RedHat OpenShift: Difference between revisions

VisualWikitext

Latest revision as of 17:29, 15 October 2024

Users

User types

Regular users: Regular users are normal users such as developers and cluster administrators. They interact with the OpenShift environment through their user accounts and have specific permissions based on their roles (e.g., developer, admin).
System users: These are internal system accounts created on each node, typically prefixed with system: (e.g., system:admin, system:master). These accounts are used by OpenShift for essential system-level tasks and operations.
Service users: Service accounts are created to allow communication between services. They are prefixed with system:serviceaccount: and are used to enable secure interactions between components (e.g., system:serviceaccount:myproject:myservice).

Oauth Server

Modes

Allow all: In this mode, any user can log in with any password, and the password will not be validated. If a user does not already exist, OpenShift will automatically create the user account upon login. This is useful for development or testing environments but not secure for production.
Deny all: This mode denies all login attempts by default. User accounts must be created and activated by an administrator before they can be used. This is a more secure setup for production environments.

The configuration for these settings is managed in the /etc/openshift/master/master-config.yaml file.

@@ Line 3: / Line 3: @@
 === User types ===
-* regular: regular users are normal users such as developers and people who manages the cluster (e.g. developer)
+* '''Regular users''': Regular users are normal users such as developers and cluster administrators. They interact with the OpenShift environment through their user accounts and have specific permissions based on their roles (e.g., developer, admin).
-* system: system users are users that are created on each node and have the prefix system: (e.g. system:admin, system:master)
+* '''System users''': These are internal system accounts created on each node, typically prefixed with <code>system:</code> (e.g., <code>system:admin</code>, <code>system:master</code>). These accounts are used by OpenShift for essential system-level tasks and operations.
-* service: service users are users that are created to allow the communication between services  with the prefix system:serviceaccount (e.g. system:serviceaccount:user)
+* '''Service users''': Service accounts are created to allow communication between services. They are prefixed with <code>system:serviceaccount:</code> and are used to enable secure interactions between components (e.g., <code>system:serviceaccount:myproject:myservice</code>).
 === Oauth Server ===
@@ Line 11: / Line 11: @@
 ==== Modes ====
-* Allow all: all user is allowed with any password, password is not validated, if the user does not exists the server will automatically create one.
+* '''Allow all''': In this mode, any user can log in with any password, and the password will not be validated. If a user does not already exist, OpenShift will automatically create the user account upon login. This is useful for development or testing environments but not secure for production.
-* Deny all: by default will deny all users, to create a user an administrator will create an account and actvate it so it can be used.
+* '''Deny all''': This mode denies all login attempts by default. User accounts must be created and activated by an administrator before they can be used. This is a more secure setup for production environments.
-This configuration can be managed at /etc/openshift/master/master-config.yaml
+The configuration for these settings is managed in the <code>/etc/openshift/master/master-config.yaml</code> file.