mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
39 lines
1.5 KiB
Plaintext
39 lines
1.5 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * virt/live_migration/virt-about-live-migration.adoc
|
|
|
|
:_mod-docs-content-type: PROCEDURE
|
|
[id="virt-granting-live-migration-permissions_{context}"]
|
|
= Granting live migration permissions
|
|
|
|
[role="_abstract"]
|
|
You can grant trusted users or groups the ability to create, delete, and update live migration instances.
|
|
|
|
.Prerequisites
|
|
|
|
* The {oc-first} is installed.
|
|
* You have cluster administrator permissions.
|
|
|
|
.Procedure
|
|
|
|
* (Optional) To change the default behavior so that namespace administrators always have permission to create, delete, and update live migrations, aggregate the `kubevirt.io:migrate` role into the `admin` cluster role by running the following command:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc label --overwrite clusterrole kubevirt.io:migrate rbac.authorization.k8s.io/aggregate-to-admin=true
|
|
----
|
|
|
|
* Bind the `kubevirt.io:migrate` cluster role to trusted users or groups by running one of the following commands, replacing `<namespace>`, `<first_user>`, `<second_user>`, and `<group_name>` with your own values.
|
|
** To bind the role at the namespace level, run the following command:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc create -n <namespace> rolebinding kvmigrate --clusterrole=kubevirt.io:migrate --user=<first_user> --user=<second_user> --group=<group_name>
|
|
----
|
|
** To bind the role at the cluster level, run the following command:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc create clusterrolebinding kvmigrate --clusterrole=kubevirt.io:migrate --user=<first_user> --user=<second_user> --group=<group_name>
|
|
----
|