OpenShift Security Concepts: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
Line 24: Line 24:


===Per-Node User===
===Per-Node User===
===Service Account===


=Group=
=Group=

Revision as of 20:03, 5 July 2017

External

Internal

User

Interaction with OpenShift is associated with a user. The users are internally represented with an User object, which in turn represents an actor. Permissions can be given to actors in the system by adding roles to them, or their groups. There are several user types:

Regular User

Regular users are created upon login or via the API.

System User

Most system users are created automatically when the infrastructure is defined, for the purpose of enabling the infrastructure to interact with the API securely. System users include:

The Cluster Administrator

The cluster administrator has access to everything.

"system:admin"

Per-Node User

Service Account

Group

Authentication

Authentication Methods

Identity Providers

Authorization

Security Context Constraints

https://docs.openshift.com/container-platform/latest/architecture/additional_concepts/authorization.html#security-context-constraints

OpenShift uses Security Context Constraints (SCCs) to control the actions that a pod can perform and what it has the ability to access.

Retrieved from "https://kb.novaordis.com/index.php?title=OpenShift_Security_Concepts&oldid=25974"