On Mon, Dec 11, 2017 at 3:19 PM, Simon Pasquier <[email protected]> wrote:
> Ah thanks! oc cluster up picked it up for me. I guess I need to use the > --public-hostname option to override it? > Indeed this fixed my problem. > > On Mon, Dec 11, 2017 at 3:10 PM, Clayton Coleman <[email protected]> > wrote: > >> When you ran oc cluster up, did you explicitly set the master to run on >> 127.0.0.1, or did it select that address for you? >> >> OAuth won’t work when the master is set to 127.0.0.1 (nor will a number >> of other functions) >> >> On Dec 11, 2017, at 6:38 AM, Simon Pasquier <[email protected]> wrote: >> >> Hi, >> >> I've played with oauth-proxy [1] on my local OpenShift cluster (eg oc >> cluster up). The first thing I've tried was the sidecar example [2] in the >> contrib directory but to make it work, I had to tweak the CLI arguments of >> the proxy. In practice, I've added the following options: >> >> --redeem-url=https://openshift.default.svc/oauth/token >> --validate-url=https://openshift.default.svc/apis/user. >> openshift.io/v1/users/~ >> --openshift-review-url=https://openshift.default.svc/apis/au >> thorization.openshift.io/v1/subjectaccessreviews >> >> (the last one is only required to use openshift-sar) >> >> >> <https://mojo.redhat.com/external-link.jspa?url=https%3A%2F%2Fopenshift.default.svc%2Fapis%2Fauthorization.openshift.io%2Fv1%2Fsubjectaccessreviews> >> Without these changes, the oauth proxy couldn't authenticate clients >> because there is a discrepancy between the OAuth endpoints exposed by the >> Openshift API and the public certificate (see oauth logs at [3]). >> >> >> <https://mojo.redhat.com/external-link.jspa?url=https%3A%2F%2Fopenshift.default.svc%2Fapis%2Fauthorization.openshift.io%2Fv1%2Fsubjectaccessreviews> >> Is that expected? Did I miss some documentation? >> >> Thanks! >> Simon >> >> [1] https://github.com/openshift/oauth-proxy >> [2] https://github.com/openshift/oauth-proxy/blob/master/contrib >> /sidecar.yaml >> [3] https://pastebin.com/Fk1h1a7v >> >> _______________________________________________ >> users mailing list >> [email protected] >> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >> >> >
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
