Rafael Jardim d95c80d36f Update Security

Fixed merge conflict (RS)

Signed-off-by: Rafael Jardim <rafaeljordao.jardim@windriver.com>
Change-Id: I30b882a14196525f440db1108a56bbf862dfaf55
Signed-off-by: Ron Stone <ronald.stone@windriver.com>

2021-04-01 16:02:36 -04:00

2.1 KiB

Raw Blame History

Deprovision Windows Active Directory Authentication

You can remove Windows Active Directory authentication from .

Remove the configuration of kube-apiserver to use oidc-auth-apps for authentication.
1. Determine the UUIDs of parameters used in the kubernetes kube-apiserver group.
  
  These include oidc_client_id, oidc_groups_claim, oidc_issuer_url and oidc_username_claim.
```
~(keystone_admin)]$ system service-parameter-list
```
2. Delete each parameter.
```
~(keystone_admin)]$ system service-parameter-delete <UUID>
```
3. Apply the changes.
```
~(keystone_admin)]$ system service-parameter-apply kubernetes
```

Uninstall oidc-auth-apps.

~(keystone_admin)]$ system application-remove oidc-auth-apps

Clear the helm-override configuration.

~(keystone_admin)]$ system helm-override-update oidc-auth-apps dex kube-system --reset-values
~(keystone_admin)]$ system helm-override-show oidc-auth-apps dex kube-system

~(keystone_admin)]$ system helm-override-update oidc-auth-apps oidc-client kube-system --reset-values
~(keystone_admin)]$ system helm-override-show oidc-auth-apps oidc-client kube-system

Remove secrets that contain certificate data.

~(keystone_admin)]$ kubectl delete secret local-dex.tls -n kube-system
~(keystone_admin)]$ kubectl delete secret dex-client-secret -n kube-system
~(keystone_admin)]$ kubectl delete secret wadcert -n kube-system

Remove any RoleBindings added for users and/or groups.

For example:

$ kubectl delete clusterrolebinding testuser-rolebinding
$ kubectl delete clusterrolebinding billingdeptgroup-rolebinding

2.1 KiB Raw Blame History

Deprovision Windows Active Directory Authentication

2.1 KiB

Raw Blame History