7.5. 创建 OpenID 连接配置

在 AWS 集群上创建 Red Hat OpenShift Service 时，您可以在创建集群前创建 OpenID Connect (OIDC)配置。此配置注册到 OpenShift Cluster Manager。

先决条件

您已完成 Red Hat OpenShift Service on AWS 的 AWS 先决条件。
您已在安装主机上安装和配置了最新的 ROSA CLI rosa。

流程

要创建 OIDC 配置以及 AWS 资源，请运行以下命令：

rosa create oidc-config --mode=auto --yes

$ rosa create oidc-config --mode=auto --yes

Copy to Clipboard

Toggle word wrap

此命令返回以下信息：

输出示例

? Would you like to create a Managed (Red Hat hosted) OIDC Configuration Yes
I: Setting up managed OIDC configuration
I: To create Operator Roles for this OIDC Configuration, run the following command and remember to replace <user-defined> with a prefix of your choice:
	rosa create operator-roles --prefix <user-defined> --oidc-config-id 13cdr6b
If you are going to create a Hosted Control Plane cluster please include '--hosted-cp'
I: Creating OIDC provider using 'arn:aws:iam::4540112244:user/userName'
? Create the OIDC provider? Yes
I: Created OIDC provider with ARN 'arn:aws:iam::4540112244:oidc-provider/dvbwgdztaeq9o.cloudfront.net/13cdr6b'

? Would you like to create a Managed (Red Hat hosted) OIDC Configuration Yes
I: Setting up managed OIDC configuration
I: To create Operator Roles for this OIDC Configuration, run the following command and remember to replace <user-defined> with a prefix of your choice:
	rosa create operator-roles --prefix <user-defined> --oidc-config-id 13cdr6b
If you are going to create a Hosted Control Plane cluster please include '--hosted-cp'
I: Creating OIDC provider using 'arn:aws:iam::4540112244:user/userName'
? Create the OIDC provider? Yes
I: Created OIDC provider with ARN 'arn:aws:iam::4540112244:oidc-provider/dvbwgdztaeq9o.cloudfront.net/13cdr6b'

Copy to Clipboard

Toggle word wrap

在创建集群时，您必须提供 OIDC 配置 ID。CLI 输出为-- mode auto 提供了此值，否则您必须根据 aws CLI 输出用于- 模式手动 确定这些值。

可选：您可以将 OIDC 配置 ID 保存为稍后使用的变量。运行以下命令来保存变量：
```
export OIDC_ID=<oidc_config_id>
```
```
$ export OIDC_ID=<oidc_config_id>
```
1
Copy to Clipboard Toggle word wrap
1
在上面的示例输出中，OIDC 配置 ID 是 13cdr6b。
- 运行以下命令，查看变量的值：
  $ echo $OIDC_ID
  Copy to Clipboard Toggle word wrap
  输出示例
  13cdr6b
  
  Copy to Clipboard Toggle word wrap

验证

您可以列出与您的用户机构关联的集群可用的 OIDC 配置。运行以下命令:

rosa list oidc-config

$ rosa list oidc-config

Copy to Clipboard

Toggle word wrap

输出示例

ID                                MANAGED  ISSUER URL                                                             SECRET ARN
2330dbs0n8m3chkkr25gkkcd8pnj3lk2  true     https://dvbwgdztaeq9o.cloudfront.net/2330dbs0n8m3chkkr25gkkcd8pnj3lk2
233hvnrjoqu14jltk6lhbhf2tj11f8un  false    https://oidc-r7u1.s3.us-east-1.amazonaws.com                           aws:secretsmanager:us-east-1:242819244:secret:rosa-private-key-oidc-r7u1-tM3MDN

ID                                MANAGED  ISSUER URL                                                             SECRET ARN
2330dbs0n8m3chkkr25gkkcd8pnj3lk2  true     https://dvbwgdztaeq9o.cloudfront.net/2330dbs0n8m3chkkr25gkkcd8pnj3lk2
233hvnrjoqu14jltk6lhbhf2tj11f8un  false    https://oidc-r7u1.s3.us-east-1.amazonaws.com                           aws:secretsmanager:us-east-1:242819244:secret:rosa-private-key-oidc-r7u1-tM3MDN

Copy to Clipboard

Toggle word wrap

返回顶部

7.5. 创建 OpenID 连接配置

学习

尝试、购买和销售

社区

关于红帽文档

让开源更具包容性

關於紅帽

Theme

Red Hat legal and privacy links

Red Hat legal and privacy links