jewzaam · September 23, 2019 20:26
diff --git a/notes b/notes
 Assumes you have an OCP 4.x cluster already created and you are logged in.

 A few gotyas:
 * Do not use spaces in your callback name.  In this example it's called "github".
 * If you want to use a team, the format in the config (not shown here) is "<ORGANIZATION_NAME>/<TEAM_NAME>"

 # Create github oauth app with:

 # hostname
 echo "https://`oc get routes -n openshift-console | grep -v NAME | awk '{print $2}'`"
 # callback
 echo "https://`oc get routes -n openshift-authentication | grep -v NAME | awk '{print $2}'`/oauth2callback/github/"


 # Create secret
 #oc delete secret -n openshift-config github-secret # only delete to recreate
 oc create secret generic -n openshift-config github-secret --from-literal=clientSecret=<CLIENT_SECRET>

 # configure oauth
 ---
 apiVersion: config.openshift.io/v1
 kind: OAuth
 metadata:
  name: cluster
 spec:
  identityProviders:
  - name: github
    challenge: false
    login: true 
    mappingMethod: claim
    type: GitHub
    github:
      clientID: <CLIENT_ID>
      clientSecret:
        name: github-secret
      organizations: 
      - <ORGANIZTION_NAME>

 # Verify secret is copied
 oc get secrets -n openshift-authentication | grep github

 # confirm via console, should see github listed below kube:admin and clicking on it auths with github

 # More reading
 # https://docs.openshift.com/container-platform/4.0/authentication/identity_providers/configuring-github-identity-provider.html
	Assumes you have an OCP 4.x cluster already created and you are logged in.

	A few gotyas:
	* Do not use spaces in your callback name. In this example it's called "github".
	* If you want to use a team, the format in the config (not shown here) is "<ORGANIZATION_NAME>/<TEAM_NAME>"

	# Create github oauth app with:

	# hostname
	echo "https://`oc get routes -n openshift-console \| grep -v NAME \| awk '{print $2}'`"
	# callback
	echo "https://`oc get routes -n openshift-authentication \| grep -v NAME \| awk '{print $2}'`/oauth2callback/github/"


	# Create secret
	#oc delete secret -n openshift-config github-secret # only delete to recreate
	oc create secret generic -n openshift-config github-secret --from-literal=clientSecret=<CLIENT_SECRET>

	# configure oauth
	---
	apiVersion: config.openshift.io/v1
	kind: OAuth
	metadata:
	name: cluster
	spec:
	identityProviders:
	- name: github
	challenge: false
	login: true
	mappingMethod: claim
	type: GitHub
	github:
	clientID: <CLIENT_ID>
	clientSecret:
	name: github-secret
	organizations:
	- <ORGANIZTION_NAME>

	# Verify secret is copied
	oc get secrets -n openshift-authentication \| grep github

	# confirm via console, should see github listed below kube:admin and clicking on it auths with github

	# More reading
	# https://docs.openshift.com/container-platform/4.0/authentication/identity_providers/configuring-github-identity-provider.html