Re: Any alternative to "oc adm policy add-scc-to-user" ?
Right you are again, my bad as i i've mixed things up. SCC has the equivalent of K8 PSP and not all the SCC been incorporated (yet) into PSP. Now is all clear in my head, thanks for taking the time to respond. On Fri, May 25, 2018 at 9:31 AM, Vyacheslav Semushinwrote: > 2018-05-25 10:23 GMT+02:00 Daniel Comnea : > >> Slava, >> >> spot on !!! >> >> I don't know why i was under the impression that in 3.7 RBAC been fully >> implemented and everything on parity, guess i was wrong. >> > > One doesn't exclude another: RBAC was fully implemented and replaced our > previous mechanisms. But based on my understanding, RBAC is mostly about > authentication/authorization so it has low relation with SCC. Also because > SCC is our own API we didn't implement such integration before. > > > -- > Slava Semushin | OpenShift > ___ dev mailing list dev@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
Re: Any alternative to "oc adm policy add-scc-to-user" ?
2018-05-25 10:23 GMT+02:00 Daniel Comnea: > Slava, > > spot on !!! > > I don't know why i was under the impression that in 3.7 RBAC been fully > implemented and everything on parity, guess i was wrong. > One doesn't exclude another: RBAC was fully implemented and replaced our previous mechanisms. But based on my understanding, RBAC is mostly about authentication/authorization so it has low relation with SCC. Also because SCC is our own API we didn't implement such integration before. -- Slava Semushin | OpenShift ___ dev mailing list dev@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
Re: Any alternative to "oc adm policy add-scc-to-user" ?
Slava, spot on !!! I don't know why i was under the impression that in 3.7 RBAC been fully implemented and everything on parity, guess i was wrong. Thank you for sharing the PR, it has very useful info there ...how on earth i missed it ;-( Best, Dani On Fri, May 25, 2018 at 8:31 AM, Vyacheslav Semushinwrote: > 2018-05-24 23:16 GMT+02:00 Daniel Comnea : > >> Hi, >> >> Is any alternative to "oc adm policy add-scc-to-user" command in the >> same way there is one for "oc create serviceaccount foo" which can >> be achieved by >> >> apiVersion: v1 >> >> kind: ServiceAccount >> >> metadata: >> >> name: foo-sa >> >> namespace: foo >> >> >> I'd like to be able to put all the info in a file rather than run oc cmd >> sequentially. >> > > No, there was no alternative except editing SCC via oc edit/oc patch/etc. > > Since 3.10 it became possible to use ClusterRole and ClusterRoleBindings > for such things. See related PR for details: https://github.com/openshift/ > origin/pull/19349 It also has a link to a Trello card that contains a few > pointers. > > > -- > Slava Semushin | OpenShift > ___ dev mailing list dev@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
Re: Any alternative to "oc adm policy add-scc-to-user" ?
2018-05-24 23:16 GMT+02:00 Daniel Comnea: > Hi, > > Is any alternative to "oc adm policy add-scc-to-user" command in the same > way there is one for "oc create serviceaccount foo" which can be achieved > by > > apiVersion: v1 > > kind: ServiceAccount > > metadata: > > name: foo-sa > > namespace: foo > > > I'd like to be able to put all the info in a file rather than run oc cmd > sequentially. > No, there was no alternative except editing SCC via oc edit/oc patch/etc. Since 3.10 it became possible to use ClusterRole and ClusterRoleBindings for such things. See related PR for details: https://github.com/openshift/origin/pull/19349 It also has a link to a Trello card that contains a few pointers. -- Slava Semushin | OpenShift ___ dev mailing list dev@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/dev