Chapter 9. Authentication and resource access
This chapter covers
- Adding permissions to users by assigning roles
- Managing project resource limits and quotas
- Setting default limits and quotas for projects
- Examining how Linux enforces limits and quotas
Before we get started, let’s face it: this isn’t the most interesting chapter in the book. Setting up authentication sources and configuring project quotas for your applications aren’t topics that will show up on the first slide of anyone’s presentation. They’re essential for an application platform to function correctly, however, so strap in, and let’s dive into the deep, dark reaches of OpenShift.
Application platforms like OpenShift aren’t effective for multiple users without robust access and permissions management for various applications and OpenShift components. If every user had full access to all of your OpenShift cluster’s resources, it would truly be the Wild West. Conversely, if it was difficult to access resources, OpenShift wouldn’t be good for much, either. OpenShift has a robust authentication and access-control system that provides a good balance of self-service workflows to keep productivity up while limiting users to only what they need to get their job done.
When you first deployed OpenShift, the default configuration allowed any username and non-empty password field to log in. This authentication method uses the allow-all identity provider that comes with OpenShift.