Use SyncIdentityProvider
and SelectorSyncIdentityProvider
objects to manage cluster authentication for hive-managed clusters. You use these objects to share your identity providers among all valid clusters.
Like SyncSets
and SelectorSyncSets
, you use a SyncIdentityProvider
to manage identity providers in clusters that are in the same namespace as the SyncIdentityProvider
object. To manage identity providers in clusters that match a specific label, use a SelectorSyncIdentityProvider
.
A SyncIdentityProvider
contains a list of identityProviders
to apply to specific clusters in that namespace. When you apply the SyncIdentityProvider
, a SyncSet
is generated for each IdentityProvider
that contains a patch that modifies the cluster oauth
object.
---
apiVersion: hive.openshift.io/v1alpha1
kind: SyncIdentityProvider
metadata:
name: allowall-identity-provider
spec:
identityProviders:
- name: my_allow_provider
challenge: true
login: true
mappingMethod: claim
type: AllowAllPasswordIdentityProvider
clusterDeploymentRefs:
- name: "MyCluster"
Field | Usage |
---|---|
identityProviders |
List of identity providers to be used for matching clusters. |
clusterDeploymentRefs |
List of ClusterDeployment names in the current namespace which the SyncIdentityProvider will apply to. |
SelectorSyncIdentityProvider
functions identically to SyncIdentityProvider
but is applied to clusters matching clusterDeploymentSelector
in any namespace.
---
apiVersion: hive.openshift.io/v1alpha1
kind: SelectorSyncIdentityProvider
metadata:
name: allowall-identity-provider
spec:
identityProviders:
- name: my_allow_provider
challenge: true
login: true
mappingMethod: claim
type: AllowAllPasswordIdentityProvider
clusterDeploymentSelector:
cluster-group: abutcher
Field | Usage |
---|---|
clusterDeploymentSelector |
A key/value label pair which selects matching ClusterDeployments in any namespace. |