ocp4 sops moved into sysadmin_guide
Signed-off-by: David Kirwan <davidkirwanirl@gmail.com>
This commit is contained in:
parent
1d17fd8610
commit
c0d6947dba
35 changed files with 1 additions and 1 deletions
48
modules/sysadmin_guide/pages/sop_configure_oauth_ipa.adoc
Normal file
48
modules/sysadmin_guide/pages/sop_configure_oauth_ipa.adoc
Normal file
|
|
@ -0,0 +1,48 @@
|
|||
= SOP Configure oauth Authentication via IPA/Noggin
|
||||
|
||||
|
||||
== Resources
|
||||
|
||||
- [1] https://pagure.io/fedora-infra/ansible/blob/main/f/files/communishift/objects[Example Config from Communishift]
|
||||
|
||||
|
||||
== OIDC Setup
|
||||
The first step is to request that a secret be created for this environment, please open a ticket with Fedora Infra. Once the secret has been made available we can add it to an Openshift Secret in the cluster like so:
|
||||
|
||||
----
|
||||
oc create secret generic fedoraidp-clientsecret --from-literal=clientSecret=<client-secret> -n openshift-config
|
||||
----
|
||||
|
||||
Next we can update the oauth configuration on the cluster and add the config for ipa/noggin/ipsilon. See the following snippet for inspiration:
|
||||
|
||||
----
|
||||
apiVersion: config.openshift.io/v1
|
||||
kind: OAuth
|
||||
metadata:
|
||||
name: cluster
|
||||
spec:
|
||||
identityProviders:
|
||||
...
|
||||
- name: fedoraidp
|
||||
login: true
|
||||
challenge: false
|
||||
mappingMethod: claim
|
||||
type: OpenID
|
||||
openID:
|
||||
clientID: ocp
|
||||
clientSecret:
|
||||
name: fedoraidp-clientsecret
|
||||
extraScopes:
|
||||
- email
|
||||
- profile
|
||||
claims:
|
||||
preferredUsername:
|
||||
- nickname
|
||||
name:
|
||||
- name
|
||||
email:
|
||||
- email
|
||||
issuer: https://id.fedoraproject.org
|
||||
----
|
||||
|
||||
This config already exists in the cluster so you need to edit or patch it, you can't just `oc apply -f template.yaml`.
|
||||
Loading…
Add table
Add a link
Reference in a new issue