There are 3 steps to get the cluster into a state where you can quickly iterate and test:
Step 0: Disable CVO
You may want to do this to ensure CVO doesn't stomp on your work:
oc scale deployment cluster-version-operator --replicas 0 --namespace openshift-cluster-version
Step 1. Clone the repo, make changes, and then build & push your images to quay.io.
# steps for testing the oauth server template changes
git clone https://github.com/<your-fork>/oauth-server
# make changes...
# build :latest or :your-branch tags
docker build -t quay.io/<your-username>/oauth-server:latest .
docker push quay.io/<your-username>/oauth-server:latest
Step 2. Set the authentication-operator
into an Unmanaged
state so you can monkey with the oauth-server
:
# set the authentication operator management state to Unmananged
echo "apiVersion: operator.openshift.io/v1
kind: Authentication
metadata:
name: cluster
spec:
managementState: Unmanaged" | oc apply -f -
# verify it is Unmanaged
oc get authentication.operator -o yaml
Step 3: Update the oauth-server
Deployment so it uses your image:
# apply your image to the existing oauth-server deployment
# which you can do now that the authentication server is in an
# unmanaged state
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: oauth-openshift
namespace: openshift-authentication
spec:
template:
spec:
containers:
- args:
- |2
if [ -s /var/config/system/configmaps/v4-0-config-system-trusted-ca-bundle/ca-bundle.crt ]; then
echo "Copying system trust bundle"
cp -f /var/config/system/configmaps/v4-0-config-system-trusted-ca-bundle/ca-bundle.crt /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
fi
exec oauth-server osinserver --config=/var/config/system/configmaps/v4-0-config-system-cliconfig/v4-0-config-system-cliconfig --v=2
command:
- /bin/bash
- -ec
# change this!
# this image has to match the image you pushed!
image: quay.io/<your-username>/oauth-server:latest
# always will ensure that when you 1. push a new image and 2. delete the pods, it will automatically
# pull your new image when it generates new pods
imagePullPolicy: Always
# do this:
echo "<the-above-with-your-image>" | oc apply -f -
# now check the deployment and pods and make sure things roll
oc get deployment oauth-openshift -n openshift-authentication
oc get pods -n openshift-authentication
Step 4+++: Make changes, delete pods, view, repeat:
- Make new changes, follow the same
docker build
&docker push
commands as above - Delete all pods in the auth namespace:
oc delete pods --all -n openshift-authentication
- Wait for new pods to be created
- Review your changes