Manage Roles and Bindings

Create New Cluster Role

1. Export a cluster role as the template.

   Copy

   oc get clusterrole system:hpa-patcher -o yaml > clusterrole.yaml

2. Edit the template for the new cluster role. For example:

   Copy

   apiVersion: v1
   kind: ClusterRole
   metadata:
     name: custom:dc-patcher
   rules:
   - apiGroups:
     - ""
     attributeRestrictions: null
     resources:
     - deploymentconfigs
     verbs:
     - get
     - list
     - patch
     - watch

3. Create the new cluster role.

   Copy

   oc create -f clusterrole.yaml

4. Add the new cluster role to an user.

   Copy

   oadm policy add-cluster-role-to-user custom:dc-patcher <USERNAME>

5. Add the new cluster role to an user for an specific project.

   Copy

   oadm policy add-role-to-user custom:dc-patcher <USERNAME> -n <PROJECT>

6. Verify the role-bindings.

   Copy

   oc get rolebinding -n <PROJECT>
   oc describe clusterPolicyBindings :default