Authentication and authorization:
Authentication will check whether user has access or not from the system
Authorization : It will user has a right role or access for application side.
Openshift has a two roles 1) cluster role 2) Project role
#oc get clusterrolebinding
#oc get rolebinding
1) Create users
2) Integrate users with OCP
3) How to assign roles as per requirement of user
4) How to create groups
5) How to add users to the groups
Create a user through htpasswd
#htpasswd -c -B -b filename username password
-B option is encrypied the password
-b - single line command
#oc get secret -n openshift-config
Secret has 3 types such as Docker-registry, generic and tls.
#oc create secret generic mysecret --from-file=test -n openshift-config
Create users
#htpasswd -B -b myusers test1 passwd
Integrate users with OCP environment
#oc create secret generic mysecret --from-file=htpasswd=myusers -n openshift-config
#oc get secret mysecret -n openshift-config -o yaml
#oc get oauth cluster -o yaml > oauth.yaml
#oc replace -f oauth.yaml
Testing the login with OCP environment
#oc login -u test -p passwd
#oc new-project testing1
#oc describe project testing1
Edit the yaml file through vim with GUI
#vi .vimrc
autocmd FileType yaml setlocal ts=2 cuc curl
cuc - cursal problem
curl - cursal line
aicuc - Auto indentation
We can able to get a roles details under clusterrolebinding:
#oc get clusterrolebinding | grep -i cluster-admin
#oc describe clusterrolebinding cluster-admin
Delete a role under clusterrolebinding:
#oc delete clusterrolebinding cluster-admin
Do view the policy
#oc adm policy
Default role of cluster and project policy:
Cluster - Cluster-admin and self-provisioner
Project - admin, edit and view
Adding a user into role
#oc adm policy add-cluster-role-to-user cluster-admin username
Remove a role from user
#oc adm policy remove-cluster-role-from-group self-provisioner user
#oc adm policy remove-cluster-role-from-group self-provisioner system:authenticated:oauth
No comments:
Post a Comment