OpenShift permission issues to expose registry

Question

I am trying to expose the docker-registry using the below command:

# oc expose service docker-registry --hostname=<hostname> -n default

Source: https://docs.openshift.com/container-platform/3.3/install_config/registry/securing_and_exposing_registry.html#access-insecure-registry-by-exposing-route

However, I get permission issues with "forbidden" messages in the output for the current user I login with. The user has "admin" rights. I am new to OpenShift and still learning. Can someone point me in the right direction for how to expose registry service using the above command? It looks like I might need "cluster-admin" access permission in order to perform this operation but not sure how to change or add role to the current user.

Answer 1

Your admin role is for what project ? Basically, admin role is granted permission for one project. As you mentioned above, you need to cluster-admin cluster role in order to create route using oc expose service in default project. Or you are required admin role of default project. Each command is as follows for granting each role.

You also are required cluster-admin role to run the following both commands.

// for instance, the following command is granting cluster-admin role to admin.
$ oc adm policy add-cluster-role-to-user cluster-admin admin

// following command is granting admin of default project role to admin.
$ oc adm policy add-role-to-user admin admin -n default

If you can login as system:admin after access master host via ssh as root, you can get cluster-admin role.

# oc login -u system:admin --config /etc/origin/master/admin.kubeconfig

I hope it help you.