This is where the amazing cluster-authentication-operator lives.
The most common identity provider for demoing and testing is the HTPasswd IdP.
To set it up, take the following steps:
- Create a new htpasswd file
$ htpasswd -bBc /tmp/htpasswd testuser testpasswd
- (optional) Add more users
$ htpasswd -bB /tmp/htpasswd testuser2 differentpassword
- Create a secret from that htpasswd in the
openshift-confignamespace
oc create secret generic myhtpasswdidp-secret -n openshift-config --from-file=/tmp/htpasswd
- Configure the OAuth server to use the HTPasswd IdP from the secret by editing the spec of the cluster-wide OAuth/cluster object so that it looks like the one in this example:
apiVersion: config.openshift.io/v1
kind: OAuth
metadata:
name: cluster
spec:
identityProviders:
- name: htpassidp
type: HTPasswd
htpasswd:
fileData:
name: myhtpasswdidp-secret
- The operator will now restart the OAuth server deployment and mount the new config
- When the operator is available again (
oc get clusteroperator authentication), you should be able to log in:
oc login -u testuser -p testpasswd