Skip to content

Instantly share code, notes, and snippets.

@benjaminapetersen

benjaminapetersen/update-oauth-server.md Secret

Last active January 21, 2020 18:45
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save benjaminapetersen/3259fd041d47925f66a064a59311d443 to your computer and use it in GitHub Desktop.
Save benjaminapetersen/3259fd041d47925f66a064a59311d443 to your computer and use it in GitHub Desktop.
Download ZIP
Test updated oauth-server templates within the cluster to see if they work
Raw
update-oauth-server.md

There are 3 steps to get the cluster into a state where you can quickly iterate and test:

Step 0: Disable CVO

You may want to do this to ensure CVO doesn't stomp on your work:

oc scale deployment cluster-version-operator --replicas 0 --namespace openshift-cluster-version

Step 1. Clone the repo, make changes, and then build & push your images to quay.io.

# steps for testing the oauth server template changes
git clone https://github.com/<your-fork>/oauth-server

# make changes... 

# build :latest or :your-branch tags
docker build -t  quay.io/<your-username>/oauth-server:latest .
docker push quay.io/<your-username>/oauth-server:latest

Step 2. Set the authentication-operator into an Unmanaged state so you can monkey with the oauth-server:

# set the authentication operator management state to Unmananged

echo "apiVersion: operator.openshift.io/v1
kind: Authentication
metadata:
  name: cluster
spec:
  managementState: Unmanaged" | oc apply -f -

# verify it is Unmanaged 
oc get authentication.operator -o yaml

Step 3: Update the oauth-server Deployment so it uses your image:

# apply your image to the existing oauth-server deployment 
# which you can do now that the authentication server is in an 
# unmanaged state 
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: oauth-openshift
  namespace: openshift-authentication
spec:
  template:
    spec: 
      containers:
- args:
    - |2

        if [ -s /var/config/system/configmaps/v4-0-config-system-trusted-ca-bundle/ca-bundle.crt ]; then
            echo "Copying system trust bundle"
            cp -f /var/config/system/configmaps/v4-0-config-system-trusted-ca-bundle/ca-bundle.crt /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
        fi
        exec oauth-server osinserver --config=/var/config/system/configmaps/v4-0-config-system-cliconfig/v4-0-config-system-cliconfig --v=2
    command:
    - /bin/bash
    - -ec
    # change this!
    # this image has to match the image you pushed!
    image: quay.io/<your-username>/oauth-server:latest
    # always will ensure that when you 1. push a new image and 2. delete the pods, it will automatically
    # pull your new image when it generates new pods
    imagePullPolicy: Always   


# do this:
echo "<the-above-with-your-image>" | oc apply -f - 

# now check the deployment and pods and make sure things roll
oc get deployment oauth-openshift -n openshift-authentication
oc get pods -n openshift-authentication

Step 4+++: Make changes, delete pods, view, repeat:

  • Make new changes, follow the same docker build & docker push commands as above
  • Delete all pods in the auth namespace: oc delete pods --all -n openshift-authentication
  • Wait for new pods to be created
  • Review your changes
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment