Manage Roles and Bindings

Create New Cluster Role

  1. Export a cluster role as the template.

    oc get clusterrole system:hpa-patcher -o yaml > clusterrole.yaml
  2. Edit the template for the new cluster role. For example:

    apiVersion: v1
    kind: ClusterRole
      name: custom:dc-patcher
    - apiGroups:
      - ""
      attributeRestrictions: null
      - deploymentconfigs
      - get
      - list
      - patch
      - watch
  3. Create the new cluster role.

    oc create -f clusterrole.yaml
  4. Add the new cluster role to an user.

    oadm policy add-cluster-role-to-user custom:dc-patcher <USERNAME>
  5. Add the new cluster role to an user for an specific project.

    oadm policy add-role-to-user custom:dc-patcher <USERNAME> -n <PROJECT>
  6. Verify the role-bindings.

    oc get rolebinding -n <PROJECT>
    oc describe clusterPolicyBindings :default

Last updated