Administering your cluster

OpenShift Dedicated 4

An overview of administering a cluster for OpenShift Dedicated 4

Red Hat OpenShift Documentation Team

Abstract

This document provides details on how to administer an OpenShift Dedicated 4 cluster.

Chapter 1. Managing administration roles and users

1.1. Understanding administration roles

1.1.1. The cluster-admin role

As an administrator of an OpenShift Dedicated cluster with Customer Cloud Subscriptions (CCS), you have access to the cluster-admin role. The user who created the cluster can add the cluster-admin user role to an account to have the maximum administrator privileges. These privileges are not automatically assigned to your user account when you create the cluster. While logged in to an account with the cluster-admin role, users have mostly unrestricted access to control and configure the cluster. There are some configurations that are blocked with webhooks to prevent destabilizing the cluster, or because they are managed in OpenShift Cluster Manager (OCM) and any in-cluster changes would be overwritten. Usage of the cluster-admin role is subject to the restrictions listed in your Appendix 4 agreement with Red Hat. As a best practice, limit the number of cluster-admin users to as few as possible.

1.1.2. The dedicated-admin role

As an administrator of an OpenShift Dedicated cluster, your account has additional permissions and access to all user-created projects in your organization’s cluster. While logged in to an account with the dedicated-admin role, the developer CLI commands (under the oc command) allow you increased visibility and management capabilities over objects across projects, while the administrator CLI commands (under the oc adm command) allow you to complete additional operations.

Note

While your account does have these increased permissions, the actual cluster maintenance and host configuration is still performed by the OpenShift Operations Team. If you would like to request a change to your cluster that you cannot perform using the administrator CLI, open a support case on the Red Hat Customer Portal.

1.2. Managing OpenShift Dedicated administrators

Administrator roles are managed using a cluster-admin or dedicated-admin group on the cluster. Existing members of this group can edit membership through OpenShift Cluster Manager (OCM).

1.2.1. Adding a user

Procedure

  1. Navigate to the Cluster Details page and Access Control tab.
  2. Click the Add user button (first user only).
  3. Enter the user name and select the group.
  4. Click the Add button.
Note

Adding a user to the cluster-admin group can take several minutes to complete.

Note

Existing dedicated-admin users cannot also be added to the cluster-admin group. You must first remove the user from the dedicated-admin group before adding the user to the cluster-admin group.

1.2.2. Removing a user

Procedure

  1. Navigate to the Cluster Details page and Access Control tab.
  2. Click the Options menu kebab to the right of the user and group combination and click Delete.

Legal Notice

Copyright © 2021 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.