Check your cloud provider documentation for more detailed information.
Choose one of the authentication method sections to follow.
-
Create sample identity file
htpasswd -c -B -b ./non_admin_user.htpasswd <non-admin-user> <password>
-
Create secret from the previously created identity file in your cluster
oc create secret generic <non-admin-user-secret-name> --from-file=htpasswd=./non_admin_user.htpasswd -n openshift-config
-
Add new entry to
spec.identityProvidersfield from OAuth cluster (oc get OAuth cluster)... spec: identityProviders: - name: # non-admin-user-secret-name mappingMethod: claim type: HTPasswd htpasswd: fileData: name: # non-admin-user-secret-name
-
Additional instructions can be found in the following links:
-
Create non admin user namespace
oc create namespace <non-admin-user-namespace>
-
Ensure non admin user have appropriate permissions in its namespace, i.e., non admin user have editor roles for the following objects
nonadminbackups.oadp.openshift.iononadminrestores.nac.oadp.openshift.io
For example
# config/rbac/nonadminbackup_editor_role.yaml - apiGroups: - oadp.openshift.io resources: - nonadminbackups verbs: - create - delete - get - list - patch - update - watch - apiGroups: - oadp.openshift.io resources: - nonadminbackups/status verbs: - get # config/rbac/nonadminrestore_editor_role.yaml - apiGroups: - oadp.openshift.io resources: - nonadminrestores verbs: - create - delete - get - list - patch - update - watch - apiGroups: - oadp.openshift.io resources: - nonadminrestores/status verbs: - get
For example, make non admin user have
adminClusterRole permissions on its namespaceoc create rolebinding <non-admin-user>-namespace-admin --clusterrole=admin --user=<non-admin-user> --namespace=<non-admin-user-namespace>