OpenShift Security Concepts
Jump to navigation
Jump to search
External
Internal
User
Interaction with OpenShift is associated with a user. The users are internally represented with an User object, which in turn represents an actor. Permissions can be given to actors in the system by adding roles to them, or their groups. There are several user types:
Regular User
Regular users are created upon login or via the API.
System User
Most system users are created automatically when the infrastructure is defined, for the purpose of enabling the infrastructure to interact with the API securely. System users include:
The Cluster Administrator
The cluster administrator has access to everything.
"system:admin"
Per-Node User
Group
Authentication
Authentication Methods
Identity Providers
Authorization
Security Context Constraints
OpenShift uses Security Context Constraints (SCCs) to control the actions that a pod can perform and what it has the ability to access.