0

I tried openshift redhat k8s distro and now there are 2 projects that i need to delete. I can only login as user 'erjcan', this is my primary acc and it seems not to be allowed to do admin actions.

The 'delete button' is inactive in gui console, i tried to create a role for myself but can't. I tried to create admin-like role and assume it as a user, but it is not allowed either.

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: all-stuff
  namespace: erjcan-stage
rules:
  - apiGroups:
      - ''
    resources:
      - '*'
    verbs:
      - '*'

This code above gives me RBAC not allowed error:

An error occurred
roles.rbac.authorization.k8s.io "all-stuff" is forbidden: user "erjcan" 
(groups=["system:authenticated:oauth" "system:authenticated"]) is 
attempting to grant RBAC permissions 
not currently held: {APIGroups:[""], Resources:["*"], 
Verbs:["*"]}

kk

I tried to delete via cli, but i can only login as erjcan user.

Logged into "https://api.sandbox-m2.ll9k.p1.openshiftapps.com:6443" as "erjcan" using the token provided.

You have access to the following projects and can switch between them with 'oc project <projectname>':

    erjcan-dev
  * erjcan-stage

Using project "erjcan-stage".
bash-4.4 ~ $ 
bash-4.4 ~ $ oc delete project erjan-dev
Error from server (Forbidden): projects.project.openshift.io "erjan-dev" is forbidden: User "erjcan" cannot delete resource "projects" in API group "project.openshift.io" in the namespace "erjan-dev"
bash-4.4 ~ $ oc delete project erjcan-dev
Error from server (Forbidden): projects.project.openshift.io "erjcan-dev" is forbidden: User "erjcan" cannot delete resource "projects" in API group "project.openshift.io" in the namespace "erjcan-dev"

How to delete a project in redhat openshift gui console?

ERJAN
  • 23,696
  • 23
  • 72
  • 146
  • did you try to login with the kubeadm or service account token of cluster-admin ? – Sam Jun 15 '22 at 15:37
  • @Sam, there is only button "login with dev to sandbox" , here is the screenshot https://i.postimg.cc/vZYm8CnF/Screenshot-110.png – ERJAN Jun 15 '22 at 20:08
  • @Sam, i m not sure how to login with kubeadm, openshift already has limited toolset. i first go to the website https://console.redhat.com/openshift/sandbox , then use my email to sign in – ERJAN Jun 15 '22 at 20:10

1 Answers1

1

You appear to be talking about using Red Hat's developer sandbox. Which, indeed, does not allow you to delete projects. There's no way around that: RBAC is specifically set up to not allow you to create or delete projects.

You don't say why you need to delete the projects. They will go away eventually do to inactivity. But, if you just want a clean slate, or just need to remove what you have inside that project you do have permission to delete everything in the project (just not the project itself).

oc delete all --all will remove everything inside the current project. Obviously use that command with strict care: there is no confirmation or warning. (BTW, the first "all" is saying all types of objects: pods/deployments/routes/etc, the second --all is saying "yes, I'm deliberately not providing a filter or any other subset, I really mean delete all of the objects I'm specifying".

Similarly, the following two commands should clean up both of your projects. (Although they will still exist.)

oc delete all --all -n erjcan-stage

oc delete all --all -n erjcan-dev

David Ogren
  • 4,396
  • 1
  • 19
  • 29