Lab 5.7 - Controlling Application Permissions with Security Context Constraints (SCC)

1. Login to as a developer user.

oc login -u developer -p rahasia https://api.openshift.podX.io:6443

2. Create a new project

oc new-project authorization-scc

3. Deploy a gitlab/gitlab-ce:8.4.3-ce.0 application and verify that it fails

oc new-app --name gitlab gitlab/gitlab-ce:8.4.3-ce.0
oc get pods

4. Getting pod log

oc logs pod/gitlab-7cb75c6546-6bmhd | tail -n 40

5. Create a service account

oc create sa gitlab-sa

6. Log in as the admin user.

oc login -u admin -p rahasia https://api.openshift.podX.io:6443

7. Assign the anyuid SCC to the gitlab-sa service account.

oc adm policy add-scc-to-user anyuid -z gitlab-sa

8. Log in as the developer user

oc login -u developer -p rahasia https://api.openshift.podX.io:6443

9. Assign the gitlab-sa service account to the gitlab deployment.

oc set serviceaccount deployment gitlab gitlab-sa

10. Verify that the gitlab redeployment was successful.

oc get pods
oc logs pod/gitlab-5c8f8fb8-cc85n | tail -n 20

Daftar Materi