Here’s the shorter version on how I’ve done it in 4.8 and 4.10 using CR since I like OLM to manage the Operator for me. Though, I haven’t dug deeper why I’m getting some SCC errors, so I just skip the creation by setting the route.enabled = False in the CR and create the edge route by hand. Though it would be nice if its fixed.
$ oc create sa k10-dex-sa
$ oc annotate sa k10-dex-sa serviceaccounts.openshift.io/oauth-redirecturi.dex=https://CHANGEME/k10/dex/callback
$ oc get secret router-ca -n openshift-ingress-operator -o jsonpath='{ .data.tls\.crt }' | base64 --decode > custom-ca-bundle.pem
$ oc create configmap custom-ca-bundle-store --from-file=custom-ca-bundle.pem -n kasten-io
$ oc sa get-token k10-dex-sa
$ oc create -f CR.yaml
$ oc create route edge --service=gateway --path /k10/ --hostname=kasten-io.apps.49.integrate.zone --insecure-policy=Redirect
Save the results from the above, you’ll have to edit the CR below. If you don’t want to select a node to pin K10, just remove the nodeSelector section.
If you need to find your sc just run
$ oc get sc
CR.yml
kind: K10
apiVersion: apik10.kasten.io/v1alpha1
metadata:
name: k10
namespace: kasten-io
spec:
scc:
create: true
auth:
basicAuth:
enabled: false
htpasswd: ''
secretName: ''
tokenAuth:
enabled: false
openshift:
enabled: true
serviceAccount: k10-dex-sa
clientSecret: CHANGEME
dashboardURL: https://CHANGEME/k10/
openshiftURL: https://api.CHANGEME:6443
insecureCA: true
global:
persistence:
catalog:
size: 50Gi
storageClass: CHANGEME
metering:
mode: ''
route:
enabled: false
host: kasten-io.apps.49.integrate.zone
tls:
enabled: false
cacertconfigmap:
name: custom-ca-bundle-store
nodeSelector:
choose.your.selector.io: ""
