I am deploying a web application in Openshift cluster. I want to use Openshift authentication to login to the web application. But couldn't find documentation on how to use Openshift authentication for third party apps deployed in Openshift. Can anyone give some pointers here?
Here are two sites / repositories describing how to use the oauth-proxy as a sidecar container:
https://linuxera.org/oauth-proxy-secure-applications-openshift/
https://github.com/openshift/oauth-proxy/#using-this-proxy-with-openshift
The gist of it is that you'll need to add the openshift/oauth-proxy container to your Deployment as a sidecar and route your traffic through this additional container:
apiVersion: apps/v1
kind: Deployment
[..]
spec:
[..]
template:
spec:
containers:
- <YOUR_APPLICATION_CONTAINER>
- name: oauth-proxy
args:
- -provider=openshift
- -https-address=:8888
- -http-address=
- -email-domain=*
- -upstream=http://localhost:8080
- -tls-cert=/etc/tls/private/tls.crt
- -tls-key=/etc/tls/private/tls.key
- -client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token
- -cookie-secret-file=/etc/proxy/secrets/session_secret
- -openshift-service-account=reversewords
- -openshift-ca=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
- -skip-auth-regex=^/metrics
image: quay.io/openshift/oauth-proxy:4.6
ports:
- name: oauth-proxy
containerPort: 8888
protocol: TCP
You can find full examples in the linked repository or the linked tutorial.