Kubernetes Open Shift built‐in roles - unix1998/technical_notes GitHub Wiki

In OpenShift and Kubernetes, default roles and users within a cluster or namespace are predefined to facilitate standard operations and ensure security. Here are the typical roles and users:

Kubernetes

In Kubernetes, the default roles and users include:

1. Roles:

   • cluster-admin: Full control over the cluster.
   • admin: Full control within a namespace.
   • edit: Edit resources in a namespace.
   • view: View resources in a namespace.

2. Service Accounts:

   • default: Automatically created in every namespace and used by pods if no other service account is specified.

OpenShift

In OpenShift, in addition to the standard Kubernetes roles and users, there are some specific default roles and users:

1. Roles:

   • cluster-admin: Full control over the cluster.
   • admin: Full control within a project/namespace.
   • edit: Edit resources in a project/namespace.
   • view: View resources in a project/namespace.
   • system:deployer: Allows deployment-related actions.
   • system:image-builder: Allows image-building actions.
   • system:image-puller: Allows pulling images from the image registry.

2. Service Accounts:

   • default: Automatically created in every namespace and used by pods if no other service account is specified.
   • deployer: Used by OpenShift to run deployment configurations.
   • builder: Used by OpenShift to run builds.
   • registry: Used by the internal OpenShift image registry.

These roles and service accounts help manage permissions and actions within the cluster or namespace, ensuring that users and components have the appropriate access levels to perform their tasks.