[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

oc cluster up and oauth-proxy



Hi,

I've played with oauth-proxy [1] on my local OpenShift cluster (eg oc cluster up). The first thing I've tried was the sidecar example [2] in the contrib directory but to make it work, I had to tweak the CLI arguments of the proxy. In practice, I've added the following options:

--redeem-url="">https://openshift.default.svc/oauth/token
--validate-url="">https://openshift.default.svc/apis/user.openshift.io/v1/users/~
--openshift-review-url="">https://openshift.default.svc/apis/authorization.openshift.io/v1/subjectaccessreviews

(the last one is only required to use openshift-sar)

Without these changes, the oauth proxy couldn't authenticate clients because there is a discrepancy between the OAuth endpoints exposed by the Openshift API and the public certificate (see oauth logs at [3]).

Is that expected? Did I miss some documentation?

Thanks!
Simon

[1] https://github.com/openshift/oauth-proxy
[2] https://github.com/openshift/oauth-proxy/blob/master/contrib/sidecar.yaml
[3] https://pastebin.com/Fk1h1a7v

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]