We are bringing the best of Tectonic to Red Hat OpenShift to build the most secure, hybrid Kubernetes application platform.
An administrator can be assigned to a cluster or to a specific namespace within a cluster. Administrators have full control over all resources within their cluster or namespace.
Before proceeding, ensure that the prerequisites given in the respective Identity Provider (IdP) section are met. Depending on the IdP used in the deployment, see one of the following:
Access rights are granted to a user associated with an administrator role by using a Role Binding. Do either of the following in Tectonic Console:
Grant access rights to an administrator by associating an appropriate Cluster Role with a Cluster Role Binding. Cluster Role Binding grants permissions to users in all namespaces across the entire cluster. Use the default cluster-admin
role for cluster administration. namespace
is omitted from the configuration because Cluster Roles are not namespaced.
In this example, a Cluster-wide Role Binding, SFO-DC
is created for the default cluster-admin
role that has full control over the resources in the cluster. To verify, go to the Roles page, click cluster-admin
, then select Role Bindings. If creating this Role Binding is successful, SFO-DC
will be listed under the Role Bindings associated with the cluster-admin
role.
Tectonic configures four default namespaces: default
, kube-system
, kube-public
, and tectonic-system
. The namespace administrator role will have full permission to the objects in a namespace. To assign a namespace administrator, use one of the default Cluster or Namespace Roles, or create a new role for the selected Namespace. Bind the role to an appropriate Role Binding.
While a Cluster Role can be bound down the hierarchy to a Namespace Role Binding, a Namespace Role can't be promoted up the hierarchy to be bound to a Cluster Role Binding.
In this example, a Namespace Role Binding, SFO-kubesystem
is created for the default admin
role that has full control over the resources in the kube-system
. To verify, go to the Roles page, click cluster-admin
, then select Role Bindings. If creating this Role Binding is successful, SFO-kubesystem
will be listed under the Role Bindings associated with the admin
role.