Red Hat Summit이 콘텐츠는 선택한 언어로 제공되지 않습니다.
Chapter 2. Configuring Red Hat Single Sign-On for OpenShift
2.1. Using the Red Hat Single Sign-On for OpenShift Image Streams and application templates
Red Hat JBoss Middleware for OpenShift images are pulled on demand from the secured Red Hat Registry: registry.redhat.io, which requires authentication. To retrieve content, you will need to log into the registry using the Red Hat account.
To consume container images from registry.redhat.io in shared environments such as OpenShift, it is recommended for an administrator to use a Registry Service Account, also referred to as authentication tokens, in place of an individual person’s Red Hat Customer Portal credentials.
Procedure
- To create a Registry Service Account, navigate to the Registry Service Account Management Application, and log in if necessary.
- From the Registry Service Accounts page, click Create Service Account.
Provide a name for the Service Account, for example registry.redhat.io-sa. It will be prepended with a fixed, random string.
- Enter a description for the Service Account, for example Service account to consume container images from registry.redhat.io..
- Click Create.
- After the Service Account was created, click the registry.redhat.io-sa link in the Account name column of the table presented on the Registry Service Accounts page.
- Finally, click the OpenShift Secret tab, and perform all steps listed on that page.
See the Red Hat Container Registry Authentication article for more information.
Procedure
-
Ensure that you are logged in as a cluster administrator or a user with project administrator access to the global
openshiftproject: Choose a command based on your version of OpenShift Container Platform.
If you are running an OpenShift Container Platform v3 based cluster instance on (some) of your master host(s), perform the following:
oc login -u system:admin
$ oc login -u system:adminCopy to Clipboard Copied! Toggle word wrap Toggle overflow If you are running an OpenShift Container Platform v4 based cluster instance, log in to the CLI as the kubeadmin user:
oc login -u kubeadmin -p password https://openshift.example.com:6443
$ oc login -u kubeadmin -p password https://openshift.example.com:6443Copy to Clipboard Copied! Toggle word wrap Toggle overflow
Run the following commands to update the core set of Red Hat Single Sign-On 7.5.3 resources for OpenShift in the
openshiftproject:Copy to Clipboard Copied! Toggle word wrap Toggle overflow Run the following command to install the Red Hat Single Sign-On 7.5.3 OpenShift image streams in the
openshiftproject:oc -n openshift import-image rh-sso-7/sso75-openshift-rhel8:7.5 --from=registry.redhat.io/rh-sso-7/sso75-openshift-rhel8:7.5 --confirm
$ oc -n openshift import-image rh-sso-7/sso75-openshift-rhel8:7.5 --from=registry.redhat.io/rh-sso-7/sso75-openshift-rhel8:7.5 --confirmCopy to Clipboard Copied! Toggle word wrap Toggle overflow
2.2. Deploying the Red Hat Single Sign-On Image
2.2.1. Preparing for the deployment
Procedure
- Log in to the OpenShift CLI with a user that holds the cluster:admin role.
Create a new project:
oc new-project sso-app-demo
$ oc new-project sso-app-demoCopy to Clipboard Copied! Toggle word wrap Toggle overflow Add the
viewrole to thedefaultservice account. This enables the service account to view all the resources in the sso-app-demo namespace, which is necessary for managing the cluster.oc policy add-role-to-user view system:serviceaccount:$(oc project -q):default
$ oc policy add-role-to-user view system:serviceaccount:$(oc project -q):defaultCopy to Clipboard Copied! Toggle word wrap Toggle overflow
2.2.2. Deploying the Red Hat Single Sign-On Image using the application template
You can deploy the template using one of these interfaces:
2.2.2.1. Deploying the Template using OpenShift CLI
Prerequisites
- Perform the steps described in Using the Red Hat Single Sign-On for OpenShift Image Streams and application templates.
Procedure
List the available Red Hat Single Sign-On application templates:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Deploy the selected one:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
2.2.2.2. Deploying the Template using the OpenShift 3.x Web Console
Prerequisites
- Perform the steps described in Using the Red Hat Single Sign-On for OpenShift Image Streams and application templates.
Procedure
- Log in to the OpenShift web console and select the sso-app-demo project space.
- Click Add to Project, then Browse Catalog to list the default image streams and templates.
- Use the Filter by Keyword search bar to limit the list to those that match sso. You may need to click Middleware, then Integration to show the desired application template.
- Select an Red Hat Single Sign-On application template. This example uses Red Hat Single Sign-On 7.5 (Ephemeral).
- Click Next in the Information step.
- From the Add to Project drop-down menu, select the sso-app-demo project space. Then click Next.
- Select Do not bind at this time radio button in the Binding step. Click Create to continue.
- In the Results step, click the Continue to the project overview link to verify the status of the deployment.
2.2.2.3. Deploying the Template using the OpenShift 4.x Web Console
Prerequisites
- Perform the steps described in Using the Red Hat Single Sign-On for OpenShift Image Streams and application templates.
Procedure
- Log in to the OpenShift web console and select the sso-app-demo project space.
On the left sidebar, click the Administrator tab and then click </> Developer.
Click From Catalog.
Search for sso.
Choose a template such as Red Hat Single Sign-On 7.5 on OpenJDK (Ephemeral).
Click Instantiate Template.
- Adjust the template parameters if necessary and click Create.
Verify the Red Hat Single Sign-On for OpenShift image was deployed.
2.3. Accessing the Administrator Console of the Red Hat Single Sign-On Pod
Procedure
After the template is deployed, identify the available routes.
oc get routes NAME HOST/PORT sso sso-sso-app-demo.openshift.example.com
$ oc get routes NAME HOST/PORT sso sso-sso-app-demo.openshift.example.comCopy to Clipboard Copied! Toggle word wrap Toggle overflow Access the Red Hat Single Sign-On Admin Console.
https://sso-sso-app-demo.openshift.example.com/auth/admin
https://sso-sso-app-demo.openshift.example.com/auth/adminCopy to Clipboard Copied! Toggle word wrap Toggle overflow - Provide the login credentials for the administrator account.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}