Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactor oauth configuration #316

Merged
merged 4 commits into from
Nov 14, 2023
Merged

Refactor oauth configuration #316

merged 4 commits into from
Nov 14, 2023

Conversation

larsks
Copy link
Member

@larsks larsks commented Nov 9, 2023

We're using a similar oauth configuration on all of our clusters (typically
consisting of one or both of GitHub and the NERC Keycloak instance). This
commits factors out the oauth configuration into a set of common components
so that instead of replicating the same configuration in multiple overlays,
we can include one or more reusable components.

E.g., for a cluster that only needs keycloak authentication:

components:
  - ../../components/nerc-oauth-keycloak

Or for a cluster that wants both keycloak and GitHub:

components:
  - ../../components/nerc-oauth-keycloak
  - ../../components/nerc-oauth-github

In either case, the overlay would apply the necessary patches to override
things like client ids, secret names, etc.

larsks added 4 commits November 9, 2023 13:10
@larsks
Refactor oauth configuration
6b3b09e 
We're using a similar oauth configuration on all of our clusters (typically
consisting of one or both of GitHub and the NERC Keycloak instance). This
commits factors out the oauth configuration into a set of common components
so that instead of replicating the same configuration in multiple overlays,
we can include one or more reusable components.

E.g., for a cluster that only needs keycloak authentication:

    components:
      - ../../components/nerc-oauth-keycloak

Or for a cluster that wants both keycloak and GitHub:

    components:
      - ../../components/nerc-oauth-keycloak
      - ../../components/nerc-oauth-github

In either case, the overlay would apply the necessary patches to override
things like client ids, secret names, etc.
@larsks
Use new oauth config in nerc-ocp-prod
8a0d5fb
@larsks
Use new oauth config in nerc-ocp-infra
70bfd1a
@larsks
Use new oauth config on nerc-ocp-test
48ea04b
@larsks larsks self-assigned this Nov 9, 2023
knikolla
knikolla approved these changes Nov 9, 2023
View reviewed changes
Copy link
Contributor

@knikolla knikolla left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like this, thanks Lars!

@larsks larsks requested a review from schwesig November 14, 2023 16:21
@larsks larsks merged commit 7e7e069 into OCP-on-NERC:main Nov 14, 2023
schwesig
schwesig reviewed Nov 14, 2023
View reviewed changes
Copy link
Contributor

@schwesig schwesig left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/approve

@schwesig schwesig mentioned this pull request Jan 25, 2024
Merged
schwesig added a commit to schwesig/OCP-on-NERC_nerc-ocp-config that referenced this pull request Jan 26, 2024
@schwesig
Add clusterroles rbac to obs cluster and clean-up
c323f36 
- affects obs-cluster
- add clusterroles rbac
- streamline: remove redundant github-client-secret.yaml (follow OCP-on-NERC#316)
- adjust kustomization.yaml to that
- cleanup: remove oauths-clientsecret-nerc, keycloak.mss not needed
  (yet)

fixes nerc-project/operations#308

Signed-off-by: ​/Thor(sten)?/ Schwesig <[email protected]>
schwesig added a commit to schwesig/OCP-on-NERC_nerc-ocp-config that referenced this pull request Jan 26, 2024
@schwesig
Add clusterroles rbac to obs cluster and clean-up
29abd63 
- affects obs-cluster
- add clusterroles rbac
- streamline: remove redundant github-client-secret.yaml (follow OCP-on-NERC#316)
- adjust kustomization.yaml to that
- cleanup: remove oauths-clientsecret-nerc, keycloak.mss not needed
  (yet)
-adjust rook-ceph-external-cluster to fit to changes in OCP-on-NERC#348

fixes nerc-project/operations#308

Signed-off-by: ​/Thor(sten)?/ Schwesig <[email protected]>
schwesig added a commit to schwesig/OCP-on-NERC_nerc-ocp-config that referenced this pull request Jan 26, 2024
@schwesig
Add clusterroles rbac to obs cluster and clean-up
b14874d 
- affects obs-cluster
- add clusterroles rbac
- streamline: remove redundant github-client-secret.yaml (follow OCP-on-NERC#316)
- adjust kustomization.yaml to that
- cleanup: remove oauths-clientsecret-nerc, keycloak.mss not needed
  (yet)
-adjust rook-ceph-external-cluster to fit to changes in OCP-on-NERC#348

