Last active
February 21, 2019 14:36
-
-
Save sallyom/f77e0ee1d64e62b9d87d44b9ec6570a0 to your computer and use it in GitHub Desktop.
okd-configure-htpasswd
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| set -o errexit | |
| set -o nounset | |
| set -o pipefail | |
| # not sure this is still necessary, but can't hurt... | |
| # kick the console pods because they cache oauth metadata (temporary, should not be required) | |
| oc delete pods -n openshift-console --all --force --grace-period=0 | |
| # kick the monitoring pods because they cache oauth metadata (temporary, should not be required) | |
| oc delete pods -n openshift-monitoring --all --force --grace-period=0 | |
| ### The 2 steps below are the 'real' steps you will need in 4.0 ### | |
| # create a secret with htpasswd file data for user 'test' with password 'test' | |
| oc apply -f - <<EOF | |
| apiVersion: v1 | |
| kind: Secret | |
| metadata: | |
| name: htpass-secret | |
| namespace: openshift-config | |
| data: | |
| htpasswd: dGVzdDokYXByMSRxa0Zvb203dCRSWFIuNHhTV0lhL3h6dkRRUUFFUG8w | |
| EOF | |
| # configure HTPasswd IDP | |
| oc apply -f - <<EOF | |
| apiVersion: config.openshift.io/v1 | |
| kind: OAuth | |
| metadata: | |
| name: cluster | |
| spec: | |
| identityProviders: | |
| - name: htpassidp | |
| challenge: true | |
| login: true | |
| mappingMethod: claim | |
| type: HTPasswd | |
| htpasswd: | |
| fileData: | |
| name: htpass-secret | |
| EOF |
Shortcut for the secret creation:
kubectl create secret -n openshift-config generic htpasswd-secret --from-literal=htpasswd="$(htpasswd -nb testuser hunter13)" -o yaml --dry-run
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
be sure you have exported KUBECONFIG