Fabric8 2.x and Openshift V3 explanation

32 views
Skip to first unread message

David Laratta

unread,
Jun 21, 2016, 3:00:24 PM6/21/16
to fabric8

Hello,

 

I’ve been researching PKI Enablement of Fabric8 console for the past few days. Most of the resources that I’ve came across mention fabric8 with Openshift. I wanted to ask you, if you can please explain how these two work together. I’m still very confused by what I’m reading. Does fabric8 extend openshift? Or does fabric8 override openshift, when it is installed on top of it? I ask this, because on a Openshift V3 console that I was provided with Fabric8 2.x on it the /workspaces/default/namespace/default/pods/fabric8-wwliz displays OAuth (Below) and I’m trying to use OAuth with Fabric8 to authorize a client certificate.

 

        - name: GOOGLE_OAUTH_SCOPE

          value: profile

        - name: OAUTH_AUTHORIZE_PORT

          value: '8443'

        - name: GOOGLE_OAUTH_CLIENT_ID

        - name: OAUTH_AUTHORIZE_URI

          value: 'https://:8443/oauth/authorize' //removed this value

        - name: GOOGLE_OAUTH_AUTHENTICATION_URI

          value: 'https://accounts.google.com/o/oauth2/auth'

        - name: GOOGLE_OAUTH_CLIENT_SECRET

        - name: OAUTH_CLIENT_ID

          value: fabric8

        - name: OAUTH_PROVIDER

          value: openshift

        - name: GOOGLE_OAUTH_REDIRECT_URI

          value: ' ' //removed this value

        - name: GOOGLE_OAUTH_TOKEN_URL

          value: 'https://www.googleapis.com/oauth2/v3/token'

 

Thanks!  

James Strachan

unread,
Jun 21, 2016, 3:12:13 PM6/21/16
to David Laratta, fabric8
So fabric8 runs on top of Kubernetes or OpenShift V3. In Kubernetes terms, Fabric8 is a collection of microservices which run on top of Kubernetes.

FWIW Kubernetes tends to use HTTP Basic Auth to login via the web console. OpenShift tends to use OAuth.

Could you describe a bit more about how you're trying to use OAuth, Fabric8 and a client certificate so I can answer more clearly? It depends on what you're doing; e.g. using the web console from a browser versus implementing a docker container that runs inside Kubernetes/OpenShift versus using the CLI etc.
 

--
You received this message because you are subscribed to the Google Groups "fabric8" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fabric8+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.



--
James
-------
Red Hat

Twitter: @jstrachan
Email: james.s...@gmail.com
Blog: https://medium.com/@jstrachan/

open source microservices platform

David Laratta

unread,
Jun 21, 2016, 3:36:43 PM6/21/16
to James Strachan, fabric8
Hello James,

So I apologize, I'm brand new with working with Fabric8. So my goal is to use OpenAM to authenticate a client certificate and then use RequestHeaderIdentityProvider or some other method to access the HTTP header which would contain the client certificate. I would then use OAuth to authorize the user so that they can use our Fabric8 console. We will be using Fabric8 2.2.130 and Openshift v3. From what it seems, if we can figure out a way for PKI Enablement of OpenShift then we can solve it for Fabric8, since Fabric8 runs on top of OpenShift. 

Thanks
--
David S Laratta
Software Engineer, Northrop Grumman IS
U10 Girls Soccer Coach, VE Summit
lara...@gmail.com
240-678-8862
Reply all
Reply to author
Forward
0 new messages