Changing the cluster administrator access credentials

You can update the cluster administrator username and password.

Required user type or access level: Cluster administrator

Changing the cluster administrator username

Run the following commands to change the cluster administrator username. For more information about installing cloudctl, see Installing cloudctl.

1. Run the cloudctl login command from any node that has access to your cluster.

2. Use cloudctl to change your username and to restart deployments. For example:

   cloudctl pm update-secret kube-system platform-auth-idp-credentials -d admin_username=<username>
   

   For more information, see cloudctl pm commands (pm).

3. Install kubectl. For more information, see Installing the Kubernetes CLI (kubectl).

4. Update the clusterrolebinding role-based access control (RBAC) object with the new username.

   kubectl edit clusterrolebinding oidc-admin-binding
   

   Following is a sample clusterrolebinding RBAC object:

   Please edit the following object. Lines beginning with a '#' will be ignored,
   # and an empty file will abort the edit. If an error occurs while saving this file will be
   # reopened with the relevant failures.
   #
   apiVersion: rbac.authorization.k8s.io/v1
   kind: ClusterRoleBinding
   metadata:
    creationTimestamp: 2019-02-04T18:44:34Z
    name: oidc-admin-binding
    resourceVersion: "3162"
    selfLink: /apis/rbac.authorization.k8s.io/v1/clusterrolebindings/oidc-admin-binding      
    uid: eab9c9c9-28ac-11e9-aca2-0050569a1e29
   roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: ClusterRole
    name: cluster-admin
   subjects:
   - apiGroup: rbac.authorization.k8s.io
    kind: User
    name: https://mycluster.icp:8443/oidc/endpoint/OP#admin        <===========
   - apiGroup: rbac.authorization.k8s.io
    kind: User
    name: admin                                                    <===========
   

5. Replace the admin name in https://mycluster.icp:8443/oidc/endpoint/OP#admin with the new name: change OP#admin to OP#<new admin user name>.

6. Replace the admin name in name: admin with the new name: change name: admin to name: <new admin user name>.

7. Save the file.

Note: If you need to use the installer for any task such as enabling services, reinstallation, or for loading archives, you must update the default_admin_user in the config.yaml file.

1. Open the /<installation_directory>/cluster/config.yaml file.
2. Add default_admin_user: <updated-user-name>.
3. Save and exit the file.

Changing the cluster administrator password

Run the following cloudctl command to change the cluster administrator password. For more information about installing cloudctl, see Installing cloudctl.

cloudctl pm update-secret kube-system platform-auth-idp-credentials -d admin_password=<password>

If you want to change the password rules, you can run the following command:

cloudctl pm password-rule-set <namespace> <rule_name> <rule_regex> <rule_desc>

Note: If you need to use the installer for any task such as enabling services, reinstallation, or for loading archives, you must update the default_admin_password in the config.yaml file.

1. Open the /<installation_directory>/cluster/config.yaml file.
2. Update the default_admin_password.
3. Save and exit the file.