Lab 5.1 - Configuring HTPasswd Identity Provider

1. Login to the cluster

YOUR_PASSWORD=`cat okd-config/auth/kubeadmin-password`
oc login -u kubeadmin -p ${YOUR_PASSWORD} https://api.openshift.podX.io:6443

2. Create a htpasswd authentication for users

dnf install httpd-tools -y

htpasswd -c -B -b /root/okd-config/auth/htpasswd admin rahasia
htpasswd -b /root/okd-config/auth/htpasswd developer rahasia
htpasswd -b /root/okd-config/auth/htpasswd qa-engineer rahasia

3. Verify that users and hashed passwords exist

cat /root/okd-config/auth/htpasswd

4. Create a secret from the htpasswd file

oc create secret generic htp-secret \
  --from-file htpasswd=/root/okd-config/auth/htpasswd \
  -n openshift-config

5. Assign the admin user to the cluster-admin role

oc adm policy add-cluster-role-to-user \
  cluster-admin admin

# Ignore the warning

6. Create an oauth.yaml file

vim /root/oauth.yaml
...
apiVersion: config.openshift.io/v1
kind: OAuth
metadata:
  name: cluster
spec:
  identityProviders:
  - name: my_htpasswd_provider 
    mappingMethod: claim 
    type: HTPasswd
    htpasswd:
      fileData:
        name: htp-secret
...

7. Apply the identity provider

oc apply -f /root/oauth.yaml

8. Verify the identity provider

oc get oauth cluster -o yaml

9. Testing login with admin user

oc login -u admin -p rahasia https://api.openshift.podX.io:6443
oc whoami
oc get nodes

10. Verify that users and identity provider exist

oc get users
oc get identity

11. Testing login with developer user

oc login -u developer -p rahasia https://api.openshift.podX.io:6443
oc whoami
oc get nodes 

# It would fail because the user do not share the same level of access.

Daftar Materi