Can't login to OpenShift Origin with administrator (system:admin)

3
votes

I installed OpenShift origin (openshift-origin-client-tools-v3.11.0-0cbc58b-linux-64bit) and when I tried to login with oc login it asks for username and password.
If I type any username like bob and then any password like 123 it login successfully but without permissions. 

[root@ip-10-0-0-12 centos]# oc get pods
No resources found.
Error from server (Forbidden): pods is forbidden: User "bob" cannot list pods in the namespace "default": no RBAC policy matched

So I tried to login as the admin system:admin but it asks for password and I don't have the password, I have two certificates of two system:admin users in the /root/.kube/config file: 

-name: system:admin/10-0-0-12:8443  
 ...
-name: system:admin/127-0-0-1:8443

How can I login as the admin of the cluster ?

1
openshiftopenshift-origin

1 Answers

4
votes

I solved it.

tl;dr I copied the original config file to the /root/.kube/config, add it to the environment variables and upload the cluster: 

cp /home/centos/openshift.local.clusterup/openshift-apiserver/admin.kubeconfig /root/.kube/config
export KUBECONFIG=/root/.kube/config
oc cluster up

Everything works fine now.

Details

system:admin credentials live in a client certificate. If you get prompted for a password, that means your $KUBECONFIG file does not contain those credentials. Try to login with "system:admin" user using both, the default kube config and the config from /etc/origin/master.

/# oc login -u system:admin --config=/etc/origin/master/admin.kubeconfig
/# oc login -u system:admin --config=/root/.kube/config If login using /etc/origin/master/admin.kubeconfig is done successfully just simply copy this file to /home/user/.kube/config (kube-config file inside the linux users home directory)

The system admin ~/.kube/config file that is originally generated after installing OpenShift 3.x+ is directly copied from the admin.kubeconfig.

To restore the ~/.kube/config file so that a administrator can log in as system:admin just copy the admin.kubeconfig file.

cp /etc/origin/master/admin.kubeconfig ~/.kube/config.

After that try login again without providing any config file in oc login command.