To prevent access to a particular build strategy globally, log in as a user with
privileges, remove the corresponding role from the system:authenticated group, and apply the annotation
openshift.io/reconcile-protect: "true" to protect them from changes between the API restarts. The following example shows disabling the docker build strategy.
$ oc edit clusterrolebinding system:build-strategy-docker-binding
openshift.io/reconcile-protect: "true" (1)
- kind: SystemGroup
openshift.io/reconcile-protect annotation’s value to
"true". By default, it is set to
Remove the role:
$ oc adm policy remove-cluster-role-from-group system:build-strategy-docker system:authenticated
In versions prior to 1.2, the build strategy subresources were included in the
Ensure the build strategy subresources are also removed from these roles:
$ oc edit clusterrole admin
$ oc edit clusterrole edit
For each role, remove the line that corresponds to the resource of the strategy to disable.
Disable the Docker Build Strategy for admin
- builds/docker (1)
||Delete this line to disable Docker builds globally for users with the admin role.