A fresh OKD installation only provides the ``kubeadmin`` user. To allow local users to log in and deploy pods, configure an HTPasswd identity provider.
docker run --rm \ -v $(pwd):/work \ docker.io/httpd:2 \ htpasswd -cbB /work/users.htpasswd user1 MyPassword123 docker run --rm \ -v $(pwd):/work \ docker.io/httpd:2 \ htpasswd -bB /work/users.htpasswd user2 MyPassword123 docker run --rm \ -v $(pwd):/work \ docker.io/httpd:2 \ htpasswd -bB /work/users.htpasswd user3 MyPassword123
oc create secret generic htpasswd-secret \ --from-file=htpasswd=users.htpasswd \ -n openshift-config
Edit the OAuth configuration:
oc edit oauth cluster
Add:
spec: identityProviders: - name: local-users mappingMethod: claim type: HTPasswd htpasswd: fileData: name: htpasswd-secret
Wait for the OAuth operator to restart.
Log out of the Web Console and log in with:
Allow user to create their own Projects:
oc adm policy add-cluster-role-to-user self-provisioner myuser
Or give admin access to a specific namespace:
oc adm policy add-role-to-user admin myuser -n mynamespace
The user can now create and run pods.
Grant access to others to existing project:
oc adm policy add-role-to-user admin user1 -n project1 oc adm policy add-role-to-user admin user2 -n project1 oc adm policy add-role-to-user admin user3 -n project1