-
Bug
-
Resolution: Duplicate
-
Critical
-
None
-
4.15.z
I created a hosted cluster with Azure OIDC following the doc https://docs.google.com/document/d/1jfgoSnuylJ-bKbKoZvn8t9A4ouo9Z2KwpMq0lTLvifg
Here is the test result:
# my Azure group $ az ad group list --filter "displayName eq 'heli-test'" --query "[].id" -o tsv 57d44446-d9d7-412c-a818-b4b6527d0483 # using hosted cluster kubeconfig $ kubectl auth whoami ATTRIBUTE VALUE Username heli@redhat.com Groups [eb2c53d7-f59b-4616-9519-59d3f4551e1a 302ba008-1788-4da2-ab6a-587a846a5e8c 57d44446-d9d7-412c-a818-b4b6527d0483 system:authenticated] # hostedcluster authentication spec spec: configuration: authentication: oauthMetadata: name: "" oidcProviders: - claimMappings: groups: claim: groups prefix: "" username: claim: email prefixPolicy: "" issuer: audiences: - 71b649a0-22cb-443d-9c32-34330cf9199d issuerCertificateAuthority: name: "" issuerURL: https://login.microsoftonline.com/6047c7e9-b2ad-488d-a54e-dc3f6be6a7ee/v2.0 name: microsoft-entra-id oidcClients: [] serviceAccountIssuer: "" type: OIDC featureGate: featureSet: TechPreviewNoUpgrade
There are 2 things here: # For the above config example, webhook could not be set when installing HO
- The payload is 4.15.0-0.nightly-2024-01-30-205726, the hostedcluster console CO has some issues. I also tested it using OCP 4.16 latest nightly payload and it has the same issue.
$ oc get co console
NAME VERSION AVAILABLE PROGRESSING DEGRADED SINCE MESSAGE
console 4.15.0-0.nightly-2024-01-30-205726 False False True 152m RouteHealthAvailable: failed to read CA to check route health: configmaps "trusted-ca-bundle" not found
$ och get co
NAME VERSION AVAILABLE PROGRESSING DEGRADED SINCE MESSAGE
console 4.15.0-0.nightly-2024-01-31-130653 False False False 2m18s RouteHealthAvailable: failed to read CA to check route health: configmaps "trusted-ca-bundle" not found
- relates to
-
HOSTEDCP-1374 Copy OIDC OAuth client secrets from Authentication config into hosted cluster
-
- Closed
-
