I want to restrict the read & write access of secrets only to the users with ADMIN roles in openshift. If a user is a normal user, he can access everything except the secrets(he can't reveal the secrets and edit also). Is there any way to do that? Thank You!
Is there a way to give read & write access of secrets only to ADMIN user in openshift?
1.1k views Asked by Sukanya Mallick At
1
There are 1 answers
Related Questions in OPENSHIFT
- Openshift nginx proxy_pass not redirecting from current host to another
- Choosing OpenShift Over DIY Kubernetes on Bare Metal: Benefits and Storage Management
- Tekton, npm ci, and "npm ERR! EMFILE: too many open files, open '/root/.npm/_cacache/"
- How to setup security on elasticsearch based on redhat image in openshift
- Why does openshift ingress not allow router annotations?
- How to use Prometheus to gather custom metrics from multiple pods in Openshift
- UML representation of containerized services
- Verify encryption of rest secrets [etcd] in Openshift v4
- The [dot_product] similarity can only be used with unit-length vectors error when running container as non root
- Using OpenShift template to conditionally include/exclude certain resources during apply
- Permission denied When deploy Splash in OpenShift
- Pulumi and Golang to apply a subscription manifest onto a OpenShift Cluster
- Can't login on deployed APS app, problem with authenticating
- How do I configure multi-tenant Kafka-backed Knative channels in an Openshift?
- Linux (RHEL): How can I trigger that a process tries to reorganize its memory at a specific memory limit?
Related Questions in OPENSHIFT-3
- Multiple restarts the container on OpenShift
- OPENSHIFT upgrade 3.11 -> 4.10 - external Oracle DB could not establish connection (timing out)
- oc / kubernetes: deployment returns "unrecognized type: string" while adding environment variables
- OpenShift conditional Image pull
- Strange Kafka Lag Issue
- Kubernete / Openshift: Config map contains keys that are not valid environment variable names / xxx.yml is not a valid variable
- Openshift 3.11: controller-manager crashloopbackoff - unable to retrieve the complete list of server APIs: servicecatalog.k8s.io/v1beta
- Execute command on each node
- Using the OpenShift API is there a way to get deployments in a project
- Why openshift creates two secrets when I create a serviceaccount
- start pod with root privilege on OpenShift
- A new and (almost) effective way to update routes and allow external access
- How to get Kubernetes Version as integer from API
- IBM MQ doesn't run as mqm on Openshift 4
- K8s/Openshift - does the replication controller care about exit status of pod/containers?
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
You could try to create your own roles to apply to everyone who is not an admin or just edit the non-admin roles removing access to secrets.
Here the guide to make your own role.
For example your role can already be like:
and you could remove the secrets line under resources:
For example: