Blame docs/operations/ci/adding_admin_users.md

47c289
# Adding users to the cluster admin group
47c289
To add cluster admin privileges to a particular user do the following.
47c289
47c289
When authenticating to the Openshift cluster via ACO, it will automatically create a User object within Openshift. eg:
47c289
47c289
```
47c289
kind: User
47c289
apiVersion: user.openshift.io/v1
47c289
metadata:
47c289
  name: email@address.com
47c289
...
47c289
```
47c289
47c289
Created a Group ocp-ci-admins, and added the following users. Each "user" corresponds with the metadata, name for the corresponding User object.
47c289
47c289
```
47c289
kind: Group
47c289
apiVersion: user.openshift.io/v1
47c289
metadata:
47c289
  name: ocp-ci-admins
47c289
  selfLink: /apis/user.openshift.io/v1/groups/ocp-ci-admins
47c289
  uid: 24a5ad4d-7ee0-4e30-8f92-4b398ba5d389
47c289
  resourceVersion: '6800501'
47c289
  creationTimestamp: '2020-05-27T16:03:26Z'
47c289
users:
47c289
  - email@address.com
47c289
```
47c289
47c289
Added a ClusterRoleBinding, to bind our Group ocp-ci-admins to the ClusterRole cluster-admin
47c289
47c289
```
47c289
kind: ClusterRoleBinding
47c289
apiVersion: rbac.authorization.k8s.io/v1
47c289
metadata:
47c289
  name: ocp-ci-cluster-admins
47c289
  selfLink: /apis/rbac.authorization.k8s.io/v1/clusterrolebindings/ocp-ci-cluster-admins
47c289
  uid: 7979a53b-6597-4ec7-9d6c-53b5ab8004c7
47c289
  resourceVersion: '6799178'
47c289
  creationTimestamp: '2020-05-27T16:03:58Z'
47c289
subjects:
47c289
  - kind: Group
47c289
    apiGroup: rbac.authorization.k8s.io
47c289
    name: ocp-ci-admins
47c289
roleRef:
47c289
  apiGroup: rbac.authorization.k8s.io
47c289
  kind: ClusterRole
47c289
  name: cluster-admin
47c289
```
47c289