openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity
Files
7db35630fb9c69eaaa6b106a06ed3c0c242738ed
openshift-docs/modules/rosa-create-cluster-admins.adoc
Olga Tikhomirova 7db35630fb OSDOCS-15935 - Removing unused ROSA assemblies
2025-10-29 14:03:36 +00:00

65 lines
2.3 KiB
Plaintext
Raw Blame History

// Module included in the following assemblies:
//
// * rosa_install_access_delete_clusters/rosa-sts-accessing-cluster.adoc
// * using-rbac.adoc
:_mod-docs-content-type: PROCEDURE
[id="rosa-create-cluster-admins_{context}"]
= Granting `cluster-admin` access
As the user who created the cluster, add the `cluster-admin` user role to your account to have the maximum administrator privileges. These privileges are not automatically assigned to your user account when you create the cluster.
Additionally, only the user who created the cluster can grant cluster access to other `cluster-admin` or `dedicated-admin` users. Users with `dedicated-admin` access have fewer privileges. As a best practice, limit the number of `cluster-admin` users to as few as possible.
.Prerequisites
* You have added an identity provider (IDP) to your cluster.
* You have the IDP user name for the user you are creating.
* You are logged in to the cluster.
.Procedure
. Give your user `cluster-admin` privileges:
+
[source,terminal]
----
$ rosa grant user cluster-admin --user=<idp_user_name> --cluster=<cluster_name>
----
+
. Verify your user is listed as a cluster administrator:
+
[source,terminal]
----
$ rosa list users --cluster=<cluster_name>
----
+
.Example output
[source,terminal]
----
GROUP NAME
cluster-admins rh-rosa-test-user
dedicated-admins rh-rosa-test-user
----
+
ifndef::openshift-rosa-hcp[]
. Enter the following command to verify that your user now has `cluster-admin` access. A cluster administrator can run this command without errors, but a dedicated administrator cannot.
+
[source,terminal]
----
$ oc get all -n openshift-apiserver
----
+
.Example output
[source,terminal]
----
NAME READY STATUS RESTARTS AGE
pod/apiserver-6ndg2 1/1 Running 0 17h
pod/apiserver-lrmxs 1/1 Running 0 17h
pod/apiserver-tsqhz 1/1 Running 0 17h
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/api ClusterIP 172.30.23.241 <none> 443/TCP 18h
NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
daemonset.apps/apiserver 3 3 3 3 3 node-role.kubernetes.io/master= 18h
----
endif::openshift-rosa-hcp[]
View Git Blame Copy Permalink