Disable project self-provisioning on OpenShift 4
This guide describes how to remove permission for users to self-provision projects on OpenShift 4 clusters. It’s based on this OpenShift documentation.
Procedure
To disable self-provisioning, patch the self-provisioners
CRB with the following Patch
(for example via adhoc-configurations):
kind: Patch
metadata:
name: self-provisioning
spec:
patches:
self-provisioning-patch:
patchTemplate: '[{"op": "replace", "path": "/subjects", "value": null}]'
patchType: application/json-patch+json
targetObjectRef:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
name: self-provisioners
Roll out this patch and verify it applies. This disables self-provisioning for general authenticated users.