Skip to main content

OpenShift ACLs

Hands-On Lab


Photo of joel


Training Architect





OpenShift ACLs In this scenario, you have been tasked with creating a group called classroom with three new users - pinehead:linuxacademy - su:pinkpengs - rocky:openstack Each user should have view privileges to the cluster. Use group ACLs to configure permissions for your users. AllowAll authentication is enabled on the cluster, so create your users by logging in with the passwords provided above.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

  • SSH into the master node
ssh cloud_user@{OpenShift_Master_Public_IP}
  • Change to root user
sudo -i
  • Create users pinehead, su, and rocky
oc login -u pinehead -p linuxacademy
oc login -u su -p pinkpengs
oc login -u rocky -p openstack
  • Log back into the cluster as system:admin
export KUBECONFIG=/etc/origin/master/admin.kubeconfig
oc login -usystem:admin -ndefault
  • Create classroom group
oc adm groups new classroom pinehead su rocky
  • Add the view rolebinding to the classroom group
oc adm policy add-cluster-role-to-group view classroom
  • Add the admin role to pinehead
oc adm policy add-role-to-user admin pinehead -n openshift
  • Check pinehead's access
oc describe rolebinding.rbac -n openshift