovidiu
current-context: /master-openshift-example-com:443/system:admin
kind: Config
preferences: {}
users:
- name: system:admin/master-openshift-example-com:443
  user: {}

Access the OpenShift master server and get the 'client-certificate-data' and 'client-key-data' entries from /etc/origin/master/admin.kubeconfig, for the "system:admin" user.

Append them to the local .kube/config as follows:

...
users:
- name: system:admin/master-openshift-example-com:443
  user:
   client-certificate-data: LS0tLS1...
   client-key-data: LS0tLS1...

When the changes are saved, the "system:admin" user is automatically logged in:

oc whoami
system:admin