Well, you can't use it in console like that, because the "system:admin" is authenticated using a client certificate and it is accessible only for 'oc' binary, not for web console.
But regarding templates, you can still create them as an user in a specific user project (namespace). It does not have to be necessary cluster-wide-visible namespace to have a template accessible by a specific user. Ad. seeing default project, it is all about setting proper policy for the project to be seen by a user developer. To have admin-like experience OOTB for CDK, it would require additional configuration on CDK side - set up user(s) with admin privileges. On Wed, Mar 29, 2017 at 3:40 PM, Burr Sutter <[email protected]> wrote: > I am not sure why this is so hard....here is what our end-user sees > > https://screencast.com/t/YxEIldeXNa > > > > On Wed, Mar 29, 2017 at 1:02 AM, Praveen Kumar <[email protected]> wrote: > >> On Wed, Mar 29, 2017 at 2:19 AM, Burr Sutter <[email protected]> wrote: >> > >> > >> > On Tue, Mar 28, 2017 at 4:47 PM, Hardy Ferentschik <[email protected] >> > >> > wrote: >> >> >> >> Hi, >> >> >> >> > OK, but when I login into the console as 'developer' and >> 'developer', I >> >> > do >> >> > not see the OpenShift namespace/project like a "administrator" would. >> >> >> >> and you want to see this why? >> > >> > >> > I am adding templates and image streams in order to use the FIS >> capabilities >> > we offer >> >> So achieve that I think you should login as 'system:admin' first and >> add required template to defined namespace and make additional changes >> (which might only can be done as administrator) or you can use >> developer as sudo and use '--as system:admin' when adding the >> templates to defined namespace which normal developer user doesn't >> have access. >> >> > >> > >> >> >> >> >> >> > The ultimate goal is to let the human (end-user) log in to the >> console >> >> > as >> >> > the Admin so he/she can see their work. >> >> >> >> This part I don't get. A user should not create application (their >> work) >> >> in the default/openshift namespace. They are reserved namespaces. >> >> Your work is in 'myproject' or any other namespace you are going to >> >> create. >> > >> > >> > I said "see" not "create" :-) >> > >> >> >> >> >> >> > Right now, I would say our current approach of system:admin with no >> >> > password is a bug >> >> >> >> AFAIU, there is even no other way then to use certificate based >> >> authentication >> >> for sytem:admin. This account is special. You literally cannot login >> any >> >> other way. This is different to the 'admin' user in CDK. In CDK we had >> an >> >> 'admin' user (on top of the openshift-dev user) which got assigned the >> >> cluster admin role - >> >> https://github.com/projectatomic/adb-utils/blob/master/ >> services/openshift/scripts/openshift_provision#L196 >> >> >> >> So one can add the same role to the developer user in Minishift, either >> >> per default or via an addon (something we are working on right now) or >> >> one creates another admin user as per CDK. Addon might be the best way >> to >> >> go. >> > >> > >> > I do not care if the user is "foomanchew" and the password is >> "haveaniceday" >> > but I do need access to web console as the "super user"/"cluster admin" >> of >> > the openshift instance. >> > >> > It is my personal openshift instance, why can't I be the administrator? >> >> You are the administrator of your instance it's just the way `oc >> cluster up` setting up users doesn't create a separate user for admin >> with password but have system:admin which can be used to gain >> administrator privilege for your instance and then add any user as >> admin with password. Now as per thread you need something similar >> experience for user like we had for CDK-2.x and that something we can >> do once addon features are in place which will be soon. >> >> >> -- >> Praveen Kumar >> https://fedoraproject.org/wiki/User:Kumarpraveen >> > > > _______________________________________________ > Devtools mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/devtools > >
_______________________________________________ Devtools mailing list [email protected] https://www.redhat.com/mailman/listinfo/devtools