fixes nerc-project/operations#308

Signed-off-by: ​/Thor(sten)?/ Schwesig <[email protected]>
schwesig added a commit to schwesig/OCP-on-NERC_nerc-ocp-config that referenced this pull request Jan 26, 2024
@schwesig
Add clusterroles rbac to obs cluster and clean-up
4c2e446 
- affects obs-cluster
- add clusterroles rbac
- streamline: remove redundant github-client-secret.yaml (follow OCP-on-NERC#316)
- adjust kustomization.yaml to that
- cleanup: remove oauths-clientsecret-nerc, keycloak.mss not needed
  (yet)
-adjust rook-ceph-external-cluster to fit to match changes in OCP-on-NERC#348

fixes nerc-project/operations#308

Signed-off-by: ​/Thor(sten)?/ Schwesig <[email protected]>
schwesig pushed a commit to schwesig/OCP-on-NERC_nerc-ocp-config that referenced this pull request Jan 26, 2024
@bnshr @schwesig
Add clusterroles rbac to obs cluster and clean-up
895cc8d 
- affects obs-cluster
- add clusterroles rbac
- streamline: remove redundant github-client-secret.yaml (follow OCP-on-NERC#316)
- adjust kustomization.yaml to that
- cleanup: remove oauths-clientsecret-nerc, keycloak.mss not needed
  (yet)
-adjust rook-ceph-external-cluster to fit to match changes in OCP-on-NERC#348

fixes nerc-project/operations#308

Signed-off-by: ​/Thor(sten)?/ Schwesig <[email protected]>
schwesig added a commit to schwesig/OCP-on-NERC_nerc-ocp-config that referenced this pull request Jan 26, 2024
@schwesig
Add clusterroles rbac to obs cluster and clean-up
90ab74d 
- affects obs-cluster
- add clusterroles rbac
- streamline: remove redundant github-client-secret.yaml (follow OCP-on-NERC#316)
- adjust kustomization.yaml to that
- cleanup: remove oauths-clientsecret-nerc, keycloak.mss not needed
  (yet)
-adjust rook-ceph-external-cluster to fit to match changes in OCP-on-NERC#348

fixes nerc-project/operations#308

Signed-off-by: ​/Thor(sten)?/ Schwesig <[email protected]>
schwesig added a commit to schwesig/OCP-on-NERC_nerc-ocp-config that referenced this pull request Jan 29, 2024
@schwesig
Add clusterroles rbac to obs cluster and clean-up
79f2d32 
- affects obs-cluster
- add clusterroles rbac
- streamline: remove redundant github-client-secret.yaml (follow OCP-on-NERC#316)
- adjust kustomization.yaml to that
- cleanup: remove oauths-clientsecret-nerc, keycloak.mss not needed
  (yet)
-adjust rook-ceph-external-cluster to fit to match changes in OCP-on-NERC#348

fixes nerc-project/operations#308

Signed-off-by: ​/Thor(sten)?/ Schwesig <[email protected]>
schwesig added a commit that referenced this pull request Jan 30, 2024
@schwesig
Add clusterroles rbac to obs cluster and clean-up (#351)
6ff4d58 
- affects obs-cluster
- add clusterroles rbac
- streamline: remove redundant github-client-secret.yaml (follow #316)
- adjust kustomization.yaml to that
- cleanup: remove oauths-clientsecret-nerc, keycloak.mss not needed
  (yet)
-adjust rook-ceph-external-cluster to fit to match changes in #348

fixes nerc-project/operations#308

Signed-off-by: ​/Thor(sten)?/ Schwesig <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@schwesig schwesig schwesig left review comments

@knikolla knikolla knikolla approved these changes

@naved001 naved001 naved001 approved these changes

@dystewart dystewart dystewart approved these changes

@jtriley jtriley Awaiting requested review from jtriley

Assignees

@larsks larsks

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@larsks @knikolla @naved001 @dystewart @schwesig