Become Cluster Admin

See the Privilege Escalation for a background explanation.

CLI Usage

To elevate privileges to cluster-admin using the oc or kubectl CLI, specify the --as cluster-admin flag:

oc --as cluster-admin get nodes

This will impersonate the stated user for this command.

Usage in tools that use the kubeconfig file

The kubeconfig file has a users section where impersonation can be configured.

The file can be found at $HOME/.kube/config or at the location specified by the KUBECONFIG environment variable.

# Impersonation config for current context
yq -i '.current-context as $cc | (.contexts[] | select(.name == $cc) | .context.user) as $cu | with(.users[] | select(.name == $cu); .user.as = "cluster-admin")' ${KUBECONFIG:-$HOME/.kube/config}
oc whoami

# Use your tool of choice ...

# Stop impersonation
yq -i '.current-context as $cc | (.contexts[] | select(.name == $cc) | .context.user) as $cu | with(.users[] | select(.name == $cu); del(.user.as))' ${KUBECONFIG:-$HOME/.kube/config}
oc whoami

OpenShift Console

To elevate privileges to cluster-admin using the OpenShift web console, use the user impersonation feature: further details . Login to the web console with your regular user . Navigate to "User Management" → "Role Binding" in the sidebar . Search for impersonate-cluster-admin in the rop right search box . From the menu, choose "Impersonate User cluster-admin" . You should now see a blue bar saying "Impersonating User" and the top right user info "cluster-admin"

This holds for the current session only. Once your session is finished (page reload, re-login), the permissions are gone.