8.3. Disabling direct authentication


If necessary, you can disable direct authentication for your cluster and revert back to authenticating with the built-in OpenShift OAuth server.

Prerequisites

  • You have access to the kubeconfig file generated by the installation program for the cluster.

Procedure

  1. Ensure that you are using the kubeconfig file generated by the installation program, or another long-lived method of logging in as a cluster administrator.
  2. Update the authentication configuration to use the built-in OpenShift OAuth server by running the following command:

    $ oc patch authentication.config/cluster --type=merge -p='
    spec:
      type: "" 
    1
    
      oidcProviders: null 
    2
    
    '
    1
    Sets type to "" to use the built-in OpenShift OAuth server. A value of IntegratedOAuth is also equivalent.
    2
    Removes the oidcProviders configuration.
  3. Wait for the cluster to roll out new revisions to all nodes.

    1. Check the Kubernetes API server Operator status by running the following command:

      $ oc get co kube-apiserver

      Example output

      NAME             VERSION   AVAILABLE   PROGRESSING   DEGRADED   SINCE   MESSAGE
      kube-apiserver   4.21.0    True        True          False      85m     NodeInstallerProgressing: 2 node are at revision 12; 1 node is at revision 14

      The message in the preceding example shows that one node has progressed to the new revision and two nodes have not yet updated. It can take 20 minutes or more to roll out the new revision to all nodes, depending on the size of your cluster.

    2. To troubleshoot any issues, you can also check the Cluster Authentication Operator and kube-apiserver pod logs for errors.
  4. If necessary, restore any existing authentication configuration.

Verification

  • Verify that you can successfully log in to the OpenShift Container Platform web console and OpenShift CLI (oc).
Red Hat logoGithubredditYoutubeTwitter

学习

尝试、购买和销售

社区

關於紅帽

我们提供强化的解决方案,使企业能够更轻松地跨平台和环境(从核心数据中心到网络边缘)工作。

让开源更具包容性

红帽致力于替换我们的代码、文档和 Web 属性中存在问题的语言。欲了解更多详情,请参阅红帽博客.

关于红帽文档

Legal Notice

Theme

© 2026 Red Hat
返回顶部