[KEYCLOAK-13591] [openshift] Refresh (up2date) various currently invalid (HTTP 404) links
Some of OpenShift's guide links got invalidated (HTTP 404 Not Found) after the redesign of the official OCP documentation from v3.x to v4.x. Point them back to proper locations Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
This commit is contained in:
Jan Lieskovsky
Hynek Mlnařík
parent
ee6c7910c6
commit
abcd7c7237
7 changed files with 36 additions and 19 deletions
|
|
@ -13,7 +13,7 @@ Log in to the OpenShift CLI with a user that holds the _cluster:admin_ role.
|
|||
----
|
||||
$ oc new-project sso-app-demo
|
||||
----
|
||||
. Add the `view` role to the link:https://docs.openshift.com/container-platform/latest/dev_guide/service_accounts.html#default-service-accounts-and-roles[`default`] service account. This enables the service account to view all the resources in the sso-app-demo namespace, which is necessary for managing the cluster.
|
||||
. Add the `view` role to the link:{ocpdocs_default_service_accounts_link}[`default`] service account. This enables the service account to view all the resources in the sso-app-demo namespace, which is necessary for managing the cluster.
|
||||
+
|
||||
[source,bash,subs="attributes+,macros+"]
|
||||
----
|
||||
|
|
@ -33,7 +33,7 @@ the {project_openshift_product_name} image to be deployed properly.
|
|||
|
||||
[IMPORTANT]
|
||||
====
|
||||
The {project_name} application templates using xref:../introduction/introduction.adoc#reencrypt-templates[re-encryption TLS termination] do not *require* or *expect* the aforementioned HTTPS and JGroups keystores and {project_name} server truststore to be prepared beforehand. The templates use OpenShift's internal link:https://docs.openshift.com/container-platform/latest/dev_guide/secrets.html#service-serving-certificate-secrets[service serving x509 certificate secrets] to automatically create the HTTPS and JGroups keystores. The {project_name} server truststore is also created automatically, containing the */var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt* CA certificate file, which is used to create these cluster certificates. Moreover, the truststore for the {project_name} server is pre-populated with the all known, trusted CA certificate files found in the Java system path.
|
||||
The {project_name} application templates using xref:../introduction/introduction.adoc#reencrypt-templates[re-encryption TLS termination] do not *require* or *expect* the aforementioned HTTPS and JGroups keystores and {project_name} server truststore to be prepared beforehand. The templates use OpenShift's internal link:{ocpdocs_serving_x509_secrets_link}[service serving x509 certificate secrets] to automatically create the HTTPS and JGroups keystores. The {project_name} server truststore is also created automatically, containing the */var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt* CA certificate file, which is used to create these cluster certificates. Moreover, the truststore for the {project_name} server is pre-populated with the all known, trusted CA certificate files found in the Java system path.
|
||||
====
|
||||
|
||||
The *_openssl_* toolkit is used in the following example to generate a CA certificate to sign the HTTPS keystore, and create a truststore for the {project_name} server. *_keytool_*, a package *included with the Java Development Kit*, is then utilized to the generate self-signed certificates for these keystores.
|
||||
|
|
@ -112,7 +112,7 @@ $ keytool -import -file xpaas.crt -alias xpaas.ca -keystore truststore.jks
|
|||
[[Configuring-Secrets]]
|
||||
==== Secrets
|
||||
|
||||
OpenShift uses objects called link:https://docs.openshift.com/container-platform/latest/dev_guide/secrets.html[secrets] to hold sensitive information, such as passwords or keystores.
|
||||
OpenShift uses objects called link:{ocpdocs_secrets_link}[secrets] to hold sensitive information, such as passwords or keystores.
|
||||
|
||||
. Create the secrets for the HTTPS and JGroups keystores, and {project_name} server truststore, generated in the xref:Configuring-Keystores[previous section].
|
||||
+
|
||||
|
|
@ -120,7 +120,7 @@ OpenShift uses objects called link:https://docs.openshift.com/container-platform
|
|||
----
|
||||
$ oc create secret generic sso-app-secret --from-file=keystore.jks --from-file=jgroups.jceks --from-file=truststore.jks
|
||||
----
|
||||
. Link these secrets to the link:https://docs.openshift.com/container-platform/latest/dev_guide/service_accounts.html#default-service-accounts-and-roles[default] service account, which is used to run {project_name} pods.
|
||||
. Link these secrets to the link:{ocpdocs_default_service_accounts_link}[default] service account, which is used to run {project_name} pods.
