Add Local User to OCP HTPasswd - Almax84/consulting-wiki GitHub Wiki
Delete the kubeadmin user: oc delete secret kubeadmin -n kube-system
NOTE:If you delete the kubeadmin secret before you configure another user with cluster admin privileges, then the only way you can administer your cluster is using the kubeconfig file. If you do not have a copy of this file in a safe location, then you cannot recover administrative access to your cluster. The only alternative is destroying and reinstalling your cluster.
INSTALL httpd-utils package
CREATE file:
htpasswd -c -B -b /tmp/htpasswd student redhat123
UPDATE credentials in file:
htpasswd -b /tmp/htpasswd student redhat1234
DELETE credential from file:
htpasswd -D /tmp/htpasswd student
CREATE SECRET:
oc create secret generic htpasswd-secret \
--from-file htpasswd=/tmp/htpasswd -n openshift-config
Configuring the HTPasswd Identity Provider: oc get oauth cluster -o yaml > oauth.yaml (or use edit)
apiVersion: config.openshift.io/v1
kind: OAuth
metadata:
name: cluster
spec:
identityProviders:
- name: my_htpasswd_provider
mappingMethod: claim
type: HTPasswd
htpasswd:
fileData:
name: htpasswd-secret
To change the secret, do it through the UI, or (The --confirm option replaces the file if it already exists.):
oc extract secret/htpasswd-secret -n openshift-config \
--to /tmp/ --confirm /tmp/htpasswd
To update it:
oc set data secret/htpasswd-secret
--from-file htpasswd=/tmp/htpasswd -n openshift-config
The pod will be redeployed:
watch oc get pods -n openshift-authentication
DELETE USER IDENTITIES
oc delete user manager
Identity resources include the name of the identity provider. To delete the identity resource for the manager user, find the resource and then delete it.
[user@host ~]$ oc get identities | grep manager
my_htpasswd_provider:manager my_htpasswd_provider manager manager ...[user@host ~]$ oc delete identity my_htpasswd_provider:manager
identity.user.openshift.io "my_htpasswd_provider:manager" deleted
Assign cluster privileges
oc adm policy add-cluster-role-to-user cluster-admin student
Example to create an admin user
- Create local file with password: htpasswd -cBb ./new_users_prod.htpasswd admin b3stCnp4dc!
To add an entry to an already existing file: htpasswd -b ./new_users_prod.htpasswd manager redhat
- Create the secret: oc create secret generic localusers --from-file htpasswd=/home/cnpadc/new_users_prod.htpasswd -n openshift-config
- Add oauth as IdP: oc edit oauth cluster
identityProviders:
- htpasswd:
fileData:
name: localusers
mappingMethod: claim
name: localusers
type: HTPasswd
- If you want you user to be a cluster admin user: oc adm policy add-cluster-role-to-user cluster-admin admin
Add user when everything's already setup
- Print htpasswd data in stdout: htpasswd -bn developer2 developer
- Copy the output of the previous command, go to he openshift-config project, and modify the secret by adding the line copied. Wait for about a minute for the pod restart.