openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 21:46:22 +01:00
Code Issues Releases Activity
Files
498a426b6c7a45cdc19a8f6078cf5d5884d2ff68
openshift-docs/modules/external-auth-disabling.adoc

57 lines
2.0 KiB
Plaintext
Raw Blame History

// Module included in the following assemblies:
//
// * authentication/external-auth.adoc
:_mod-docs-content-type: PROCEDURE
[id="external-auth-disabling_{context}"]
= Disabling direct authentication
If necessary, you can disable direct authentication for your cluster and revert back to authenticating with the built-in OpenShift OAuth server.
.Prerequisites
* You have access to the `kubeconfig` file generated by the installation program for the cluster.
.Procedure
. Ensure that you are using the `kubeconfig` file generated by the installation program, or another long-lived method of logging in as a cluster administrator.
. Update the authentication configuration to use the built-in OpenShift OAuth server by running the following command:
+
[source,terminal]
----
$ oc patch authentication.config/cluster --type=merge -p='
spec:
type: "" <1>
oidcProviders: null <2>
'
----
<1> Sets `type` to `""` to use the built-in OpenShift OAuth server. A value of `IntegratedOAuth` is also equivalent.
<2> Removes the `oidcProviders` configuration.
. Wait for the cluster to roll out new revisions to all nodes.
.. Check the Kubernetes API server Operator status by running the following command:
+
[source,terminal]
----
$ oc get co kube-apiserver
----
+
.Example output
[source,terminal]
----
NAME VERSION AVAILABLE PROGRESSING DEGRADED SINCE MESSAGE
kube-apiserver 4.21.0 True True False 85m NodeInstallerProgressing: 2 node are at revision 12; 1 node is at revision 14
----
+
The message in the preceding example shows that one node has progressed to the new revision and two nodes have not yet updated. It can take 20 minutes or more to roll out the new revision to all nodes, depending on the size of your cluster.
.. To troubleshoot any issues, you can also check the Cluster Authentication Operator and `kube-apiserver` pod logs for errors.
. If necessary, restore any existing authentication configuration.
.Verification
* Verify that you can successfully log in to the {product-title} web console and {oc-first}.
View Git Blame Copy Permalink