OpenShift Security Operations: Difference between revisions
Jump to navigation
Jump to search
| Line 55: | Line 55: | ||
='Secret' Operations= | ='Secret' Operations= | ||
{{ | {{Internal|OpenShift Secrets Operations|Secrets Operations}} | ||
Secrets | |||
=Service Account Operations= | =Service Account Operations= | ||
Revision as of 17:36, 30 January 2018
Internal
List All Cluster Role Bindings
oc get clusterrolebindings
List Role Bindings for a Specific Role
oc get clusterrolebindings/cluster-admins
List All Project Role Bindings
oc get rolebindings [-n <target-project-name>]
Alternative:
oc describe policyBindings
Can I?
oc policy can-i
Who Can?
oc policy who-can
Make a User a Cluster Administrator
This command can be used to make regular users cluster administrators:
oadm policy add-cluster-role-to-user cluster-admin ovidiu
Assign a Cluster Role to an User
oadm policy add-cluster-role-to-user cluster-reader nodev
Enable system:admin Remote Access
OAuth Client Operations
List all OAuth clients:
oc get oauthclients
List one:
oc get oauthclient kibana-proxy
oc edit oauthclient kibana-proxy
'Secret' Operations
Service Account Operations
Query Service Accounts for a Project
oc get sa
oc get serviceaccount [service-account-name]
List the Secrets associated with a Service Account
oc get sa -o yaml <service-account-name>
apiVersion: v1 kind: ServiceAccount ... imagePullSecrets: - name: builder-dockercfg-pgcfb secrets: - name: builder-token-04jmh - name: builder-dockercfg-pgcfb
Link the Secret to a Service Account
Create a New Service Account
Service accounts can be created as follows:
echo '{"kind":"ServiceAccount","apiVersion":"v1","metadata":{"name":"registry"}}' | oc create -n default -f -
Security Context Constraints Operations
Aslo see
Get All SCCs
Return all cluster-wide available SCCs. The cluster administrators can execute the command:
oc get scc
Get a SCC
oc get -o yaml scc/<scc-name>