User Configuration OpenShift
This configuration is done in the RedHat OpenShift cluster. It enables the users to use the integrated capabilities that are provided by the OpenShift console without restrictions.
Use Cases and permissions
- Show Pipelines and Pipeline Runs
- Show Topology, Pods and Logs
Show Pipelines and Pipeline Runs
Within the Solution Designer, the user is provided with some links to directly access the shown artifact in the OpenShift web console. These links will only work, if the user can log in to the OpenShift web console and has the necessary permissions on the OpenShift cluster. To show pipelines and the pipelinerRuns including the logs, it is required that a user has the following permission set:
rules:
- verbs:
- get
- list
- watch
apiGroups:
- tekton.dev
resources:
- tasks
- taskruns
- pipelines
- pipelineruns
- pipelineresources
- conditions
The permissions only need to be granted to users in those projects, that are stuffed with a k5project and where solutions will get deployed.
Show Topology, Pods and Logs
In order to view the application composition using the Topology view, a user needs at least the following permission set:
rules:
- verbs:
- get
- list
- watch
apiGroups:
- ''
resources:
- pods
- pods/log
- pods/status
- replicationcontrollers
- services
- verbs:
- get
- list
- watch
apiGroups:
- apps.openshift.io
resources:
- deploymentconfigs
- verbs:
- get
- list
- watch
apiGroups:
- apps
resources:
- deployments
- daemonsets
- replicasets
- statefulsets
- verbs:
- get
- list
- watch
apiGroups:
- route.openshift.io
resources:
- routes
- verbs:
- get
- list
- watch
apiGroups:
- build.openshift.io
resources:
- buildconfigs
- builds
The permissions only need to be granted to users in those projects, that are stuffed with a k5project and where solutions will get deployed.
Example Configuration / Recommendation
Instead of defining extra roles for topology view and/or pipeline artifacts, one can
also use the predefined cluster-role view
.
oc adm policy add-user-to-role view username