-
Notifications
You must be signed in to change notification settings - Fork 231
Add another user to cluster
Praveen Kumar edited this page Dec 20, 2022
·
3 revisions
For CRC we use htpasswd method to manage the users in the openshift cluster https://docs.openshift.com/container-platform/latest/authentication/identity_providers/configuring-htpasswd-identity-provider.html#add-identity-provider_configuring-htpasswd-identity-provider, by default we have developer and kubeadmin user which is created at disk creation time and kubeadmin user is having cluster-admin role.
If you want to add a new user to cluster following steps should work.
- Make sure you have
htpasswd(In fedora it is provided byhttpd-toolspackage)
$ export HTPASSWD_FILE=/tmp/htpasswd
$ htpasswd -c -B -b $HTPASSWD_FILE user1 password1
$ htpasswd -b $HTPASSWD_FILE user2 password2
$ cat $HTPASSWD_FILE
user1:$2y$05$4QxnejXAJ2nmnVFXlNXn/ega9BUrKbaGLpOtdS2LJXmbOECXWSVDa
user2:$apr1$O9jL/dfz$qXs216/W8Waw2.p7rvhJR.
// Make sure existing developer and kubeadmin user part of `htpasswd` file because kubeadmin is having cluster admin role.
$ oc get secrets htpass-secret -n openshift-config -ojsonpath='{.data.htpasswd}' | base64 -d >> htpasswd
$ oc create secret generic htpass-secret --from-file=$HTPASSWD_FILE -n openshift-config --dry-run -o yaml > /tmp/htpass-secret.yaml
$ oc replace -f /tmp/htpass-secret.yaml- Check the auth pods which are going to recreated because of this config change.
$ oc get pods -n openshift-authentication
$ oc get pods -n openshift-authentication
NAME READY STATUS RESTARTS AGE
oauth-openshift-7f4994c969-8fz44 1/1 Running 0 11s
oauth-openshift-7f4994c969-mjrjc 1/1 Running 0 11s