Your Browser is Out of Date

Nytro.ai uses technology that works best in other browsers.
For a full experience use one of the browsers below
Implementation Guide—Red Hat OpenShift Container Platform 4.6 on Dell Infrastructure
Introduction Configuring the Switches Setting Up the CSAH Node Deploying OpenShift Container Platform 4.6
Introduction
Creating a bootstrap KVM
Installing the control-plane nodes
Installing the compute nodes
Completing the cluster setup
Removing the bootstrap node
Accessing the OpenShift web console
OpenShift license and support
Configuring authentication
Adding Compute Nodes Cluster Networking Provisioning Storage Monitoring the Cluster Sample Configuration Files

Configuring authentication

Configuring authentication

  • Introduction

    OpenShift supports different authentication methods based on the identity provider. For more information, see Understanding authentication in the OpenShift Container Platform documentation. 

    This section describes how to configure identity providers by using htpasswd.

    Creating an admin user

    Unless otherwise specified, run the following commands on the primary CSAH node as user core.

    To create an admin user:

    1. Create an htpasswd file on the CSAH node:

    [core@csah-pri ~]$ cd /home/core/openshift

    [core@csah-pri openshift]$ htpasswd -c -B -b htpasswd ocpadmin Password1

    [core@csah-pri openshift]$ htpasswd -b htpasswd ocpuser Password2

    1. Create a secret for passwd:

    [core@csah-pri openshift]$ oc create secret generic htpass-secret --from-file=htpasswd=/home/core/openshift/htpasswd -n openshift-config

    1. Create a custom resource (CR), and save the following contents in a file:

    apiVersion: config.openshift.io/v1

    kind: OAuth

    metadata:

      name: cluster

    spec:

      identityProviders:

      - name: htpasswd

        mappingMethod: claim

        type: HTPasswd

        htpasswd:

          fileData:

            name: htpass-secret

    1. Apply the CR:

    [core@csah-pri ~]$ oc apply -f <file name>

    1. Log in as a user that you created with htpasswd:

    [core@csah-pri ~]$ oc login -u <username>

    Authentication required for https://api.ocp.demo.lab:6443 (openshift)

    Username: <username>

    Password: <password>

    Login successful.

    You don't have any projects. You can try to create a new project, by running oc new-project <projectname>

    Assigning a cluster-admin role

    To assign a cluster-admin role to the admin user:

    1. Log in as kubeadmin to assign cluster-admin access:

    [core@csah-pri openshift]$ oc login -u kubeadmin -p xxxxx-xxxxx-xxxxx-xxxxx-xxxxx

    Login successful.

    You have access to 53 projects, the list has been suppressed. You can list all projects with 'oc projects'
    Using project "default".

    1. Run the following command and ensure that the user is listed:

    [core@csah-pri ~]$ oc get users

    NAME       UID    FULL NAME   IDENTITIES

    ocpadmin   273ccf25-9b32-4b4d-aad4-503c5aa27eee               htpasswd:ocpadmin

    1. Obtain a list of all the available cluster roles:

    oc get clusterrole --all-namespaces

    1. Assign the cluster-admin role to the user ocpadmin by running:

    [core@csah-pri ~]$ oc adm policy add-cluster-role-to-user cluster-admin ocpadmin

    clusterrole.rbac.authorization.k8s.io/cluster-admin added: "ocpadmin