Chapter 3. Configure OpenShift Container Platform


3.1. Overview

This guide introduces you to the basic concepts of OpenShift Container Platform, and helps you configure a basic application. This guide provides the configuration steps following the installation of a basic OpenShift Container Platform environment, and is not suitable for deploying or installing a production environment of OpenShift.

3.2. Change Log In Identity Provider

The default behavior of a freshly installed OpenShift Container Platform instance is to deny any user from logging in. To change the authentication method to HTPasswd:

  1. Open the /etc/origin/master/master-config.yaml file in edit mode.
  2. Find the identityProviders section.
  3. Change DenyAllPasswordIdentityProvider to HTPasswdPasswordIdentityProvider provider.
  4. Change the value of the name label to htpasswd_auth and add a new line file: /etc/origin/openshift-passwd in the provider section.

    An example identityProviders section with HTPasswdPasswordIdentityProvider would look like the following.

    oauthConfig:
      ...
      identityProviders:
      - challenge: true
        login: true
        name: htpasswd_auth provider
        provider:
          apiVersion: v1
          kind: HTPasswdPasswordIdentityProvider
          file: /etc/origin/openshift-passwd
  5. Save the file.

3.3. Create User Accounts

Now that you are using the HTPasswdPasswordIdentityProvider provider, you need to generate these user accounts.

  1. You can use the httpd-tools package to obtain the htpasswd binary that can generate these accounts.

    yum -y install httpd-tools
  2. Create a user account.

    touch /etc/origin/openshift-passwd
    htpasswd -b /etc/origin/openshift-passwd admin redhat

    You have created a user, admin, with the password, redhat.

  3. Restart OpenShift before going forward.

    # systemctl restart atomic-openshift-master-api atomic-openshift-master-controllers
  4. Give this user account cluster-admin privileges, which allows it to do everything.

    oc adm policy add-cluster-role-to-user cluster-admin admin

    When running oc adm commands, you should run them only from the first master listed in the Ansible host inventory file, by default /etc/ansible/hosts.

  5. You can use this username/password combination to log in via the web console or the command line. To test this, run the following command.

    oc login -u admin

Before going forward, change to the default project.

oc project default

For more details, see roles and authentication.

3.4. Deploy the OpenShift Router

The OpenShift router is the entry point for external network traffic destined for OpenShift services. It supports HTTP, HTTPS, and any TLS-enabled traffic that uses SNI, which enables the router to send traffic to the correct service.

Without the router, OpenShift services and pods are unable to communicate with any resource outside of the OpenShift instance.

The installer creates a default router.

  1. Delete the default router using the following command.

    oc delete all -l router=router
  2. Create a new default router.

    $ oc adm router --replicas=1 --service-account=router

The OpenShift documentation contains detailed information on Router Overview.

3.5. Deploy an Internal Registry

Openshift provides an internal, integrated Docker registry that can be deployed to locally manage images. OpenShift uses the docker-registry to store, retrieve, and build Docker images, as well as deploy and manage them throughout their lifecycle.

The installer creates a default registry.

Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.