Check out what's in the latest release of Kabanero Learn More

Configuring Kabanero with Red Hat Single Sign On (RH-SSO)

After Kabanero is installed, the product operator can optionally create an instance of Red Hat Single Sign On (RHSSO) for development use. To create the RHSSO instance, create the required secret and the persistent volume and then edit the Kabanero custom resource (CR).

  1. Create a persistent volume (PV) of size 1 GB. The type of storage used might vary depending on the environment where OpenShift is installed. Some types of persistent volumes, such as NFS require that you set up an NFS server in your cluster first.

    1. In your OCP console, in the kabanero project namespace, click Storage → Persistent Volumes → Create Persistent Volume. Edit the yaml as needed for your cluster’s storage configuration. Here is an example using NFS:

      apiVersion: v1
      kind: PersistentVolume
      metadata:
        name: sso-pv
      spec:
        accessModes:
        - ReadWriteOnce
        capacity:
          storage: 1Gi
        nfs:
          path: /root/persistentvolumes
          server: 10.26.1.100
        persistentVolumeReclaimPolicy: Retain
        volumeMode: Filesystem

      Note: Other components may also require a persistent volume. Run oc -n kabanero get pv and check that the PV remains available. If some other component binds to it (status is BOUND), create another PV, or disable the other component if it is not being used.

  2. Create a secret.

    1. In your OCP console, in the kabanero project namespace, click Workloads → Secrets → Create and create a key/value secret.

    2. Secret Name can be: rhsso-secret (Make a note of the name that you use for updating the Kabanero CR later.)

    3. Add three key-value pairs to the secret. (Select add Key/Value to add the other pairs after the first pair.)

      1. Key: username Value: The administrator username for RHSSO, for example myadminid.

      2. Key: password Value: The administrator password for RHSSO, for example myadminpassword.

      3. Key: realm Value: The security realm name for RHSSO to use, for example testing_realm.

  3. Click Create

  4. Edit the Kabanero CR, under sso:

    1. set enable to true

    2. set adminSecretName to rhsso-secret

    3. click Save

      Note: Avoid using the OpenShift Console to edit the Kabanero CR instance. The console may change the apiVersion of the Kabanero CR instance from v1alpha2 to v1alpha1. There is a description of the issue here.

  5. The URL to the RHSSO console can be found in the OCP console, in the kabanero project namespace, under networking, in the sso route. Use the values that were supplied in the secret for username and password to login in to the RHSSO console.

Edit This Page