-
Task
-
Resolution: Done
-
Undefined
-
ACM 2.10.0
-
False
-
None
-
False
-
-
-
None
It is now possible to specify HTTP headers and/or query string parameters to the assisted-image-service, for the purpose of basic authentication.
This is performed by creating a secret to contain the headers and query string parameters and then referencing this in the field `OSImageAdditionalParamsRef`
Create an informative issue (See each section, incomplete templates/issues won't be triaged)
Using the current documentation as a model, please complete the issue template.
Note: Doc team updates the current version and the two previous versions (n-2). For earlier versions, we will address only high-priority, customer-reported issues for releases in support.
Prerequisite: Start with what we have
Always look at the current documentation to describe the change that is needed. Use the source or portal link for Step 4:
- Use the Customer Portal: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes
- Use the GitHub link to find the staged docs in the repository: https://github.com/stolostron/rhacm-docs
Describe the changes in the doc and link to your dev story
Provide info for the following steps:
1. - [x] Mandatory Add the required version to the Fix version/s field.
2. - [x] Mandatory Choose the type of documentation change.
- [x] New topic in an existing section or new section
- [ ] Update to an existing topic
3. - [x] Mandatory for GA content:
- [x] Add steps and/or other important conceptual information here:
The user will install the infrastructure operator on their cluster. This guide assumes that this is installed.
The user will write the key/value pairs representing the headers and query parameters they want to send with every request for an OS image from the image service.
Like so...
Create one file, simply called "headers", content should follow the format shown below.
{ "header1": "header1value", "header2": "header2value", }
Create one file, simply called "query_params", content should follow the format shown below.
{ "param1": "value1", "param2": "value2", }
Create a secret from these files, note that you may exclude one of either file if you don't need either headers or query parameters. But at least one file must be added to the secret.
oc create secret generic -n multicluster-engine os-images-http-auth --from-file=./query_params --from-file=./headers
Once the Secret has been created, the user is expected to add a reference to the certificate to their `AgentServiceConfig` as can be seen below.
apiVersion: agent-install.openshift.io/v1beta1 kind: AgentServiceConfig metadata: name: agent spec: OSImageAdditionalParamsRef: name: os-images-http-auth osImages: - openshiftVersion: "4.14" version: "414.92.202310170514-0" url: "https://my-image-server/rhcos-4.14.0-rc.0-x86_64-live.x86_64.iso" cpuArchitecture: "x86_64" - openshiftVersion: "4.15" version: "414.92.202310170514-0" url: "https://my-image-server/rhcos-4.15.0-rc.0-x86_64-live.x86_64.iso" cpuArchitecture: "x86_64" ... ...
The infrastructure operator should then proceed to bring up the assisted-service, assisted-image-service and so on, these should launch without error, provided that the headers and query parameters provided are sufficient to pass any authentication.
- [x] Add Required access level for the user to complete the task here:
The user is expected to have permissions to create an installation of the infrastructure operator using AgentServiceConfig.
For verification, the user should have access to OC and be able to fully list and view objects in the same namespace as the infrastructure operator.
- [x] Add verification at the end of the task, how does the user verify success (a command to run or a result to see?)
The user should make a call to OC, where `multicluster-engine` should be substituted for the namespace in which the infrastructure operator is installed.
```
oc get pods -n multicluster-engine
```
They should see that the assisted-service, assisted-image-service are correctly brought up and running.
Especially checking the logs of the assisted-image-service, they should witness that there are no reported errors and that after some time (to download necessary ISO's) that all ISO's should be downloaded.
- [x] Add link to dev story here:
4. - [x] Mandatory for bugs: What is the diff? Clearly define what the problem is, what the change is, and link to the current documentation:
This is not a bug but is a new feature.
The documentation should go here:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.9/html/clusters/cluster_mce_overview#enab[…]ected In step 2, "Create the AgentServiceConfig..."
Regarding what needs to be added - Paul Maidment, please answer.
- duplicates
-
ACM-9888 New feature: Add authentication for osImages content (no info, yet, will not make GA)
- Closed