|
||||
+
|
||||
[source,bash,subs="attributes+,macros+"]
|
||||
----
|
||||
|
|
@ -293,7 +293,7 @@ route "sso" patched
|
|||
[[sso-connecting-to-an-external-database]]
|
||||
=== Connecting to an external database
|
||||
|
||||
{project_name} can be configured to connect to an external (to OpenShift cluster) database. In order to achieve this, you need to modify the `sso-{database name}` Endpoints object to point to the proper address. The procedure is described in the https://docs.openshift.com/container-platform/latest/networking/configuring-ingress-cluster-traffic/configuring-ingress-cluster-traffic-service-external-ip.html#nw-service-external-ip_configuring-ingress-cluster-traffic-service-external-ip[OpenShift manual].
|
||||
{project_name} can be configured to connect to an external (to OpenShift cluster) database. In order to achieve this, you need to modify the `sso-{database name}` Endpoints object to point to the proper address. The procedure is described in the link:{ocpdocs_ingress_service_external_ip_link}[OpenShift manual].
|
||||
|
||||
Tip: The easiest way to get started is to deploy {project_name} from a template and then modify the Endpoints object. You might also need to update some of the datasource configuration variables in the DeploymentConfig. Once you're done, just roll a new deployment out.
|
||||
|
||||
|
|
@ -359,7 +359,7 @@ run-batch
|
|||
----
|
||||
podman build -t docker-registry-default/project/name:tag .
|
||||
----
|
||||
. After the build finishes, push your image to the registry used by OpenShift to deploy your image. Refer to the https://docs.openshift.com/container-platform/latest/registry/accessing-the-registry.html#registry-accessing-directly_accessing-the-registry[OpenShift guide] for details.
|
||||
. After the build finishes, push your image to the registry used by OpenShift to deploy your image. Refer to the link:{ocpdocs_cluster_local_registry_access_link}[OpenShift guide] for details.
|
||||
|
||||
[[sso-administrator-setup]]
|
||||
=== Creating the Administrator Account for {project_name} Server
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ The {project_openshift_product_name} image version number between 7.0 and 7.3 ar
|
|||
====
|
||||
|
||||
=== Initial Setup
|
||||
The Tutorials in this guide follow on from and assume an OpenShift instance similar to that created by performing https://docs.openshift.com/container-platform/latest/install/index.html[the installation of the OpenShift Container Platform cluster].
|
||||
The Tutorials in this guide follow on from and assume an OpenShift instance similar to that created by performing link:{ocpdocs_install_cluster_link}[the installation of the OpenShift Container Platform cluster].
|
||||
|
||||
[IMPORTANT]
|
||||
====
|
||||
|
|
|
|||
|
|
@ -62,7 +62,7 @@ Log in to the OpenShift CLI with a user that holds the _cluster:admin_ role.
|
|||
----
|
||||
$ oc new-project sso-app-demo
|
||||
----
|
||||
. Add the `view` role to the link:https://docs.openshift.com/container-platform/latest/dev_guide/service_accounts.html#default-service-accounts-and-roles[`default`] service account. This enables the service account to view all the resources in the sso-app-demo namespace, which is necessary for managing the cluster.
|
||||
. Add the `view` role to the link:{ocpdocs_default_service_accounts_link}[`default`] service account. This enables the service account to view all the resources in the sso-app-demo namespace, which is necessary for managing the cluster.
|
||||
+
|
||||
[source,bash,subs="attributes+,macros+"]
|
||||
----
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@
|
|||
Red Hat offers multiple OpenShift application templates utilizing the {project_openshift_product_name} image version number {project_version}. These define the resources needed to develop {project_name} {project_version} server based deployment and can be split into the following two categories:
|
||||
|
||||
[[passthrough-templates]]
|
||||
* Templates using HTTPS and JGroups keystores and a truststore for the {project_name} server, all prepared beforehand. These secure the TLS communication using link:https://docs.openshift.com/container-platform/latest/architecture/networking/routes.html#passthrough-termination[passthrough TLS termination]:
|
||||
* Templates using HTTPS and JGroups keystores and a truststore for the {project_name} server, all prepared beforehand. These secure the TLS communication using link:{ocp311docs_passthrough_route_link}[passthrough TLS termination]:
|
||||
|
||||
** *_{project_templates_version}-https_*: {project_name} {project_version} backed by internal H2 database on the same pod.
|
||||
** *_{project_templates_version}-postgresql_*: {project_name} {project_version} backed by ephemeral PostgreSQL database on a separate pod.
|
||||
|
|
@ -19,7 +19,7 @@ Red Hat offers multiple OpenShift application templates utilizing the {project_o
|
|||
Templates for using {project_name} with MySQL / MariaDB databases have been removed and are not available since {project_name} version 7.4.
|
||||
|
||||
[[reencrypt-templates]]
|
||||
* Templates using OpenShift's internal link:https://docs.openshift.com/container-platform/latest/dev_guide/secrets.html#service-serving-certificate-secrets[service serving x509 certificate secrets] to automatically create the HTTPS keystore used for serving secure content. The JGroups cluster traffic is authenticated using the `AUTH` protocol and encrypted using the `ASYM_ENCRYPT` protocol. The {project_name} server truststore is also created automatically, containing the */var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt* CA certificate file, which is used to sign the certificate for HTTPS keystore. Moreover, the truststore for the {project_name} server is pre-populated with the all known, trusted CA certificate files found in the Java system path. These templates secure the TLS communication using link:https://docs.openshift.com/container-platform/latest/architecture/networking/routes.html#re-encryption-termination[re-encryption TLS termination]:
|
||||
* Templates using OpenShift's internal link:{ocpdocs_serving_x509_secrets_link}[service serving x509 certificate secrets] to automatically create the HTTPS keystore used for serving secure content. The JGroups cluster traffic is authenticated using the `AUTH` protocol and encrypted using the `ASYM_ENCRYPT` protocol. The {project_name} server truststore is also created automatically, containing the */var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt* CA certificate file, which is used to sign the certificate for HTTPS keystore. Moreover, the truststore for the {project_name} server is pre-populated with the all known, trusted CA certificate files found in the Java system path. These templates secure the TLS communication using link:{ocp311docs_reencrypt_route_link}[re-encryption TLS termination]:
|
||||
|
||||
** *_{project_templates_version}-x509-https_*: {project_name} {project_version} with auto-generated HTTPS keystore and {project_name} truststore, backed by internal H2 database. The `ASYM_ENCRYPT` JGroups protocol is used for encryption of cluster traffic.
|
||||
** *_{project_templates_version}-x509-postgresql-persistent_*: {project_name} {project_version} with auto-generated HTTPS keystore and {project_name} truststore, backed by persistent PostgreSQL database. The `ASYM_ENCRYPT` JGroups protocol is used for encryption of cluster traffic.
|
||||
|
|
|
|||
|
|
@ -362,7 +362,7 @@ _sso-truststore-volume_ volume.
|
|||
|
||||
|===
|
||||
|
||||
Available link:https://docs.openshift.com/container-platform/latest/dev_guide/templates.html#overview[application templates]
|
||||
Available link:{ocpdocs_templates_link}[application templates]
|
||||
for {project_openshift_product_name} can combine the xref:conf_env_vars[aforementioned
|
||||
configuration variables] with common OpenShift variables (for example
|
||||
*_APPLICATION_NAME_* or *_SOURCE_REPOSITORY_URL_*), product specific variables
|
||||
|
|
|
|||
|
|
@ -101,7 +101,7 @@ This process assumes that you are link:{openshift_link}#Example-Deploying-SSO[ru
|
|||
|
||||
Perform the following to generate and get the SQL migration file for the database:
|
||||
|
||||
. Prepare template of OpenShift link:https://docs.openshift.com/container-platform/latest/dev_guide/jobs.html[database migration job] to generate the SQL file.
|
||||
. Prepare template of OpenShift link:{ocpdocs_jobs_link}[database migration job] to generate the SQL file.
|
||||
+
|
||||
[source,yaml,subs="verbatim,macros,attributes"]
|
||||
----
|
||||
|
|
@ -642,7 +642,7 @@ The administration console import allows you to *overwrite* resources if you cho
|
|||
=== Example Workflow: Configuring OpenShift 3.11 to use {project_name} for Authentication
|
||||
Configure OpenShift 3.11 to use the {project_name} deployment as the authorization gateway for OpenShift. This follows on from xref:Example-Deploying-SSO[Example Workflow: Preparing and Deploying the {project_openshift_product_name} image], in which {project_name} was deployed on OpenShift.
