OpenShift - Resolve "You are not a member of any projects"

Let's say "You are not a member of any projects" when issues the oc project command.

~]$ oc project default
error: You are not a member of project "default".
You are not a member of any projects. You can request a project to be created with the 'new-project' command.

 

To resolve this, you'll probably need to use the oc logout command and then use the oc login command to log in as a user that has the admin or cluster-admin role. Check out my article List Role Bindings for a better understanding of roles.

  • admin - Can view and modify any resource in a project/namespace except for quota
  • cluster-admin - full control
~]$ oc logout
Logged "john.doe" out on "https://api.openshift.example.com:6443"

~]$ oc login -u kubeadmin

 

As a user with the admin or cluster-admin role, you'll want to use the oc get groups command to determine if the user (john.doe in this example) is a member of any groups.

~]$ oc get groups
NAME          USERS
foo_group     john.doe
bar_group     jane.doe jack.doe

 

Role Bindings, or Role Based Access Control (RBAC), contain the mapping of user, group, or service account to a role.

  • Cluster Role Bindings gives a user, group or service account a certain role for every project/namespace
  • Role Bindings gives a user, group or service account a certain role for a specific project/namespace

The following roles can be used, and the user, group or service account must be mapped to the admin, edit or view role to be able to access projects.

  • admin - Can view and modify any resource in a project/namespace except for quota
  • basic-user - can view, but cannot edit or modify
  • cluster-admin - full control
  • cluster-status - view basic cluster status information
  • cluster-reader - can view, but cannot edit or modify
  • edit - can edit, but cannot view
  • self-provisioner - user can create their own projects
  • view - can view, but cannot edit or modify

The oc get clusterrolebindings command can be used to list the Cluster Role Bindings.

~]$ oc get clusterrolebinding
NAME               ROLE                      AGE
my-admins          ClusterRole/admin         157s
my-basic-users     ClusterRole/basic-user    106s
my-view-only       ClusterRole/view          205s

 

The oc describe clusterrolebinding command can be used to display more details for a specific cluster role binding. If the user (john.doe in this example) or the group (my_group in this example) is not listed, this can cause "You are not a member of any projects" to be returned.

~]$ oc describe clusterrolebinding my-basic-users
Name:         my-basic-users
Labels:       <none>
Annotations:  <none>
Role:
  Kind:  ClusterRole
  Name:  basic-user
Subjects:
  Kind   Name      Namespace
  ----   ----      ---------
  Group  my_group

 

In this scenario, the oc create clusterrolebinding command could be used to map a user or group to a role.

~]$ oc create clusterrolebinding my-view-only --clusterrole view --group my_group
clusterrolebinding.rbac.authorization.k8s.io/my-basic-users created

 




Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee

Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.





Please enter b1b71 in the box below so that we can be sure you are a human.




Comments

Web design by yours truely - me, myself, and I   |   jeremy.canfield@freekb.net   |