mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
87 lines
2.5 KiB
Plaintext
87 lines
2.5 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * service_mesh/v2x/ossm-reference-jaeger.adoc
|
|
|
|
:_mod-docs-content-type: PROCEDURE
|
|
[id="ossm-config-security-ossm-cli_{context}"]
|
|
= Configuring distributed tracing security for service mesh from the command line
|
|
|
|
You can modify the Jaeger resource to configure {JaegerShortName} security for use with {SMproductShortName} from the command line by running the {oc-first}.
|
|
|
|
.Prerequisites
|
|
|
|
* You have access to the cluster as a user with the `cluster-admin` role. If you use {product-dedicated}, you must have an account with the `dedicated-admin` role.
|
|
* The {SMProductName} Operator must be installed.
|
|
* The `ServiceMeshControlPlane` deployed to the cluster.
|
|
* You have access to the {oc-first} that matches your {product-title} version.
|
|
|
|
.Procedure
|
|
|
|
. Log in to the {oc-first} as a user with the `cluster-admin` role by running the following command. If you use {product-dedicated}, you must have an account with the `dedicated-admin` role.
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc login https://<HOSTNAME>:6443
|
|
----
|
|
+
|
|
. Change to the project where you installed the control plane, for example `istio-system`, by entering the following command:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc project istio-system
|
|
----
|
|
+
|
|
. Run the following command to edit the Jaeger custom resource file:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc edit -n openshift-distributed-tracing -f jaeger.yaml
|
|
----
|
|
+
|
|
. Edit the `Jaeger` custom resource file to add the `htpasswd` configuration as shown in the following example.
|
|
|
|
* `spec.ingress.openshift.htpasswdFile`
|
|
* `spec.volumes`
|
|
* `spec.volumeMounts`
|
|
+
|
|
.Example Jaeger resource showing `htpasswd` configuration
|
|
[source,yaml]
|
|
----
|
|
apiVersion: jaegertracing.io/v1
|
|
kind: Jaeger
|
|
spec:
|
|
ingress:
|
|
enabled: true
|
|
openshift:
|
|
htpasswdFile: /etc/proxy/htpasswd/auth
|
|
sar: '{"namespace": "istio-system", "resource": "pods", "verb": "get"}'
|
|
options: {}
|
|
resources: {}
|
|
security: oauth-proxy
|
|
volumes:
|
|
- name: secret-htpasswd
|
|
secret:
|
|
secretName: htpasswd
|
|
- configMap:
|
|
defaultMode: 420
|
|
items:
|
|
- key: ca-bundle.crt
|
|
path: tls-ca-bundle.pem
|
|
name: trusted-ca-bundle
|
|
optional: true
|
|
name: trusted-ca-bundle
|
|
volumeMounts:
|
|
- mountPath: /etc/proxy/htpasswd
|
|
name: secret-htpasswd
|
|
- mountPath: /etc/pki/ca-trust/extracted/pem/
|
|
name: trusted-ca-bundle
|
|
readOnly: true
|
|
----
|
|
+
|
|
. Run the following command to watch the progress of the pod deployment:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc get pods -n openshift-distributed-tracing
|
|
----
|