Skip to content

Red Hat SSO - via Google

Official documentation:

Setup OAuth 2.0 client at Google

Visit: https://console.developers.google.com/apis/credentials

Create OAuth client ID

Copy Client ID and Client secret

Example Client ID and secret
Client ID: 1079862778375-60es8d8ugvg3e54csnesgf94p6r4rc6s.apps.googleusercontent.com
Client Secret: rJR1jmiUnk_ZWZFxqbMxhShn

Create client secret

1
2
3
oc create secret generic google-secret \
  --from-literal=clientSecret=rJR1jmiUnk_ZWZFxqbMxhShn \
  -n openshift-config

Update OAuth Config

oauth.yaml

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
apiVersion: config.openshift.io/v1
kind: OAuth
metadata:
  name: cluster
spec:
  identityProviders:
  - name: RedHatSSO
    mappingMethod: claim
    type: Google
    google:
      clientID: "1079862778375-60es8d8ugvg3e54csnesgf94p6r4rc6s.apps.googleusercontent.com"
      clientSecret:
        name: google-secret
      hostedDomain: "redhat.com"

Apply: oc apply -f oauth.yaml

Optional Remove kubeadm account

1
oc delete secrets kubeadmin -n kube-system

Documentation

Optional Remove self-provisioner

1
oc adm policy remove-cluster-role-from-group self-provisioner system:authenticated system:authenticated:oauth

Last update: April 12, 2020