On Wed, Mar 29, 2017 at 10:35 AM, Marian Labuda <[email protected]> wrote:
> Well, you can't use it in console like that, because the "system:admin" is > authenticated using a client certificate and it is accessible only for 'oc' > binary, not for web console. > > But regarding templates, you can still create them as an user in a > specific user project (namespace). It does not have to be necessary > cluster-wide-visible namespace to have a template accessible by a specific > user. > Ad. seeing default project, it is all about setting proper policy for the > project to be seen by a user developer. > > To have admin-like experience OOTB for CDK, it would require additional > configuration on CDK side - set up user(s) with admin privileges. > Exactly my point!!! I need an OOTB solution :-) > In the old CDK we had an admin user ==> default: Configured users are (<username>/<password>): ==> default: openshift-dev/devel ==> default: admin/admin > > On Wed, Mar 29, 2017 at 3:40 PM, Burr Sutter <[email protected]> wrote: > >> I am not sure why this is so hard....here is what our end-user sees >> >> https://screencast.com/t/YxEIldeXNa >> >> >> >> On Wed, Mar 29, 2017 at 1:02 AM, Praveen Kumar <[email protected]> >> wrote: >> >>> On Wed, Mar 29, 2017 at 2:19 AM, Burr Sutter <[email protected]> wrote: >>> > >>> > >>> > On Tue, Mar 28, 2017 at 4:47 PM, Hardy Ferentschik < >>> [email protected]> >>> > wrote: >>> >> >>> >> Hi, >>> >> >>> >> > OK, but when I login into the console as 'developer' and >>> 'developer', I >>> >> > do >>> >> > not see the OpenShift namespace/project like a "administrator" >>> would. >>> >> >>> >> and you want to see this why? >>> > >>> > >>> > I am adding templates and image streams in order to use the FIS >>> capabilities >>> > we offer >>> >>> So achieve that I think you should login as 'system:admin' first and >>> add required template to defined namespace and make additional changes >>> (which might only can be done as administrator) or you can use >>> developer as sudo and use '--as system:admin' when adding the >>> templates to defined namespace which normal developer user doesn't >>> have access. >>> >>> > >>> > >>> >> >>> >> >>> >> > The ultimate goal is to let the human (end-user) log in to the >>> console >>> >> > as >>> >> > the Admin so he/she can see their work. >>> >> >>> >> This part I don't get. A user should not create application (their >>> work) >>> >> in the default/openshift namespace. They are reserved namespaces. >>> >> Your work is in 'myproject' or any other namespace you are going to >>> >> create. >>> > >>> > >>> > I said "see" not "create" :-) >>> > >>> >> >>> >> >>> >> > Right now, I would say our current approach of system:admin with no >>> >> > password is a bug >>> >> >>> >> AFAIU, there is even no other way then to use certificate based >>> >> authentication >>> >> for sytem:admin. This account is special. You literally cannot login >>> any >>> >> other way. This is different to the 'admin' user in CDK. In CDK we >>> had an >>> >> 'admin' user (on top of the openshift-dev user) which got assigned the >>> >> cluster admin role - >>> >> https://github.com/projectatomic/adb-utils/blob/master/servi >>> ces/openshift/scripts/openshift_provision#L196 >>> >> >>> >> So one can add the same role to the developer user in Minishift, >>> either >>> >> per default or via an addon (something we are working on right now) or >>> >> one creates another admin user as per CDK. Addon might be the best >>> way to >>> >> go. >>> > >>> > >>> > I do not care if the user is "foomanchew" and the password is >>> "haveaniceday" >>> > but I do need access to web console as the "super user"/"cluster >>> admin" of >>> > the openshift instance. >>> > >>> > It is my personal openshift instance, why can't I be the administrator? >>> >>> You are the administrator of your instance it's just the way `oc >>> cluster up` setting up users doesn't create a separate user for admin >>> with password but have system:admin which can be used to gain >>> administrator privilege for your instance and then add any user as >>> admin with password. Now as per thread you need something similar >>> experience for user like we had for CDK-2.x and that something we can >>> do once addon features are in place which will be soon. >>> >>> >>> -- >>> Praveen Kumar >>> https://fedoraproject.org/wiki/User:Kumarpraveen >>> >> >> >> _______________________________________________ >> Devtools mailing list >> [email protected] >> https://www.redhat.com/mailman/listinfo/devtools >> >> >
_______________________________________________ Devtools mailing list [email protected] https://www.redhat.com/mailman/listinfo/devtools
