People may only want some users to deploy applicaitons in specific project namespace. Here is how I do it without providing too much privileges to the users.
- Go to IBM cloud, Manage -> IAM ->User
Access Policy -> assign Role -> Kubenetes service “Viewer, Reader” role
Save
2. Go to Openshift admin console.
Create new project Test
Open Command line
oc login
oc create role test-edit — verb=get — verb=list — verb=watch — resource=pods -n test
Then, you will have the role
Go to Cluster Console -> Administration -> role
edit the role test-edit yml file (can copy from another edit role.
Save.
go to Command line
oc adm policy add-role-to-user test-edit IAM#user — role-namespace=test -n test
Then the user can login and only have create delete role in namespace Test.