Saturday, December 16, 2017

oc cluster up : how to enable admin privileges

Once you install OpenShift with "oc cluster up", you are confronted with a frustrating situation: you are told to login as

oc login -u system -p admin

to be a cluster administrator, but in reality you are just a regular user.

If you try to do

oc adm policy add-cluster-role-to-user cluster-admin system

you get a

Error from server (Forbidden): User "system" cannot list clusterrolebindings.authorization.openshift.io at the cluster scope: User "system" cannot list all clusterrolebindings.authorization.openshift.io in the cluster (get clusterrolebindings.authorization.openshift.io)


After zillion of desperate attempts (including reinstalling everything a few times) I have found a way:

#become root
sudo su -
#login as admin, not as system
oc login -u admin -p admin
#grant yourself superhuman rights
oc adm policy add-cluster-role-to-user cluster-admin admin --config=/var/lib/origin/openshift.local.config/master/admin.kubeconfig
cluster role "cluster-admin" added: "admin"
#login again
oc login -u admin -p admin
Login successful.

You have access to the following projects and can switch between them with 'oc project ':

* default
kube-public
kube-system
myproject
openshift
openshift-infra
openshift-node

Using project "default".




and when I log into https://127.0.0.1:8443/console/ as admin/admin I can see all the Openshift internal projects.




No comments: