OpenShift - Create group using the oc adm groups command

If you are not familiar with the oc command, refer to OpenShift - Getting Started with the oc command.

The oc adm groups new command can be used to create a group. In this example, the group named my-group-admins will be created with no users added as members of the group.

~]$ oc adm groups new my-group-admins
group.user.openshift.io/my-group-admins created

 

And here is how you would create a group that has one or more users added as members of the group. You may want to use the oc get users command to ensure the users account exists.

~]$ oc adm groups new my-group-admins
group.user.openshift.io/my-group-admins created john.doe jane.doe

 

The oc get group command can then be used to ensure the group exists and to see the group has no users.

~]$ oc get group my-group-admins
NAME                          USERS
my-group-admins               john.doe jane.doe

 

A group is almost always associated with a Role Binding so it might be a good design to have the groups match the Role Bindings.

Group Name Role
my-group-admins admin
my-group-cluster-admins cluster-admin
my-group-cluster-status cluster-status
my-group-cluster-readers cluster-reader
my-group-editors edit
my-group-self-provisioners self-provisioner
my-group-viewers view

 

This one liner can be used to list the Cluster Role Bindings that have been mapped to the group. In this example the Cluster Role Binding named "my-role-admins" is mapped to my-group-admins.

~]$ for crb in `oc get clusterrolebindings | awk '{print $1'}`; do echo $crb; oc describe clusterrolebinding $crb | grep -i my_group; done;
my-role-admins
  Group  my-group-admins

 

Then the oc describe clusterrolebinding command can be used to show that Cluster Role Binding my-role-admins has group my-group-admins and role cluster-admin.

~]$ oc describe clusterrolebinding admin
Name:         admin
Labels:       <none>
Annotations:  <none>
Role:
  Kind:  ClusterRole
  Name:  admin
Subjects:
  Kind            Name              Namespace
  ----            ----              ---------
  Group           my-group-admins

 




Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee

Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.





Please enter f513b in the box below so that we can be sure you are a human.




Comments

Web design by yours truely - me, myself, and I   |   jeremy.canfield@freekb.net   |