RedHat OpenShift
Users
User types
- Regular users: Regular users are normal users such as developers and cluster administrators. They interact with the OpenShift environment through their user accounts and have specific permissions based on their roles (e.g., developer, admin).
- System users: These are internal system accounts created on each node, typically prefixed with
system:
(e.g.,system:admin
,system:master
). These accounts are used by OpenShift for essential system-level tasks and operations. - Service users: Service accounts are created to allow communication between services. They are prefixed with
system:serviceaccount:
and are used to enable secure interactions between components (e.g.,system:serviceaccount:myproject:myservice
).
Oauth Server
Modes
- Allow all: In this mode, any user can log in with any password, and the password will not be validated. If a user does not already exist, OpenShift will automatically create the user account upon login. This is useful for development or testing environments but not secure for production.
- Deny all: This mode denies all login attempts by default. User accounts must be created and activated by an administrator before they can be used. This is a more secure setup for production environments.
The configuration for these settings is managed in the /etc/openshift/master/master-config.yaml
file.