13.3.2. 为 OpenShift Container Platform OAuth 服务器创建额外的路由
当使用 Red Hat Advanced Cluster Security for Kubernetes 门户将 OpenShift Container Platform OAuth 服务器配置为身份提供程序时,RHACS 仅为 OAuth 服务器配置一个路由。但是,您可以通过在 Central 自定义资源中将路由指定为注解来创建其他路由。
流程
如果您使用 RHACS Operator 安装 RHACS:
创建一个
CENTRAL_ADDITIONAL_ROUTES环境变量,其中包含中央自定义资源的补丁:$ CENTRAL_ADDITIONAL_ROUTES=' spec: central: exposure: loadBalancer: enabled: false port: 443 nodePort: enabled: false route: enabled: true persistence: persistentVolumeClaim: claimName: stackrox-db customize: annotations: serviceaccounts.openshift.io/oauth-redirecturi.main: sso/providers/openshift/callback 1 serviceaccounts.openshift.io/oauth-redirectreference.main: "{\"kind\":\"OAuthRedirectReference\",\"apiVersion\":\"v1\",\"reference\":{\"kind\":\"Route\",\"name\":\"central\"}}" 2 serviceaccounts.openshift.io/oauth-redirecturi.second: sso/providers/openshift/callback 3 serviceaccounts.openshift.io/oauth-redirectreference.second: "{\"kind\":\"OAuthRedirectReference\",\"apiVersion\":\"v1\",\"reference\":{\"kind\":\"Route\",\"name\":\"second-central\"}}" 4 '将
CENTRAL_ADDITIONAL_ROUTES补丁应用到中央自定义资源:$ oc patch centrals.platform.stackrox.io \ -n <namespace> \ 1 <custom-resource> \ 2 --patch "$CENTRAL_ADDITIONAL_ROUTES" \ --type=merge
或者,如果使用 Helm 安装 RHACS:
在
values-public.yaml文件中添加以下注解:customize: central: annotations: serviceaccounts.openshift.io/oauth-redirecturi.main: sso/providers/openshift/callback 1 serviceaccounts.openshift.io/oauth-redirectreference.main: "{\"kind\":\"OAuthRedirectReference\",\"apiVersion\":\"v1\",\"reference\":{\"kind\":\"Route\",\"name\":\"central\"}}" 2 serviceaccounts.openshift.io/oauth-redirecturi.second: sso/providers/openshift/callback 3 serviceaccounts.openshift.io/oauth-redirectreference.second: "{\"kind\":\"OAuthRedirectReference\",\"apiVersion\":\"v1\",\"reference\":{\"kind\":\"Route\",\"name\":\"second-central\"}}" 4使用
helm upgrade将自定义注解应用到中央自定义资源:$ helm upgrade -n stackrox \ stackrox-central-services rhacs/central-services \ -f <path_to_values_public.yaml> 1- 1
- 使用
-f选项指定values-public.yaml配置文件的路径。