diff --git a/files/communishift/objects/README.md b/files/communishift/objects/README.md new file mode 100644 index 0000000000..18a53cae6b --- /dev/null +++ b/files/communishift/objects/README.md @@ -0,0 +1,7 @@ +Instructions +------------ + +The files in this directory are the configuration files for communishift to be applied. + +For OIDC auth, get the client secret for "communishift" from ansible-private/files/ipsilon/openidc.production.static, and run: +oc create secret generic fedoraidp-clientsecret --from-literal=clientSecret= -n openshift-config diff --git a/files/communishift/mcs/README.md b/files/communishift/objects/machineconfigs/README.md similarity index 100% rename from files/communishift/mcs/README.md rename to files/communishift/objects/machineconfigs/README.md diff --git a/files/communishift/mcs/firewall.sh b/files/communishift/objects/machineconfigs/firewall.sh similarity index 100% rename from files/communishift/mcs/firewall.sh rename to files/communishift/objects/machineconfigs/firewall.sh diff --git a/files/communishift/mcs/mc_chrony.yml.template b/files/communishift/objects/machineconfigs/mc_chrony.yml.template similarity index 100% rename from files/communishift/mcs/mc_chrony.yml.template rename to files/communishift/objects/machineconfigs/mc_chrony.yml.template diff --git a/files/communishift/mcs/mc_firewall.yml.template b/files/communishift/objects/machineconfigs/mc_firewall.yml.template similarity index 100% rename from files/communishift/mcs/mc_firewall.yml.template rename to files/communishift/objects/machineconfigs/mc_firewall.yml.template diff --git a/files/communishift/mcs/to_data.sh b/files/communishift/objects/machineconfigs/to_data.sh similarity index 100% rename from files/communishift/mcs/to_data.sh rename to files/communishift/objects/machineconfigs/to_data.sh diff --git a/files/communishift/objects/oidc_cm.yml b/files/communishift/objects/oidc_cm.yml new file mode 100644 index 0000000000..b22a2dd35d --- /dev/null +++ b/files/communishift/objects/oidc_cm.yml @@ -0,0 +1,26 @@ +apiVersion: config.openshift.io/v1 +kind: OAuth +metadata: + name: cluster +spec: + identityProviders: + - name: fedoraidp + login: true + challenge: false + mappingMethod: claim + type: OpenID + openID: + clientID: communishift + clientSecret: + name: fedoraidp-clientsecret + extraScopes: + - email + - profile + claims: + preferredUsername: + - nickname + name: + - name + email: + - email + issuer: https://id.fedoraproject.org