These Cluster Administration topics cover the day-to-day tasks for managing your Azure Red Hat OpenShift cluster and other advanced configuration topics.

Customer cluster administrator Role

As a Customer cluster administrator of an Azure Red Hat OpenShift cluster, your account has increased permissions and access to all user-created projects. If you are new to the role, check out the Getting Started topic on Administering an Azure Red Hat OpenShift Cluster for a quick overview.

Some configuration changes or procedures discussed in this guide may be performed only by the Azure Red Hat OpenShift Operations Team. They are included in this guide for informational purposes to help you as an Azure Red Hat OpenShift cluster administrator better understand what configuration options are possible. If you would like to request a change to your cluster that you cannot perform using the administrator CLI, open a support case on the Red Hat Customer Portal.

When your account has the customer-admin-cluster authorization role bound to it, you are automatically bound to the customer-admin-project for any new projects that are created by users in the cluster.

You can perform actions associated with a set of verbs (e.g., create) to operate on a set of resource names (e.g., templates). To view the details of these roles and their sets of verbs and resources, run the following:

$ oc describe clusterrole/customer-admin-cluster
$ oc describe clusterrole/customer-admin-project

The verb names do not necessarily all map directly to oc commands, but rather equate more generally to the types of CLI operations you can perform. For example, having the list verb means that you can display a list of all objects of a given resource name (e.g., using oc get), while get means that you can display the details of a specific object if you know its name (e.g., using oc describe).

Project-level Permissions

At the project level, an administrator of an Azure Red Hat OpenShift cluster can perform all actions that a project administrator can perform. In addition, the Azure Red Hat OpenShift administrator can set resource quotas and limit ranges for the project.

Cluster-level Permissions

Ability Description

Manage Users and Groups

  • Create, update, and delete users and groups within the cluster.

  • Add or remove users to and from groups.

Manage Roles and Bindings

Manage roles and bindings for users and groups within the cluster.

Manage Authorization

  • Run checks to determine which users or groups can access a certain resource or resource type.

  • Check to see whether a particular user or group can access a certain resource or resource type.

View Certain Cluster-level Resources

View (get/list/watch) certain resources like events, nodes, persistent volumes, and security context constraints.

Create Daemon Sets

Create daemon sets, which ensure that all (or some) nodes run a copy of a pod.