|
||||
|
||||
This example adds {project_name} as an authentication method alongside https://docs.openshift.com/container-platform/latest/install_config/configuring_authentication.html#identity-providers-configuring[the identity providers] configured during https://docs.openshift.com/container-platform/latest/install/index.html[the installation of the OpenShift Container Platform cluster]. Once configured, the {project_name} method will be also available (together with the configured identity providers) for the user login to your OpenShift web console.
|
||||
This example adds {project_name} as an authentication method alongside link:{ocpdocs_idp_config_link}[the identity providers] configured during link:{ocpdocs_install_cluster_link}[the installation of the OpenShift Container Platform cluster]. Once configured, the {project_name} method will be also available (together with the configured identity providers) for the user login to your OpenShift web console.
|
||||
|
||||
==== Configuring {project_name} Credentials
|
||||
Log in to the encrypted {project_name} web server at *$$https://secure-sso-$$_sso-app-demo_._openshift32.example.com_/auth/admin* using the xref:sso-administrator-setup[administrator account] created during the {project_name} deployment.
|
||||
|
|
@ -678,7 +678,7 @@ The client *Secret* is needed to configure OpenID-Connect on the OpenShift maste
|
|||
==== Configuring OpenShift Master for {project_name} Authentication
|
||||
Log in to the OpenShift master CLI. You must have the required permissions to edit the */etc/origin/master/master-config.yaml* file.
|
||||
|
||||
. Edit the */etc/origin/master/master-config.yaml* file and find the *identityProviders*. For example, in the case the OpenShift master is configured with the https://docs.openshift.com/container-platform/latest/install_config/configuring_authentication.html#HTPasswdPasswordIdentityProvider[HTPassword identity provider], the *identityProviders* section will look similar to the following one:
|
||||
. Edit the */etc/origin/master/master-config.yaml* file and find the *identityProviders*. For example, in the case the OpenShift master is configured with the link:{ocpdocs_htpasswd_idp_link}[HTPassword identity provider], the *identityProviders* section will look similar to the following one:
|
||||
+
|
||||
[source,bash,subs="attributes+,macros+"]
|
||||
----
|
||||
|
|
@ -753,7 +753,7 @@ $ oc adm policy add-role-to-user view testuser -n sso-app-demo
|
|||
[[binary-builds]]
|
||||
=== Example Workflow: Creating OpenShift Application from Existing Maven Binaries and Securing it Using {project_name}
|
||||
|
||||
To deploy existing applications on OpenShift, you can use the link:https://docs.openshift.com/container-platform/latest/dev_guide/builds/build_inputs.html#binary-source[binary source] capability.
|
||||
To deploy existing applications on OpenShift, you can use the link:{ocpdocs_binary_source_link}[binary source] capability.
|
||||
|
||||
==== Deploy Binary Build of EAP 6.4 / 7.1 JSP Service Invocation Application and Secure it Using {project_name}
|
||||
|
||||
|
|
@ -850,7 +850,7 @@ You can select multiple items at once by holding the *Ctrl* key and simultaneous
|
|||
----
|
||||
$ oc new-project eap-app-demo
|
||||
----
|
||||
. Add the `view` role to the link:https://docs.openshift.com/container-platform/latest/dev_guide/service_accounts.html#default-service-accounts-and-roles[`default`] service account. This enables the service account to view all the resources in the `eap-app-demo` namespace, which is necessary for managing the cluster.
|
||||
. Add the `view` role to the link:{ocpdocs_default_service_accounts_link}[`default`] service account. This enables the service account to view all the resources in the `eap-app-demo` namespace, which is necessary for managing the cluster.
|
||||
+
|
||||
[source,bash,subs="attributes+,macros+"]
|
||||
----
|
||||
|
|
@ -887,7 +887,7 @@ $ oc create secret generic eap-ssl-secret --from-file=eapkeystore.jks
|
|||
----
|
||||
$ oc create secret generic eap-jgroup-secret --from-file=eapjgroups.jceks
|
||||
----
|
||||
.. Add the EAP application secret to the link:https://docs.openshift.com/container-platform/latest/dev_guide/service_accounts.html#default-service-accounts-and-roles[`default`] service account.
|
||||
.. Add the EAP application secret to the link:{ocpdocs_default_service_accounts_link}[`default`] service account.
