Chapter 17. Impersonating the system:admin user

Procedure

• To grant a user permission to impersonate

  system:admin

  , run the following command:

  $ oc create clusterrolebinding <any_valid_name> --clusterrole=sudoer --user=<username>

  Tip

  You can alternatively apply the following YAML to grant permission to impersonate

  system:admin

  :

  apiVersion: rbac.authorization.k8s.io/v1
  kind: ClusterRoleBinding
  metadata:
    name: <any_valid_name>
  roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: ClusterRole
    name: sudoer
  subjects:
  - apiGroup: rbac.authorization.k8s.io
    kind: User
    name: <username>

Procedure

• To grant a user permission to impersonate a

  system:admin

  by impersonating the associated cluster administration groups, run the following command:

  $ oc create clusterrolebinding <any_valid_name> --clusterrole=sudoer --as=<user> \
  --as-group=<group1> --as-group=<group2>