Chapter 6. Cluster Administrator Setup

Authentication

Set up the authentication using AllowAll Authentication method.

AllowAll Authentication

Set up an authentication model which allows all passwords. Edit /etc/origin/master/master-config.yaml on the OpenShift master and change the value of DenyAllPasswordIdentityProvider to AllowAllPasswordIdentityProvider. Then restart the OpenShift master.

  1. Now that the authentication model has been setup, login as a user, for example admin/admin:

    # oc login openshift master e.g. https://1.1.1.1:8443  --username=admin --password=admin
  2. Grant the admin user account the cluster-admin role.

    # oc login -u system:admin -n default
    Logged into "https:// <<openshift_master_fqdn>>:8443" as "system:admin" using existing credentials.
    
    You have access to the following projects and can switch between them with 'oc project <projectname>':
    
    *default
     glusterfs
     infra-storage
     kube-public
     kube-system
     management-infra
     openshift
     openshift-infra
     openshift-logging
     openshift-node
     openshift-sdn
     openshift-web-console
    
    Using project "default".
    
    # oc adm policy add-cluster-role-to-user cluster-admin admin
    cluster role "cluster-admin" added: "admin"

For more information on authentication methods, see https://access.redhat.com/documentation/en-us/openshift_container_platform/3.11/html-single/configuring_clusters/#identity-providers-configuring.