Laura Fitzgerald edited a comment on AEROGEAR-8371

Re: Connect oAuth to UI Hi [~cmacedo86] Here are my notes for the deployment of oauth with our service. Add the following to the Deployment Config under template.spec.containers {code} - args:             - '--http-address=0.0.0.0:4180'             - '--https-address='             - '--provider=openshift'             - '--openshift-service-account=<service-account-name>’             - '--upstream=http://localhost:3000'             - >-               --openshift-sar=[{"namespace”:”<namespace>”,”resource":"services","name”:”<service-name>”,”verb":"get"}]             - '--cookie-secure=true'             - '--cookie-httponly=false'             - '-bypass-auth-for=/api/init'             - '-pass-user-headers=true'           image: 'docker.io/openshift/oauth-proxy:v1.1.0'           imagePullPolicy: IfNotPresent           name: oauth-proxy           ports:             - containerPort: 4180               name: public               protocol: TCP           resources: {}           terminationMessagePath: /dev/termination-log           terminationMessagePolicy: File {code} and under template.spec {code}       serviceAccount: <serviceaccount-name>       serviceAccountName: <serviceaccount-name> {code} Create a service Account {code} apiVersion: v1 kind: ServiceAccount metadata:   annotations:     serviceaccounts.openshift.io/oauth-redirectreference.primary: '{"kind":"OAuthRedirectReference","apiVersion":"v1","reference":{"kind":"Route","name”:”<route-name>”}}’   creationTimestamp: null   name: <service-account-name> {code} Update the existing service to match the following: {code} apiVersion: v1 kind: Service metadata: annotations:     service.alpha.openshift.io/serving-cert-secret-name: proxy-tls   labels:     app: mobilesecurityservice     mobilesecurityservice_cr: mobile-security-service-app   name: mobile-security-service-app   namespace: mobile-security-service-operator spec:   ports:     - name: web       port: 80       protocol: TCP       targetPort: 4180   selector:     app: mobilesecurityservice     mobilesecurityservice_cr: mobile-security-service-app   sessionAffinity: None   type: ClusterIP {code} Verify that after updating the service that the route port is 80-4180 rather than 3000 the labels and selectors should match that of the labels for the deployment config. Verify that there is a pod visible under the route overview. I also noticed some differences in the deployment config between the manual deployment and the deployment on the community cluster but this may not be relevant to the oath config. I removed the following from the deployment config {code} Removed this:     - name: ACCESS_CONTROL_ALLOW_ORIGIN               valueFrom:                 configMapKeyRef:                   key: ACCESS_CONTROL_ALLOW_ORIGIN                   name: mss-config             - name: ACCESS_CONTROL_ALLOW_CREDENTIALS               valueFrom:                 configMapKeyRef:                   key: ACCESS_CONTROL_ALLOW_CREDENTIALS                   name: mss-config {code} Add Comment

This message was sent by Atlassian Jira (v7.12.1#712002-sha1:609a505)