OpenShift Red Hat

Cluster admin access in OCP 4.x via WebUI

In the last blog post we went over how to add users to your OpenShift 4.x cluster using basic htpasswd authentication. In this post I will detail how to make a user a cluster admin so you can remove the default kubeadmin account.

First we will have to log in to the webui using the kubeadmin user to provide cluster-admin level access to the accounts we created before. After you have logged in expand the left hand menu that says User Management followed by clicking Role Bindings and finally Create Binding.

On the next screen we will setup our Role Binding. First we want to specify that this is a Cluster-wide Role Binding by checking the radio button for Binding Type. Next we need to give it a Name; this can be whatever you like. In this example I use new-admin-0. The Role Name we will select is cluster-admin. Finally we will put the username to give cluster-admin access to in the Subject Name box leaving the User radio button selected as seen below.

If all went well we should be able to log out of the webui as kubeadmin and log in as our user we just gave cluster-admin access to. We should have full access to all namespaces/projects like the kubeadmin user did. If so let’s continue on and delete the temporary kubeadmin account.

We can do this by clicking Workloads in the left hand menu followed by Secrets. We want to make sure our Project is set to kube-system else you will not see the kubeadmin secret.

Once you have located the kubeadmin secret you can click the 3 vertical dot menu on the right hand side for that secret and select Delete Secret.

Congrats you have successfully added your HTPasswd users to the cluster-admin role and removed the temporary cluster-admin account kubeadmin!


Leave a Reply