Become Cluster Admin

See the Privilege Escalation for a background explanation.

CLI Usage

To elevate privileges to cluster-admin using the oc or kubectl CLI, specify the --as=system:admin flag:

oc --as=system:admin get nodes

This will impersonate the stated user for this command.

Usage in tools that use the kubeconfig file

The kubeconfig file has a users section where impersonation can be configured.

The file can be found at $HOME/.kube/config or at the location specified by the KUBECONFIG environment variable.

# Impersonation config for current context
yq -i '.current-context as $cc | (.contexts[] | select(.name == $cc) | .context.user) as $cu | with(.users[] | select(.name == $cu); .user.as = "system:admin")' ${KUBECONFIG:-$HOME/.kube/config}
oc whoami

# Use your tool of choice ...

# Stop impersonation
yq -i '.current-context as $cc | (.contexts[] | select(.name == $cc) | .context.user) as $cu | with(.users[] | select(.name == $cu); del(.user.as))' ${KUBECONFIG:-$HOME/.kube/config}
oc whoami

This holds for the current session only. Once your session is finished (page reload, re-login), the permissions are gone.