OpenShift system administrator system:admin login error handling

Enterprise 2023-09-09 18:08:00 views: null

Cause of the problem : When initially using the openshift cluster, it is inevitable to use the system administrator to operate

Problem status : When logging in using system:admin, an error occurserror: username system:admin is invalid for basic auth

as follows:

[root@cpe-172-250-210-30 openshift-server-v3.11.0]# oc login -u system:admin
Authentication required for https://172.250.210.30:8443 (openshift)
Username: system:admin
Password:
error: username system:admin is invalid for basic auth

Cause of the problem : This is because system:adminthe system administrator logs in with 密钥证书the username and cannot identify the certificate location, so he cannot log in.

Solution : At this time, you only need to manually configure the environment variables of the certificate and tell the cluster administrator where the key is.

$ export KUBECONFIG=/opt/openshift.local.clusterup/openshift-apiserver/admin.kubeconfig

Find the admin.kubeconfig file according to the openshift environment you installed. It is usually in the installation directory (you can use this to find it in the system: find / -name admin.kubeconfig). This is an environment variable
temporarily used in the current session. Reconnect via ssh to a new session and it will disappear.

You can also add configuration directly in /etc/profile

$ vim /etc/profile
KUBECONFIG=/opt/openshift.local.clusterup/openshift-apiserver/admin.kubeconfig
$ source /etc/profile

After configuring the environment variables of the key, you can log in normally.

If necessary, after system:admin can log in, grant administrator rights to an ordinary user. You can log in with either a key or a password.

赋予普通用户管理员权限(命令最后的admin是要配置的用户)
oc adm policy add-cluster-role-to-user cluster-admin admin

[root@cpe-172-250-210-30 ~]# oc adm policy add-cluster-role-to-user cluster-admin admin
[root@cpe-172-250-210-30 ~]# oc login -u admin -p admin
Login successful.
You have access to the following projects and can switch between them with 'oc project <projectname>':

  * default
    kube-dns
    kube-proxy
    kube-public
    kube-system
    myproject
    openshift
    openshift-apiserver
    openshift-controller-manager
    openshift-core-operators
    openshift-infra
    openshift-node
    openshift-service-cert-signer
    openshift-web-console
    test

Using project "default".

End……

Guess you like

Origin blog.csdn.net/weixin_43860781/article/details/109390897
Recommended
Rushing to the GitHub hot list——How can open source programming languages and frameworks be so cute?
Beijing Humanoid Robot Innovation Center launches Tiangong, the world's first full-size humanoid robot with purely electric drive for anthropomorphic running
Ranking
8个无需编写代码即可使用 Python 内置库的方法
Java collections interview knowledge Lite
Machine learning algorithms foundation - Introduction a (watermelon materials for the book)
(Easy) Ransom Note - LeetCode
[Five days] Qt from entry to actual combat: the second day
Remember once extremely pit father can not download Maven Jar package of issues: IDEA question
The minimum cost Shortest
OSPF study map (the most complete version)
Network Takeaways
GnuPG
Daily
More
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)
2024-04-18(0)

Code World

© 2018 codetd.com