[jiezhao@cube hypershift]$ aws s3api create-bucket --acl public-read --create-bucket-configuration LocationConstraint=us-east-2 --region=us-east-2 --bucket jz-hypershift-oidc [jiezhao@cube hypershift]$ ./bin/hypershift install --oidc-storage-provider-s3-credentials=$HOME/.aws/credentials --oidc-storage-provider-s3-bucket-name=jz-hypershift-oidc --oidc-storage-provider-s3-region=us-east-2 [jiezhao@cube hypershift]$ ./bin/hypershift create cluster aws --name=jz-test --pull-secret=$HOME/pull-secret --aws-creds=$HOME/.aws/credentials --node-pool-replicas=3 --instance-type=m5.xlarge --base-domain=qe.devcluster.openshift.com --region=us-east-2 --release-image=registry.ci.openshift.org/ocp/release:4.12.0-0.nightly-2022-09-18-234318 [jiezhao@cube hypershift]$ oc get hostedcluster -n clusters NAME VERSION KUBECONFIG PROGRESS AVAILABLE PROGRESSING MESSAGE jz-test 4.12.0-0.nightly-2022-09-18-234318 jz-test-admin-kubeconfig Completed True False The hosted control plane is available [jiezhao@cube hypershift]$ oc get nodepool -n clusters NAME CLUSTER DESIRED NODES CURRENT NODES AUTOSCALING AUTOREPAIR VERSION UPDATINGVERSION UPDATINGCONFIG MESSAGE jz-test-us-east-2a jz-test 3 3 False False 4.12.0-0.nightly-2022-09-18-234318 [jiezhao@cube hypershift]$ oc get pods -n clusters-jz-test NAME READY STATUS RESTARTS AGE capi-provider-d598cf8bc-8tvc6 2/2 Running 0 11m catalog-operator-6596d97ddd-gg66q 2/2 Running 0 9m36s certified-operators-catalog-7b4df547d7-n5b9r 1/1 Running 0 9m37s cloud-network-config-controller-5fb7ccb496-mgk4g 3/3 Running 0 7m37s cluster-api-7c85c8555b-xfwh7 1/1 Running 0 11m cluster-autoscaler-7554db86b5-mmzcv 1/1 Running 0 11m cluster-image-registry-operator-5c4b9479bc-69vfj 3/3 Running 0 9m36s cluster-network-operator-5b9974879f-g58p7 1/1 Running 0 9m38s cluster-node-tuning-operator-58fbf97556-5hq2d 1/1 Running 0 9m38s cluster-policy-controller-75869f7c55-zl2jr 1/1 Running 0 9m39s cluster-version-operator-86bc64d7d8-jzlgs 1/1 Running 0 9m39s community-operators-catalog-79889d55cf-5dgj6 1/1 Running 0 9m37s control-plane-operator-866bfd59df-jdljf 2/2 Running 0 11m dns-operator-c64b45f4b-wkdhj 1/1 Running 0 9m38s etcd-0 1/1 Running 0 11m hosted-cluster-config-operator-744d5755fb-88x4l 1/1 Running 0 9m37s ignition-server-c8d994d5c-cn7j2 1/1 Running 0 10m ingress-operator-54d9f49459-t9df6 3/3 Running 0 9m37s konnectivity-agent-6fd8b897b5-g5p7w 1/1 Running 0 11m konnectivity-server-7bc4b4cb94-w7zst 1/1 Running 0 11m kube-apiserver-6d5f74f759-xw6p8 5/5 Running 0 11m kube-controller-manager-5db6b4d859-x7cjp 2/2 Running 0 4m29s kube-scheduler-5898d5695d-j8j8p 1/1 Running 0 10m machine-approver-b9c9c9df4-4vrb2 1/1 Running 0 11m multus-admission-controller-5878cfdfd4-kzgth 3/3 Running 0 7m32s oauth-openshift-94fdcddc7-4kx5n 2/2 Running 0 8m11s olm-operator-7c6b686c86-2cs8v 2/2 Running 0 9m36s openshift-apiserver-6c5c8dcc58-sd9gc 2/2 Running 0 4m29s openshift-controller-manager-c775b94b5-c4jfr 1/1 Running 0 9m39s openshift-oauth-apiserver-94c9cff9b-bsnhd 1/1 Running 0 9m39s ovnkube-master-0 6/6 Running 0 7m16s packageserver-7c68f9d86-5fvhf 2/2 Running 0 9m36s redhat-marketplace-catalog-b6d8cbfd9-sjw9c 1/1 Running 0 9m37s redhat-operators-catalog-7dc69ffd58-wcgsv 1/1 Running 0 9m37s [jiezhao@cube hypershift]$ ./bin/hypershift create kubeconfig > hostedcluster.kubeconfig [jiezhao@cube hypershift]$ oc get nodes --kubeconfig=hostedcluster.kubeconfig NAME STATUS ROLES AGE VERSION ip-10-0-134-220.us-east-2.compute.internal Ready worker 8m v1.24.0+07c9eb7 ip-10-0-142-153.us-east-2.compute.internal Ready worker 7m58s v1.24.0+07c9eb7 