Ah thanks! oc cluster up picked it up for me. I guess I need to use the --public-hostname option to override it?
On Mon, Dec 11, 2017 at 3:10 PM, Clayton Coleman <[email protected]> wrote: > When you ran oc cluster up, did you explicitly set the master to run on > 127.0.0.1, or did it select that address for you? > > OAuth won’t work when the master is set to 127.0.0.1 (nor will a number of > other functions) > > On Dec 11, 2017, at 6:38 AM, Simon Pasquier <[email protected]> wrote: > > Hi, > > I've played with oauth-proxy [1] on my local OpenShift cluster (eg oc > cluster up). The first thing I've tried was the sidecar example [2] in the > contrib directory but to make it work, I had to tweak the CLI arguments of > the proxy. In practice, I've added the following options: > > --redeem-url=https://openshift.default.svc/oauth/token > --validate-url=https://openshift.default.svc/apis/ > user.openshift.io/v1/users/~ > --openshift-review-url=https://openshift.default.svc/apis/ > authorization.openshift.io/v1/subjectaccessreviews > > (the last one is only required to use openshift-sar) > > > <https://mojo.redhat.com/external-link.jspa?url=https%3A%2F%2Fopenshift.default.svc%2Fapis%2Fauthorization.openshift.io%2Fv1%2Fsubjectaccessreviews> > Without these changes, the oauth proxy couldn't authenticate clients > because there is a discrepancy between the OAuth endpoints exposed by the > Openshift API and the public certificate (see oauth logs at [3]). > > > <https://mojo.redhat.com/external-link.jspa?url=https%3A%2F%2Fopenshift.default.svc%2Fapis%2Fauthorization.openshift.io%2Fv1%2Fsubjectaccessreviews> > Is that expected? Did I miss some documentation? > > Thanks! > Simon > > [1] https://github.com/openshift/oauth-proxy > [2] https://github.com/openshift/oauth-proxy/blob/master/ > contrib/sidecar.yaml > [3] https://pastebin.com/Fk1h1a7v > > _______________________________________________ > users mailing list > [email protected] > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > >
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