|
||||
+
|
||||
[source,bash,subs="attributes+,macros+"]
|
||||
----
|
||||
|
|
@ -1306,7 +1306,7 @@ $ oc new-project eap-app-demo
|
|||
//----
|
||||
//$ oc create serviceaccount eap-service-account
|
||||
//----
|
||||
. Add the `view` role to the link:https://docs.openshift.com/container-platform/latest/dev_guide/service_accounts.html#default-service-accounts-and-roles[`default`] service account. This enables the service account to view all the resources in the `eap-app-demo` namespace, which is necessary for managing the cluster.
|
||||
. Add the `view` role to the link:{ocpdocs_default_service_accounts_link}[`default`] service account. This enables the service account to view all the resources in the `eap-app-demo` namespace, which is necessary for managing the cluster.
|
||||
+
|
||||
[source,bash,subs="attributes+,macros+"]
|
||||
----
|
||||
|
|
@ -1554,7 +1554,7 @@ $ oc new-project eap-app-demo
|
|||
//----
|
||||
//$ oc create serviceaccount app-service-account
|
||||
//----
|
||||
. Add the `view` role to the link:https://docs.openshift.com/container-platform/latest/dev_guide/service_accounts.html#default-service-accounts-and-roles[`default`] service account. This enables the service account to view all the resources in the `eap-app-demo` namespace, which is necessary for managing the cluster.
|
||||
. Add the `view` role to the link:{ocpdocs_default_service_accounts_link}[`default`] service account. This enables the service account to view all the resources in the `eap-app-demo` namespace, which is necessary for managing the cluster.
|
||||
+
|
||||
[source,bash,subs="attributes+,macros+"]
|
||||
----
|
||||
|
|
|
|||
|
|
@ -59,6 +59,23 @@
|
|||
:openshift_openj9_platforms: s390x
|
||||
:openshift_openj9_image: redhat-sso-7/sso74-openj9-openshift-rhel8
|
||||
:openshift_openj9_project_templates_version: sso74-openj9
|
||||
|
||||
// Aggregate various frequently referred links to the official OCP documentation
|
||||
:official_ocp_docs_link: https://docs.openshift.com/container-platform
|
||||
:ocpdocs_secrets_link: {official_ocp_docs_link}/latest/builds/creating-build-inputs.html#builds-secrets-overview_creating-build-inputs
|
||||
:ocpdocs_serving_x509_secrets_link: {official_ocp_docs_link}/latest/builds/creating-build-inputs.html#builds-service-serving-certificate-secrets_creating-build-inputs
|
||||
:ocpdocs_binary_source_link: {official_ocp_docs_link}/latest/builds/creating-build-inputs.html#builds-binary-source_creating-build-inputs
|
||||
:ocpdocs_templates_link: {official_ocp_docs_link}/latest/openshift_images/using-templates.html
|
||||
:ocpdocs_idp_config_link: {official_ocp_docs_link}/latest/authentication/understanding-identity-provider.html
|
||||
:ocpdocs_htpasswd_idp_link: {official_ocp_docs_link}/latest/authentication/identity_providers/configuring-htpasswd-identity-provider.html
|
||||
:ocpdocs_install_cluster_link: {official_ocp_docs_link}/latest/architecture/architecture-installation.html
|
||||
:ocpdocs_default_service_accounts_link: {official_ocp_docs_link}/latest/authentication/using-service-accounts-in-applications.html#default-service-accounts-and-roles_using-service-accounts
|
||||
:ocpdocs_jobs_link: {official_ocp_docs_link}/latest/nodes/jobs/nodes-nodes-jobs.html
|
||||
:ocpdocs_ingress_service_external_ip_link: {official_ocp_docs_link}/latest/networking/configuring_ingress_cluster_traffic/configuring-ingress-cluster-traffic-service-external-ip.html#nw-service-external-ip_configuring-ingress-cluster-traffic-service-external-ip
|
||||
:ocpdocs_cluster_local_registry_access_link: {official_ocp_docs_link}/latest/registry/accessing-the-registry.html#registry-accessing-directly_accessing-the-registry
|
||||
:ocp311docs_passthrough_route_link: {official_ocp_docs_link}/3.11/architecture/networking/routes.html#passthrough-termination
|
||||
:ocp311docs_reencrypt_route_link: {official_ocp_docs_link}/3.11/architecture/networking/routes.html#re-encryption-termination
|
||||
|
||||
:installguide_name: Server Installation and Configuration Guide
|
||||
:installguide_link: {project_doc_base_url}/server_installation_and_configuration_guide/
|
||||
:installguide_clustering_name: Clustering
|
||||
|
|
|
|||
Loading…
Reference in a new issue