Enable OAUTH with IPA/Noggin on the OCP4 production cluster
apiVersion: config.openshift.io/v1 kind: OAuth metadata: name: cluster spec: identityProviders: - name: fedoraidp login: true challenge: false mappingMethod: claim type: OpenID openID: clientID: ocp clientSecret: name: fedoraidp-clientsecret extraScopes: - email - profile claims: preferredUsername: - nickname name: - name email: - email issuer: https://id.fedoraproject.org
Please provide us the secret (fedoraidp-clientsecret) to populate configmap.
fedoraidp-clientsecret
As soon as possible :)
Metadata Update from @humaton: - Issue tagged with: low-gain, low-trouble, ops
Metadata Update from @mohanboddu: - Issue untagged with: low-gain, low-trouble - Issue assigned to kevin - Issue priority set to: Waiting on Assignee (was: Needs Review) - Issue tagged with: medium-gain, medium-trouble
I thought I did this when I did stg, but apparently not. ;(
The secret should be in ~dkirwan/oidc-prod on batcave01.
However, I need to run the ansible playbook to deploy it, which needs a freeze break. ;( So I will request that and update this when thats approved.
Thanks Kevin!
If the secrets created, we can put it into the OCP cluster at least, and wait for the playbook to be run later. In the meantime we can login via kubeadmin.
The playbook has been run. ;) It should work now... let me know it not!
Metadata Update from @kevin: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.