Introduction
Implementing HTPasswd Authentication In OpenShift is a straightforward way to manage user access and enhance cluster security. This guide will walk you through setting up HTPasswd authentication, allowing you to control who can access your OpenShift cluster. It’s an essential step for maintaining the integrity and confidentiality of your deployments.
In case you want to configure other methods of authentication like Active Directory it’s also possible with our post about Configuring Active Directory as OpenShift Identity Provider
Procedure
The procedure will use the HTPasswd file mechanism, given to us from Apache, to manage in a simple way, users and passwords in OpenShift. The HTPasswd is used as a backend authentication ‘database’ just like LDAP or Active Directory server would have been used. This is the simplest way to provide such a mechanism to OpenShift as it requires no additional systems to be connected to the environment.
Preqreuisites
Install tools for creating HTPasswd if not installed yet:
$ yum install httpd-toolsCreate the directory where we will host the htpasswd file:
$ mkdir -p /opt/octopus/ocp/authCreate the HTPasswd authentication file
Create the htpasswd file to save the user.
$ htpasswd -bBc /opt/octopus/ocp/auth/htpasswd_users root octopusNow, let’s load it as a secret to the cluster:
$ oc create secret generic htpasswd_users --from-file=htpasswd=/opt/octopus/ocp/auth/htpasswd_users -n openshift-configApply the OpenShift configuration to OAuth Object
Add the configuration to OpenShift OAuth object:
htpasswd_oauth.yaml
apiVersion: config.openshift.io/v1
kind: OAuth
metadata:
name: cluster
spec:
identityProviders:
- name: my_htpasswd_provider
challenge: true
login: true
mappingMethod: claim
type: HTPasswd
htpasswd:
fileData:
name: htpasswd_usersApplying the configuration:
$ oc apply -f htpasswd_oauth.yamlAdding users to existing environment
If you’d like to add users to this existing configuration. Do the following:
Retrieve the HTPasswd file from the htpasswd_users secret and save it to your filesystem:
$ oc get secret htpasswd_users -ojsonpath={.data.htpasswd} -n openshift-config | base64 --decode > `date +%Y%m%d`_htpasswd_usersAdd users to the file.
$ htpasswd -bB `date +%Y%m%d`_htpasswd_users user1 pass1Update the secret on OpenShift:
$ oc create secret generic htpasswd_users --from-file=htpasswd=`date +%Y%m%d`_htpasswd_users --dry-run=client -o yaml -n openshift-config | oc replace -n openshift-config -f -Summary
Octopus Computer Solutions is committed to upgrading the security of your OpenShift infrastructure through any authentication mechanisms. By embracing open-source solutions like htpasswd Authentication In OpenShift, we provide you with even the simplest tools necessary for securing access to your applications. Our focus on authentication and security underscores the value we deliver, ensuring your infrastructure is both secure and compliant.
