Message Title

Hi Camila Macedo Here are my notes for the deployment of oauth with our service.

Add the following to the Deployment Config
under template.spec.containers

 
                                                                 - args:
            - '--http-address=0.0.0.0:4180'
            - '--https-address='
            - '--provider=openshift'
            - '--openshift-service-account=<service-account-name>’
            - '--upstream=http://localhost:3000'
            - >-
              --openshift-sar=[{"namespace”:”<namespace>”,”resource":"services","name”:”<service-name>”,”verb":"get"}]
            - '--cookie-secure=true'
            - '--cookie-httponly=false'
            - '-bypass-auth-for=/api/init'
            - '-pass-user-headers=true'
          image: 'docker.io/openshift/oauth-proxy:v1.1.0'
          imagePullPolicy: IfNotPresent
          name: oauth-proxy
          ports:
            - containerPort: 4180
              name: public
              protocol: TCP
          resources: {}
          terminationMessagePath: /dev/termination-log
          terminationMessagePolicy: File
 
                                                            

and under template.spec

 
                                                                      serviceAccount: <serviceaccount-name>
      serviceAccountName: <serviceaccount-name>

Create a service Account
apiVersion: v1
kind: ServiceAccount
metadata:
annotations:
serviceaccounts.openshift.io/oauth-redirectreference.primary: '{"kind":"OAuthRedirectReference","apiVersion":"v1","reference":{"kind":"Route","name”:”<route-name>”}}’
creationTimestamp: null
name: <service-account-name>

Update the existing service to match the following:

 
                                                                apiVersion: v1
kind: Service
metadata:
 annotations:
    service.alpha.openshift.io/serving-cert-secret-name: proxy-tls
  labels:
    app: mobilesecurityservice
    mobilesecurityservice_cr: mobile-security-service-app
  name: mobile-security-service-app
  namespace: mobile-security-service-operator
spec:
  ports:
    - name: web
      port: 80
      protocol: TCP
      targetPort: 4180
  selector:
    app: mobilesecurityservice
    mobilesecurityservice_cr: mobile-security-service-app
  sessionAffinity: None
  type: ClusterIP
 
                                                            

Verify that after updating the service that the route port is 80-4180 rather than 3000 the labels and selectors should match that of the labels for the deployment config.
Verify that there is a pod visible under the route overview.

I also noticed some differences in the deployment config between the manual deployment and the deployment on the community cluster but this may not be relevant to the oath config.
I removed the following from the deployment config

 
                                                                Removed this:
    - name: ACCESS_CONTROL_ALLOW_ORIGIN
              valueFrom:
                configMapKeyRef:
                  key: ACCESS_CONTROL_ALLOW_ORIGIN
                  name: mss-config
            - name: ACCESS_CONTROL_ALLOW_CREDENTIALS
              valueFrom:
                configMapKeyRef:
                  key: ACCESS_CONTROL_ALLOW_CREDENTIALS
                  name: mss-config
 
                                                            

Add Comment

This message was sent by Atlassian Jira