These Cluster Administration topics cover the day-to-day tasks for managing your Azure Red Hat OpenShift cluster and other advanced configuration topics.

Dedicated Administrator Role

As a dedicated administrator of an Azure Red Hat OpenShift cluster, your account has increased permissions and access to all user-created projects. If you are new to the role, check out the Getting Started topic on Administering an Azure Red Hat OpenShift Cluster for a quick overview.

Some configuration changes or procedures discussed in this guide may be performed only by the Azure Red Hat OpenShift Operations Team. They are included in this guide for informational purposes to help you as an Azure Red Hat OpenShift cluster administrator better understand what configuration options are possible. If you would like to request a change to your cluster that you cannot perform using the administrator CLI, open a support case on the Red Hat Customer Portal.

When your account has the dedicated-cluster-admin authorization role bound to it, you are automatically bound to the dedicated-project-admin for any new projects that are created by users in the cluster.

You can perform actions associated with a set of verbs (e.g., create) to operate on a set of resource names (e.g., templates). To view the details of these roles and their sets of verbs and resources, run the following:

$ oc describe clusterrole/dedicated-cluster-admin
$ oc describe clusterrole/dedicated-project-admin

The verb names do not necessarily all map directly to oc commands, but rather equate more generally to the types of CLI operations you can perform. For example, having the list verb means that you can display a list of all objects of a given resource name (e.g., using oc get), while get means that you can display the details of a specific object if you know its name (e.g., using oc describe).

Azure Red Hat OpenShift administrators can grant users a dedicated-reader role, which provides view-only access at the cluster level, as well as view access for all user projects.

Project-level Permissions

At the project level, an administrator of an Azure Red Hat OpenShift cluster can perform all actions that a project administrator can perform. In addition, the Azure Red Hat OpenShift administrator can set resource quotas and limit ranges for the project.

Cluster-level Permissions

View (get/list/watch) certain resources such as events, nodes, persistent volumes, and security context constraints.