OpenShift Security Operations: Difference between revisions
Jump to navigation
Jump to search
Line 72: | Line 72: | ||
oc env <''target-object''> --from=secret/<''secret-name''> --prefix=DB_ | oc env <''target-object''> --from=secret/<''secret-name''> --prefix=DB_ | ||
==Expose as a Mounted Volume== | |||
oc set volume <''target-object''> --add --overwrite --name=<''some-name''> --mount-path /some-path --secret-name=<''secret-name''> | |||
=Service Account Operations= | =Service Account Operations= |
Revision as of 23:25, 22 November 2017
Internal
List All Cluster Role Bindings
oc get clusterrolebindings
List Role Bindings for a Specific Role
oc get clusterrolebindings/cluster-admins
List All Project Role Bindings
oc get rolebindings [-n <target-project-name>]
Alternative:
oc describe policyBindings
Can I?
oc policy can-i
Who Can?
oc policy who-can
Make a User a Cluster Administrator
This command can be used to make regular users cluster administrators:
oadm policy add-cluster-role-to-user cluster-admin ovidiu
Enable system:admin Remote Access
OAuth Client Operations
List all OAuth clients:
oc get oauthclients
List one:
oc get oauthclient kibana-proxy
oc edit oauthclient kibana-proxy
'Secret' Operations
List Secrets
List all secrets:
oc get secrets
Create a Secret
echo "..." > ./some-data.txt oc secret new some-secret key_1=some-data.txt
Extract Data from a Secret
Extract data from a given secret:
cd ~/tmp oc extract secret/logging-kibana-proxy [--keys=oauth-secret] --confirm
Expose as Environment Variable
oc env <target-object> --from=secret/<secret-name> --prefix=DB_
Expose as a Mounted Volume
oc set volume <target-object> --add --overwrite --name=<some-name> --mount-path /some-path --secret-name=<secret-name>
Service Account Operations
Query Service Accounts for a Project
oc get sa
Create a New Service Account
Service accounts can be created as follows:
echo '{"kind":"ServiceAccount","apiVersion":"v1","metadata":{"name":"registry"}}' | oc create -n default -f -