OpenShift Security Operations: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
Line 68: Line 68:
  cd ~/tmp
  cd ~/tmp
  oc extract secret/logging-kibana-proxy [--keys=oauth-secret] --confirm
  oc extract secret/logging-kibana-proxy [--keys=oauth-secret] --confirm
==Expose as Environment Variable==
oc env <''target-object''> --from=secret/<''secret-name''> --prefix=DB_


=Service Account Operations=
=Service Account Operations=

Revision as of 23:23, 22 November 2017

Internal

List All Cluster Role Bindings

 oc get clusterrolebindings

List Role Bindings for a Specific Role

 oc get clusterrolebindings/cluster-admins

List All Project Role Bindings

oc get rolebindings [-n <target-project-name>]

Alternative: 

oc describe policyBindings

Can I?

oc policy can-i

Who Can?

oc policy who-can

Make a User a Cluster Administrator

This command can be used to make regular users cluster administrators: 

oadm policy add-cluster-role-to-user cluster-admin ovidiu

Enable system:admin Remote Access

Procedure to enable system:admin remote access

OAuth Client Operations

List all OAuth clients: 

oc get oauthclients

List one: 

oc get oauthclient kibana-proxy

oc edit oauthclient kibana-proxy

'Secret' Operations

List Secrets

List all secrets: 

oc get secrets

Create a Secret

echo "..." > ./some-data.txt
oc secret new some-secret key_1=some-data.txt

Extract Data from a Secret

Extract data from a given secret: 

cd ~/tmp
oc extract secret/logging-kibana-proxy [--keys=oauth-secret] --confirm

Expose as Environment Variable

oc env <target-object> --from=secret/<secret-name> --prefix=DB_

Service Account Operations

Query Service Accounts for a Project

oc get sa

Create a New Service Account

Service accounts can be created as follows: 

echo '{"kind":"ServiceAccount","apiVersion":"v1","metadata":{"name":"registry"}}'  | oc create -n default -f -
Retrieved from "https://kb.novaordis.com/index.php?title=OpenShift_Security_Operations&oldid=31892"