Red Hat Summit이 콘텐츠는 선택한 언어로 제공되지 않습니다.
Chapter 2. Authenticating Red Hat Edge Manager on Red Hat OpenShift Container Platform
Users can enable secure access to Red Hat Edge Manager by integrating their existing OpenShift identity provider. This guide walks you through labeling your environment and assigning the specific roles required for your team to manage devices, fleets, and organizations.
- Namespace-to-Organization Mapping: Red Hat Edge Manager uses a 1:1 mapping between OpenShift namespaces and Organizations.
-
Automatic Discovery: The act of labeling a namespace with
io.flightctl/instance=<helm_release-name>triggers the automatic discovery and initialization of that namespace as a Red Hat Edge Manager Organization. - Multi-Tenancy: You are not limited to a single organization. You can create and manage multiple isolated organizations within a single cluster by applying the same management label to different namespaces.
- Identity: Each labeled namespace is treated as a distinct organization, allowing you to segregate users, devices, and configurations across your environment.
Prerequisites
- Red Hat Edge Manager is deployed on Red Hat OpenShift Container Platform via the Software Catalog.
-
Red Hat OpenShift Container Platform users are created via an identity provider (e.g.
htpasswdor LDAP). -
You have
cluster-adminaccess to configureRoleBindings.
Procedure
-
In the Red Hat OpenShift Container Platform web console, navigate to Helm
Releases and record the Helm release name. This value is required for labeling the namespace and configuring user access. In your terminal, run the following command to label the namespace:
oc label namespace <namespace> io.flightctl/instance=<helm_release_name>
$ oc label namespace <namespace> io.flightctl/instance=<helm_release_name>Copy to Clipboard Copied! Toggle word wrap Toggle overflow ImportantThe label value must match the Helm release name, not the namespace name.
To verify which namespaces are associated with the Helm release name, run the following command:
oc get namespaces -l io.flightctl/instance=<helm_release_name>
$ oc get namespaces -l io.flightctl/instance=<helm_release_name>Copy to Clipboard Copied! Toggle word wrap Toggle overflow
2.1. Grant user access
Accessing Red Hat Edge Manager resources requires a minimum of two roles: the mandatory view role for organization discovery, plus at least one functional role (e.g., flightctl-admin).
| Role | Purpose |
|---|---|
|
| Required for organization discovery. |
|
| Full access to Red Hat Edge Manager resources. |
|
| CRUD permissions for devices, fleets, resourcesyncs, and repositories. |
|
| Read-only access. |
Procedure
To grant the
viewrole for organization discovery:oc adm policy add-role-to-user view <user_name> -n <namespace>
$ oc adm policy add-role-to-user view <user_name> -n <namespace>Copy to Clipboard Copied! Toggle word wrap Toggle overflow To grant Red Hat Edge Manager administrative permissions:
oc adm policy add-role-to-user flightctl-admin-<helm_release_name> <user_name> -n <namespace>
$ oc adm policy add-role-to-user flightctl-admin-<helm_release_name> <user_name> -n <namespace>Copy to Clipboard Copied! Toggle word wrap Toggle overflow To grant permissions for CRUD operations on Red Hat Edge Manager resources:
oc adm policy add-role-to-user flightctl-operator-<helm_release_name> <user_name> -n <namespace>
$ oc adm policy add-role-to-user flightctl-operator-<helm_release_name> <user_name> -n <namespace>Copy to Clipboard Copied! Toggle word wrap Toggle overflow To grant Red Hat Edge Manager read-only access:
oc adm policy add-role-to-user flightctl-viewer-<helm_release_name> <user_name> -n <namespace>
$ oc adm policy add-role-to-user flightctl-viewer-<helm_release_name> <user_name> -n <namespace>Copy to Clipboard Copied! Toggle word wrap Toggle overflow
A User not found warning is expected if the user has not yet logged in. The role binding will activate automatically upon their first authentication.
2.2. User login
You can authenticate with Red Hat Edge Manager using either the flightctl CLI or the UI.
2.2.1. Log in with the CLI
Procedure
Log in to OpenShift:
oc login
$ oc loginCopy to Clipboard Copied! Toggle word wrap Toggle overflow Log in to Red Hat Edge Manager using the OpenShift token:
flightctl login https://api.flightctl.apps.example.com -k --token=$(oc whoami -t)
$ flightctl login https://api.flightctl.apps.example.com -k --token=$(oc whoami -t)Copy to Clipboard Copied! Toggle word wrap Toggle overflow Example output
Auto-selected organization: <uuid> flightctl Login successful.
Auto-selected organization: <uuid> flightctl Login successful.Copy to Clipboard Copied! Toggle word wrap Toggle overflow
2.2.2. Log in with the UI
Procedure
- Navigate to the Red Hat Edge Manager UI.
- Click Login with OpenShift.
- Authenticate using your OpenShift credentials.
Upon successful authentication, the browser redirects to the Red Hat Edge Manager dashboard.
2.3. Verification
Verify your access and configuration by running the following commands:
Procedure
Check the current organization:
flightctl config current-organization
$ flightctl config current-organizationCopy to Clipboard Copied! Toggle word wrap Toggle overflow List available organizations:
flightctl get organizations
$ flightctl get organizationsCopy to Clipboard Copied! Toggle word wrap Toggle overflow Test access to resources:
flightctl get devices flightctl get fleets
$ flightctl get devices $ flightctl get fleetsCopy to Clipboard Copied! Toggle word wrap Toggle overflow
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}