Manage Roles and Bindings

Create New Cluster Role

  1. Export a cluster role as the template.

    oc get clusterrole system:hpa-patcher -o yaml > clusterrole.yaml

  2. Edit the template for the new cluster role. For example:

    apiVersion: v1
kind: ClusterRole
metadata:
  name: custom:dc-patcher
rules:
- apiGroups:
  - ""
  attributeRestrictions: null
  resources:
  - deploymentconfigs
  verbs:
  - get
  - list
  - patch
  - watch

  3. Create the new cluster role.

    oc create -f clusterrole.yaml

  4. Add the new cluster role to an user.

    oadm policy add-cluster-role-to-user custom:dc-patcher <USERNAME>

  5. Add the new cluster role to an user for an specific project.

    oadm policy add-role-to-user custom:dc-patcher <USERNAME> -n <PROJECT>

  6. Verify the role-bindings.

    oc get rolebinding -n <PROJECT>
oc describe clusterPolicyBindings :default
PreviousOpenShiftNextPostgreSQL

Last updated