OpenShift
Authentication Setup
OpenShift Configuration
-
Ensure Ingress: Make sure that you have an ingress setup for your OpenShift cluster. Otherwise, you can use port forwarding without ingress but you need to make sure to state it in the next stages.
-
Create an Oauth Client: Connect VIA Cli to your cluster and run the following:
CLIENT_SECRET=$(openssl rand -base64 32) oc apply -f <(cat << EOF kind: OAuthClient apiVersion: oauth.openshift.io/v1 metadata: name: scaleops secret: ${CLIENT_SECRET} redirectURIs: - "http://localhost:8080/auth/callback" # for port forwarding - "https://<YOUR-SCALEOPS-DASHBOARD-URL>/auth/callback" # for ingress grantMethod: prompt EOF )- Note that the
OAuthClientname isscaleopsand that we have just created a secret, further in the doc we are going to refer to them, the secret isclient-secretthe name isclient-id.
- Note that the
ScaleOps Configuration
Add the following helm values to your helm values.yml file
authProvider:
provider: openshift
openshift:
clientID: scaleops
clientSecret: ${CLIENT_SECRET}If the OpenShift cluster is not configured with a known TLS CA by default, add the following flags to the Helm command:
authProvider:
provider: openshift
openshift:
clientID: scaleops
clientSecret: ${CLIENT_SECRET}
rootCA: /var/run/secrets/kubernetes.io/serviceaccount/ca.crtor
authProvider:
provider: openshift
openshift:
clientID: scaleops
clientSecret: ${CLIENT_SECRET}
insecureCA: trueGroups Setup
OpenShift Configuration
Choose an existing admin group, or create scaleops-admins by running the following command:
# make sure to list the <USER-S> that you want to be admins
oc adm groups new scaleops-admins <USER-1> <USER-2> <USER-3> ...ScaleOps Configuration
Add the following helm values to your helm values.yml file:
authProvider:
provider: openshift
authorization:
enabled: true
openshift:
clientID: scaleops
clientSecret: ${CLIENT_SECRET}
defaultAdminGroups:
- <GROUP-NAMES>