Skip to content

Instantly share code, notes, and snippets.

@arashkaffamanesh
Last active July 19, 2019 10:11
Show Gist options
  • Save arashkaffamanesh/71ef032befcaae88822864561cde579f to your computer and use it in GitHub Desktop.
Save arashkaffamanesh/71ef032befcaae88822864561cde579f to your computer and use it in GitHub Desktop.
Q: Is it possible to create a custom role, where a non-admin user which has only view rights to run “oc rsh” command to only a certain pod or in a project to all pods?
A: you can define a custom role which allows only rsh permission (pods/exec):
create a yaml file like this: my-custom-role.yaml
```
apiVersion: authorization.openshift.io/v1
kind: ClusterRole
metadata:
name: rsh-pod
rules:
- apiGroups:
- ""
attributeRestrictions: null
resources:
- pods/exec
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
```
oc create -f my-custom-role.yaml
oc adm policy add-role-to-user rsh-pod <username> -n <namespace>
Or:
oc create role rsh-only --verb=create,get,list,watch --resource=pod/exec -n dev
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment