Contents x
    Onboarding OpenShift ROSA
      • Print
      • PDF
      Contents

      Onboarding OpenShift ROSA

        • Print
        • PDF
        Article summary

        This article describes the steps involved in onboarding an OpenShift ROSA to Britive. 

        Britive configuration

        1. Login to Britive with administrator privileges.
        2. Click Admin -> Application and Access Profile Management.
        3. From the Tenant Applications page, click on CREATE APPLICATION.
        4. On the Add Application page, click the Add (+) sign inline to the OpenShift application.
        5. In the Application tab, enter the following values:
          1. Enter the Name for the application instance.
          2. Enter the Description, if required.
        6. Click NEXT. The Settings tab is displayed.

        7. Profile Settings: Configure the maximum session duration for profiles. You can select the duration between 15 minutes to 7 calendar days. This allows to setup expiration duration for each profile while creating/updating the profile up to this configured value. If existing profiles are created with more than 12 hours and the above setting is changed, then it cannot be lowered until all profiles are updated with a lower expiration duration.

        8. Click SAVE.
        9. Click the CREATE ENTITY button.
        10. Enter the following details in the Create Environment/Environment Group page:
          1. Select Environment in the Entity Type.
          2. Enter Entity Name.
          3. Enter Entity Description.
          4. Click SAVE.
        11. On the Settings tab, Britive automatically creates OIDC attributes to use when setting up the federation trust with the OpenShift cluster. You need to add these attributes to the cluster in the following steps when creating an IdP.

        Cluster configuration 

        1. Login into the ROSA CLI as an administrator. 
        2. Gather all the attributes provided by Britive when setting up a new cluster under the OpenShift application.
        3. Populate the following command with the right variables to set up the cluster. The following command will kick off an interactive IdP creation process. The client secret must be generated and provided by you, Britive will not generate this automatically.
          Shell
          rosa create idp --cluster=${CLUSTER_NAME} \
  --name=britive \
  --type=openid \
  --mapping-method=claim

        4. The mappings must be provided for the connection to work appropriately. You can use the following mappings when setting up the IdP:
          1. Email: sub
          2. Name: name
          3. Preferred username: sub
          4. Groups: groups
          5. Extra scopes: profile
        5. Copy the console login URL and the idP name from the output and enter it in Britive’s cluster configuration.
        Was this article helpful?
        What's Next

        © 2024 Britive Inc. All Rights Reserved.