Bootstrap FreeKB - OpenShift - Create group using the oc adm groups command
OpenShift - Create group using the oc adm groups command

Updated:   |  OpenShift articles

If you are not familiar with the oc command, refer to OpenShift - Getting Started with the oc command.

Here is a basic illustration of how a user, group or service account get mapped to permissions.

 

The oc adm groups new command can be used to create a group. In this example, the group named my-group-admins will be created with no users added as members of the group.

~]$ oc adm groups new my-group-admins
group.user.openshift.io/my-group-admins created

 

And here is how you would create a group that has one or more users added as members of the group. You may want to use the oc get users command to ensure the users account exists.

~]$ oc adm groups new my-group-admins
group.user.openshift.io/my-group-admins created john.doe jane.doe

 

The oc get group command can then be used to ensure the group exists and to see the group has no users.

~]$ oc get group my-group-admins
NAME                          USERS
my-group-admins               john.doe jane.doe

 

A group is almost always associated with a Role Binding so it might be a good design to have the groups match the Role Bindings.

Group Name Role
my-group-admins admin
my-group-cluster-admins cluster-admin
my-group-cluster-status cluster-status
my-group-cluster-readers cluster-reader
my-group-editors edit
my-group-self-provisioners self-provisioner
my-group-viewers view

 

This one liner can be used to list the Cluster Role Bindings that have been mapped to the group. In this example the Cluster Role Binding named "my-role-admins" is mapped to my-group-admins.

~]$ for crb in `oc get clusterrolebindings | awk '{print $1'}`; do echo $crb; oc describe clusterrolebinding $crb | grep -i my_group; done;
my-role-admins
  Group  my-group-admins

 

Then the oc describe clusterrolebinding command can be used to show that Cluster Role Binding my-role-admins has group my-group-admins and role cluster-admin.

~]$ oc describe clusterrolebinding admin
Name:         admin
Labels:       <none>
Annotations:  <none>
Role:
  Kind:  ClusterRole
  Name:  admin
Subjects:
  Kind            Name              Namespace
  ----            ----              ---------
  Group           my-group-admins

 




Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee



Comments


Add a Comment


Please enter 8ccfd1 in the box below so that we can be sure you are a human.