mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
76 lines
2.3 KiB
Plaintext
76 lines
2.3 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * service_mesh/v2x/ossm-reference-jaeger.adoc
|
|
|
|
:_mod-docs-content-type: PROCEDURE
|
|
[id="ossm-config-security-ossm-web_{context}"]
|
|
= Configuring distributed tracing security for service mesh from the web console
|
|
|
|
You can modify the Jaeger resource to configure {JaegerShortName} security for use with {SMproductShortName} in the web console.
|
|
|
|
.Prerequisites
|
|
|
|
* You have access to the cluster as a user with the `cluster-admin` role. If you use {product-dedicated}, you must have an account with the `dedicated-admin` role.
|
|
* The {SMProductName} Operator must be installed.
|
|
* The `ServiceMeshControlPlane` deployed to the cluster.
|
|
* You have access to the {product-title} web console.
|
|
|
|
.Procedure
|
|
|
|
. Log in to the {product-title} web console as a user with the `cluster-admin` role.
|
|
|
|
. Navigate to *Ecosystem* -> *Installed Operators*.
|
|
|
|
. Click the *Project* menu and select the project where your `ServiceMeshControlPlane` resource is deployed from the list, for example `istio-system`.
|
|
|
|
. Click the *{JaegerName} Operator*.
|
|
|
|
. On the *Operator Details* page, click the *Jaeger* tab.
|
|
|
|
. Click the name of your Jaeger instance.
|
|
|
|
. On the Jaeger details page, click the *YAML* tab to modify your configuration.
|
|
|
|
. Edit the `Jaeger` custom resource file to add the `htpasswd` configuration as shown in the following example.
|
|
|
|
* `spec.ingress.openshift.htpasswdFile`
|
|
* `spec.volumes`
|
|
* `spec.volumeMounts`
|
|
+
|
|
.Example Jaeger resource showing `htpasswd` configuration
|
|
[source,yaml]
|
|
----
|
|
apiVersion: jaegertracing.io/v1
|
|
kind: Jaeger
|
|
spec:
|
|
ingress:
|
|
enabled: true
|
|
openshift:
|
|
htpasswdFile: /etc/proxy/htpasswd/auth
|
|
sar: '{"namespace": "istio-system", "resource": "pods", "verb": "get"}'
|
|
options: {}
|
|
resources: {}
|
|
security: oauth-proxy
|
|
volumes:
|
|
- name: secret-htpasswd
|
|
secret:
|
|
secretName: htpasswd
|
|
- configMap:
|
|
defaultMode: 420
|
|
items:
|
|
- key: ca-bundle.crt
|
|
path: tls-ca-bundle.pem
|
|
name: trusted-ca-bundle
|
|
optional: true
|
|
name: trusted-ca-bundle
|
|
volumeMounts:
|
|
- mountPath: /etc/proxy/htpasswd
|
|
name: secret-htpasswd
|
|
- mountPath: /etc/pki/ca-trust/extracted/pem/
|
|
name: trusted-ca-bundle
|
|
readOnly: true
|
|
# ...
|
|
----
|
|
+
|
|
. Click *Save*.
|