ip-10-0-142-23.us-east-2.compute.internal Ready worker 7m57s v1.24.0+07c9eb7 [jiezhao@cube hypershift]$ oc get co --kubeconfig=hostedcluster.kubeconfig NAME VERSION AVAILABLE PROGRESSING DEGRADED SINCE MESSAGE console 4.12.0-0.nightly-2022-09-18-234318 True False False 5m23s csi-snapshot-controller 4.12.0-0.nightly-2022-09-18-234318 True False False 5m36s dns 4.12.0-0.nightly-2022-09-18-234318 True False False 5m34s image-registry 4.12.0-0.nightly-2022-09-18-234318 True False False 5m21s ingress 4.12.0-0.nightly-2022-09-18-234318 True False False 5m6s insights 4.12.0-0.nightly-2022-09-18-234318 True False False 6m9s kube-apiserver 4.12.0-0.nightly-2022-09-18-234318 True False False 9m52s kube-controller-manager 4.12.0-0.nightly-2022-09-18-234318 True False False 9m52s kube-scheduler 4.12.0-0.nightly-2022-09-18-234318 True False False 9m52s kube-storage-version-migrator 4.12.0-0.nightly-2022-09-18-234318 True False False 5m36s monitoring 4.12.0-0.nightly-2022-09-18-234318 True False False 4m16s network 4.12.0-0.nightly-2022-09-18-234318 True False False 9m14s node-tuning 4.12.0-0.nightly-2022-09-18-234318 True False False 8m9s openshift-apiserver 4.12.0-0.nightly-2022-09-18-234318 True False False 9m52s openshift-controller-manager 4.12.0-0.nightly-2022-09-18-234318 True False False 9m52s openshift-samples 4.12.0-0.nightly-2022-09-18-234318 True False False 5m13s operator-lifecycle-manager 4.12.0-0.nightly-2022-09-18-234318 True False False 9m28s operator-lifecycle-manager-catalog 4.12.0-0.nightly-2022-09-18-234318 True False False 9m28s operator-lifecycle-manager-packageserver 4.12.0-0.nightly-2022-09-18-234318 True False False 9m52s service-ca 4.12.0-0.nightly-2022-09-18-234318 True False False 6m8s storage 4.12.0-0.nightly-2022-09-18-234318 True False False 5m22s [jiezhao@cube hypershift]$ htpasswd -c -b users.htpasswd user redhat Adding password for user user [jiezhao@cube hypershift]$ oc create secret generic htpass-secret --from-file=htpasswd=users.htpasswd -n clusters secret/htpass-secret created [jiezhao@cube hypershift]$ oc get hostedcluster -n clusters -o yaml > cluster.yaml [jiezhao@cube hypershift]$ vi cluster.yaml spec: configuration: oauth: identityProviders: - htpasswd: fileData: name: htpass-secret mappingMethod: claim name: my_htpasswd_provider type: HTPasswd secretRefs: - name: htpass-secret [jiezhao@cube hypershift]$ oc apply -f cluster.yaml [jiezhao@cube hypershift]$ oc get pods -n clusters-jz-test | grep oauth-openshift oauth-openshift-6d55c77587-cc5w8 2/2 Running 0 94s [jiezhao@cube hypershift]$ oc get pods oauth-openshift-6d55c77587-cc5w8 -n clusters-jz-test -o yaml volumes: - name: idp-secret-0-file-data secret: defaultMode: 420 secretName: htpass-secret [jiezhao@cube hypershift]$ oc get cm oauth-openshift -n clusters-jz-test -o yaml apiVersion: v1 data: config.yaml: | oauthConfig: alwaysShowProviderSelection: false assetPublicURL: "" grantConfig: method: deny serviceAccountMethod: prompt identityProviders: - challenge: true login: true mappingMethod: claim name: my_htpasswd_provider provider: apiVersion: osin.config.openshift.io/v1 file: /etc/oauth/idp/idp_secret_0_file-data/htpasswd kind: HTPasswdPasswordIdentityProvider [jiezhao@cube hypershift]$ export KUBECONFIG=hostedcluster.kubeconfig [jiezhao@cube hypershift]$ oc login -u user -p redhat Login successful. You don't have any projects. You can try to create a new project, by running oc new-project [jiezhao@cube hypershift]$ oc logout Logged "user" out on "https://a655a4d9cc77744d096bd7c6c94966dc-9c015be62b7ac4ad.elb.us-east-2.amazonaws.com:6443"