Overview | Cluster Administration | OpenShift Dedicated 3

Dedicated cluster administrator Role
Project-level Permissions
Cluster-level Permissions

These Cluster Administration topics cover the day-to-day tasks for managing your OpenShift Dedicated cluster and other advanced configuration topics.

Dedicated cluster administrator Role

As a Dedicated cluster administrator of an OpenShift Dedicated cluster, your account has increased permissions and access to all user-created projects. If you are new to the role, check out the Getting Started topic on Administering an OpenShift Dedicated Cluster for a quick overview.

Some configuration changes or procedures discussed in this guide may be performed only by the OpenShift Dedicated Operations Team. They are included in this guide for informational purposes to help you as an OpenShift Dedicated cluster administrator better understand what configuration options are possible. If you would like to request a change to your cluster that you cannot perform using the administrator CLI, open a support case on the Red Hat Customer Portal.

When your account has the dedicated-cluster-admin authorization role bound to it, you are automatically bound to the dedicated-project-admin for any new projects that are created by users in the cluster.

You can perform actions associated with a set of verbs (e.g., create) to operate on a set of resource names (e.g., templates). To view the details of these roles and their sets of verbs and resources, run the following:

$ oc describe clusterrole/dedicated-cluster-admin
$ oc describe clusterrole/dedicated-project-admin

The verb names do not necessarily all map directly to oc commands, but rather equate more generally to the types of CLI operations you can perform. For example, having the list verb means that you can display a list of all objects of a given resource name (e.g., using oc get), while get means that you can display the details of a specific object if you know its name (e.g., using oc describe).

OpenShift Dedicated administrators can grant users a dedicated-reader role, which provides view-only access at the cluster level, as well as view access for all user projects.

Project-level Permissions

At the project level, an administrator of an OpenShift Dedicated cluster can perform all actions that a project administrator can perform. In addition, the OpenShift Dedicated administrator can set resource quotas and limit ranges for the project.

Cluster-level Permissions

Ability	Description
Manage Users and Groups	Create, update, and delete users and groups within the cluster. Add or remove users to and from groups.
Manage Roles and Bindings	Manage roles and bindings for users and groups within the cluster.
Manage Authorization	Run checks to determine which users or groups can access a certain resource or resource type. Check to see whether a particular user or group can access a certain resource or resource type.
View Certain Cluster-level Resources	View (get/list/watch) certain resources like events, nodes, persistent volumes, and security context constraints.
Create Daemon Sets	Create daemon sets, which ensure that all (or some) nodes run a copy of a pod.

Ability

Description

Manage Users and Groups

Create, update, and delete users and groups within the cluster.
Add or remove users to and from groups.

Manage Roles and Bindings

Manage roles and bindings for users and groups within the cluster.

Manage Authorization

Run checks to determine which users or groups can access a certain resource or resource type.
Check to see whether a particular user or group can access a certain resource or resource type.

View Certain Cluster-level Resources

View (get/list/watch) certain resources like events, nodes, persistent volumes, and security context constraints.

Create Daemon Sets

Create daemon sets, which ensure that all (or some) nodes run a copy of a pod.