OpenShift Enable system:admin Remote Access: Difference between revisions
Jump to navigation
Jump to search
Line 2: | Line 2: | ||
* [[OpenShift Operations#Procedures|OpenShift Operations]] | * [[OpenShift Operations#Procedures|OpenShift Operations]] | ||
* [[oc login]] | |||
=Overview= | =Overview= |
Revision as of 22:22, 5 July 2017
Internal
Overview
This procedure will enable remote access with oc for the cluster administrator.
Procedure
Log in as a regular user, this will create the .kube/config structure.
oc login Server [https://localhost:8443]: https://master.openshift.example.com ... Username: ... ... Login successful.
This will create a .kube/config file.
Log out:
oc logout
Edit .kube/config file, replacing the username provided during the last login with "system:admin" as follows:
apiVersion: v1 clusters: - cluster: insecure-skip-tls-verify: true server: https://master.openshift.example.com:443 name: master-openshift-example-com:443 contexts: - context: cluster: master-openshift-example-com:443 user: system:admin/master-openshift-example-com:443 name: /master-openshift-example-com:443/ovidiu current-context: /master-openshift-example-com:443/system:admin kind: Config preferences: {} users: - name: system:admin/master-openshift-example-com:443 user: {}
Access the OpenShift master server and get the 'client-certificate-data' and 'client-key-data' entries from /etc/origin/master/admin.kubeconfig, for the "system:admin" user.
Append them to the local .kube/config as follows:
... users: - name: system:admin/master-openshift-example-com:443 user: client-certificate-data: LS0tLS1... client-key-data: LS0tLS1...
When the changes are saved, the "system:admin" user is automatically logged in:
oc whoami system:admin oc get nodes ...