#10207 Enable OAUTH with IPA/Noggin
Closed: Fixed 2 years ago by kevin. Opened 2 years ago by t0xic0der.

Describe what you would like us to do:

Enable OAUTH with IPA/Noggin on the OCP4 production cluster

apiVersion: config.openshift.io/v1
kind: OAuth
metadata:
  name: cluster
spec:
  identityProviders:
  - name: fedoraidp
    login: true
    challenge: false
    mappingMethod: claim
    type: OpenID
    openID:
      clientID: ocp
      clientSecret:
        name: fedoraidp-clientsecret
      extraScopes:
      - email
      - profile
      claims:
        preferredUsername:
        - nickname
        name:
        - name
        email:
        - email
      issuer: https://id.fedoraproject.org

Please provide us the secret (fedoraidp-clientsecret) to populate configmap.

When do you need this to be done by? (YYYY/MM/DD)

As soon as possible :)


Metadata Update from @humaton:
- Issue tagged with: low-gain, low-trouble, ops

2 years ago

Metadata Update from @mohanboddu:
- Issue untagged with: low-gain, low-trouble
- Issue assigned to kevin
- Issue priority set to: Waiting on Assignee (was: Needs Review)
- Issue tagged with: medium-gain, medium-trouble

2 years ago

I thought I did this when I did stg, but apparently not. ;(

The secret should be in ~dkirwan/oidc-prod on batcave01.

However, I need to run the ansible playbook to deploy it, which needs a freeze break. ;( So I will request that and update this when thats approved.

Thanks Kevin!

If the secrets created, we can put it into the OCP cluster at least, and wait for the playbook to be run later. In the meantime we can login via kubeadmin.

The playbook has been run. ;) It should work now... let me know it not!

Metadata Update from @kevin:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

2 years ago

Login to comment on this ticket.

Metadata
Boards 1
ops Status: Done