8.6. 撤销 Red Hat OpenShift Service on AWS 集群的中断图形凭证
您可以使用 revoke break-glass-credentials
命令撤销对您随时置备的任何中断镜凭据的访问。
先决条件
- 您已创建了一个断镜凭证。
- 您是集群所有者。
流程
运行以下命令,撤销 Red Hat OpenShift Service on AWS 集群的 breakfish 凭据。
重要运行此命令可撤销与集群相关的所有分组凭据的访问权限。
rosa revoke break-glass-credentials -c <cluster_name>
$ rosa revoke break-glass-credentials -c <cluster_name>
1 Copy to Clipboard Copied! Toggle word wrap Toggle overflow - 1
- 将 <cluster_name> 替换为集群的名称。
输出示例
? Are you sure you want to revoke all the break glass credentials on cluster 'my-cluster'?: Yes I: Successfully requested revocation for all break glass credentials from cluster 'my-cluster'
? Are you sure you want to revoke all the break glass credentials on cluster 'my-cluster'?: Yes I: Successfully requested revocation for all break glass credentials from cluster 'my-cluster'
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
验证
吊销过程可能需要几分钟。您可以运行以下命令来验证集群的 breakfish 凭证是否已撤销:
列出所有 breakfish 凭证并检查每个问题的状态:
rosa list break-glass-credential -c <cluster_name>
$ rosa list break-glass-credential -c <cluster_name>
Copy to Clipboard Copied! Toggle word wrap Toggle overflow 输出示例
ID USERNAME STATUS 2330dbs0n8m3chkkr25gkkcd8pnj3lk2 test-user awaiting_revocation
ID USERNAME STATUS 2330dbs0n8m3chkkr25gkkcd8pnj3lk2 test-user awaiting_revocation
Copy to Clipboard Copied! Toggle word wrap Toggle overflow 您还可以通过检查单个凭证来验证状态:
rosa describe break-glass-credential <break_glass_credential_id> -c <cluster_name>
$ rosa describe break-glass-credential <break_glass_credential_id> -c <cluster_name>
Copy to Clipboard Copied! Toggle word wrap Toggle overflow 输出示例
ID: 2330dbs0n8m3chkkr25gkkcd8pnj3lk2 Username: test-user Expire at: Dec 28 2026 10:23:05 EDT Status: issued Revoked at: Dec 27 2026 15:30:33 EDT
ID: 2330dbs0n8m3chkkr25gkkcd8pnj3lk2 Username: test-user Expire at: Dec 28 2026 10:23:05 EDT Status: issued Revoked at: Dec 27 2026 15:30:33 EDT
Copy to Clipboard Copied! Toggle word wrap Toggle overflow