{"id":1397,"date":"2022-09-13T12:53:24","date_gmt":"2022-09-13T12:53:24","guid":{"rendered":"http:\/\/patriciocerda.com\/?p=1397"},"modified":"2022-12-21T10:57:24","modified_gmt":"2022-12-21T10:57:24","slug":"instalar-kasten-en-openshift-con-oauth-y-active-directory","status":"publish","type":"post","link":"https:\/\/patriciocerda.com\/?p=1397","title":{"rendered":"Instalar Kasten en Openshift con OAuth y Active Directory"},"content":{"rendered":"<p>Hola a todos!\u00a0 Hasta ahora hemos hablado de como instalar Kasten K10 en diversas infraestructuras como <a title=\"Kasten \u2013 Instalar Kasten sobre AWS EKS utilizando roles y usuarios de IAM\" href=\"https:\/\/patriciocerda.com\/?p=1200\">AWS EKS<\/a> o <a title=\"Kasten \u2013 Instalar Kasten sobre Azure AKS\" href=\"https:\/\/patriciocerda.com\/?p=1244\">Azure AKS<\/a>, utilizando autenticaci\u00f3n basada en token o utilizando <a title=\"Kasten \u2013 Habilitar autenticaci\u00f3n mediante Azure AD y OIDC\" href=\"https:\/\/patriciocerda.com\/?p=1377\" target=\"_blank\" rel=\"noopener\">Azure AD\/OIDC<\/a>.\u00a0 En esta ocasi\u00f3n, veremos como instalar Kasten sobre OpenShift y utilizar OAuth para proveer autenticaci\u00f3n, utilizando LDAP (Active Directory) como Identity Provider.<\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_83 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Contenidos<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/patriciocerda.com\/?p=1397\/#Que_necesitamos\" >Que necesitamos<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/patriciocerda.com\/?p=1397\/#Pasos_previos_para_instalar_Kasten\" >Pasos previos para instalar Kasten<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/patriciocerda.com\/?p=1397\/#Instalar_Kasten_en_OpenShift_con_Auth\" >Instalar Kasten en OpenShift con Auth<\/a><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"Que_necesitamos\"><\/span>Que necesitamos<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Para proceder con esta configuraci\u00f3n necesitaremos los siguientes componentes:<\/p>\n<ul>\n<li>Un dominio Active Directory con usuarios y grupos creados y que queramos utilizar para autenticarnos en OpenShift y en Kasten.<\/li>\n<li>Un cluster Openshift Container Platform operativo<\/li>\n<li>Active Directory configurado como <a title=\"OpenShift \u2013 A\u00f1adiendo Active Directory como OAuth Provider\" href=\"https:\/\/patriciocerda.com\/?p=1428\" target=\"_blank\" rel=\"noopener\">OAuth Provider en OpenShift<\/a><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Pasos_previos_para_instalar_Kasten\"><\/span>Pasos previos para instalar Kasten<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>En este punto nos toca completar los pasos previos para la instalaci\u00f3n de Kasten en OpenShift utilizando OAuth.<\/p>\n<ul>\n<li>Como siempre, el primer paso es verificar que se cumplan todos los pre-requisitos ejecutando el siguiente comando:<\/li>\n<\/ul>\n<p>[\/fusion_text]<style type=\"text\/css\" scopped=\"scopped\">.fusion-syntax-highlighter-1 > .CodeMirror, .fusion-syntax-highlighter-1 > .CodeMirror .CodeMirror-gutters {background-color:var(--awb-color1);}.fusion-syntax-highlighter-1 > .CodeMirror .CodeMirror-gutters { background-color: var(--awb-color2); }.fusion-syntax-highlighter-1 > .CodeMirror .CodeMirror-linenumber { color: var(--awb-color8); }<\/style><div class=\"fusion-syntax-highlighter-container fusion-syntax-highlighter-1 fusion-syntax-highlighter-theme-light\" style=\"opacity:0;margin-top:0px;margin-right:0px;margin-bottom:0px;margin-left:0px;font-size:14px;border-width:1px;border-style:solid;border-color:var(--awb-color3);\"><div class=\"syntax-highlighter-copy-code\"><span class=\"syntax-highlighter-copy-code-title\" data-id=\"fusion_syntax_highlighter_1\" style=\"font-size:14px;\">Copy to Clipboard<\/span><\/div><label for=\"fusion_syntax_highlighter_1\" class=\"screen-reader-text\">Syntax Highlighter<\/label><textarea class=\"fusion-syntax-highlighter-textarea\" id=\"fusion_syntax_highlighter_1\" data-readOnly=\"nocursor\" data-lineNumbers=\"1\" data-lineWrapping=\"\" data-theme=\"default\" data-mode=\"text\/x-sh\">curl https:\/\/docs.kasten.io\/tools\/k10_primer.sh | bash<\/textarea><\/div><div class=\"fusion-text fusion-text-1\"><\/p>\n<ul>\n<li>El siguiente paso es crear un nuevo proyecto en OCP llamado kasten-io<\/li>\n<\/ul>\n<p>\n<\/div><style type=\"text\/css\" scopped=\"scopped\">.fusion-syntax-highlighter-2 > .CodeMirror, .fusion-syntax-highlighter-2 > .CodeMirror .CodeMirror-gutters {background-color:var(--awb-color1);}.fusion-syntax-highlighter-2 > .CodeMirror .CodeMirror-gutters { background-color: var(--awb-color2); }.fusion-syntax-highlighter-2 > .CodeMirror .CodeMirror-linenumber { color: var(--awb-color8); }<\/style><div class=\"fusion-syntax-highlighter-container fusion-syntax-highlighter-2 fusion-syntax-highlighter-theme-light\" style=\"opacity:0;margin-top:0px;margin-right:0px;margin-bottom:0px;margin-left:0px;font-size:14px;border-width:1px;border-style:solid;border-color:var(--awb-color3);\"><div class=\"syntax-highlighter-copy-code\"><span class=\"syntax-highlighter-copy-code-title\" data-id=\"fusion_syntax_highlighter_2\" style=\"font-size:14px;\">Copy to Clipboard<\/span><\/div><label for=\"fusion_syntax_highlighter_2\" class=\"screen-reader-text\">Syntax Highlighter<\/label><textarea class=\"fusion-syntax-highlighter-textarea\" id=\"fusion_syntax_highlighter_2\" data-readOnly=\"nocursor\" data-lineNumbers=\"1\" data-lineWrapping=\"\" data-theme=\"default\" data-mode=\"text\/x-sh\">oc new-project kasten-io \\\n  --description=\"Kubernetes data management platform\" \\\n  --display-name=\"Kasten K10\"<\/textarea><\/div><div class=\"fusion-text fusion-text-2\"><\/p>\n<ul>\n<li>A continuaci\u00f3n debemos crear un Service Account llamado k10-dex-sa, con la siguiente anotaci\u00f3n: serviceaccounts.openshift.io\/oauth-redirecturi.dex.\u00a0 Esta anotaci\u00f3n permite registrar este Service Account como un cliente OAuth con el servidor OpenShift OAuth.\u00a0 Para esto primero creamos un fichero YAML con los siguientes datos:<\/li>\n<\/ul>\n<p>\n<\/div><style type=\"text\/css\" scopped=\"scopped\">.fusion-syntax-highlighter-3 > .CodeMirror, .fusion-syntax-highlighter-3 > .CodeMirror .CodeMirror-gutters {background-color:var(--awb-color1);}.fusion-syntax-highlighter-3 > .CodeMirror .CodeMirror-gutters { background-color: var(--awb-color2); }.fusion-syntax-highlighter-3 > .CodeMirror .CodeMirror-linenumber { color: var(--awb-color8); }<\/style><div class=\"fusion-syntax-highlighter-container fusion-syntax-highlighter-3 fusion-syntax-highlighter-theme-light\" style=\"opacity:0;margin-top:0px;margin-right:0px;margin-bottom:0px;margin-left:0px;font-size:14px;border-width:1px;border-style:solid;border-color:var(--awb-color3);\"><div class=\"syntax-highlighter-copy-code\"><span class=\"syntax-highlighter-copy-code-title\" data-id=\"fusion_syntax_highlighter_3\" style=\"font-size:14px;\">Copy to Clipboard<\/span><\/div><label for=\"fusion_syntax_highlighter_3\" class=\"screen-reader-text\">Syntax Highlighter<\/label><textarea class=\"fusion-syntax-highlighter-textarea\" id=\"fusion_syntax_highlighter_3\" data-readOnly=\"nocursor\" data-lineNumbers=\"1\" data-lineWrapping=\"\" data-theme=\"default\" data-mode=\"text\/x-sh\">cat > oauth-sa.yaml <<EOF\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n  name: k10-dex-sa\n  namespace: kasten-io\n  annotations:\n    serviceaccounts.openshift.io\/oauth-redirecturi.dex: https:\/\/kastenocp.vlatam.net\/k10\/dex\/callback\nEOF<\/textarea><\/div><div class=\"fusion-text fusion-text-3\"><\/p>\n<ul>\n<li>Finalmente creamos la Service Account.<\/li>\n<\/ul>\n<p>\n<\/div><style type=\"text\/css\" scopped=\"scopped\">.fusion-syntax-highlighter-4 > .CodeMirror, .fusion-syntax-highlighter-4 > .CodeMirror .CodeMirror-gutters {background-color:var(--awb-color1);}.fusion-syntax-highlighter-4 > .CodeMirror .CodeMirror-gutters { background-color: var(--awb-color2); }.fusion-syntax-highlighter-4 > .CodeMirror .CodeMirror-linenumber { color: var(--awb-color8); }<\/style><div class=\"fusion-syntax-highlighter-container fusion-syntax-highlighter-4 fusion-syntax-highlighter-theme-light\" style=\"opacity:0;margin-top:0px;margin-right:0px;margin-bottom:0px;margin-left:0px;font-size:14px;border-width:1px;border-style:solid;border-color:var(--awb-color3);\"><div class=\"syntax-highlighter-copy-code\"><span class=\"syntax-highlighter-copy-code-title\" data-id=\"fusion_syntax_highlighter_4\" style=\"font-size:14px;\">Copy to Clipboard<\/span><\/div><label for=\"fusion_syntax_highlighter_4\" class=\"screen-reader-text\">Syntax Highlighter<\/label><textarea class=\"fusion-syntax-highlighter-textarea\" id=\"fusion_syntax_highlighter_4\" data-readOnly=\"nocursor\" data-lineNumbers=\"1\" data-lineWrapping=\"\" data-theme=\"default\" data-mode=\"text\/x-sh\">oc create -f oauth-sa.yaml<\/textarea><\/div><div class=\"fusion-text fusion-text-4\"><\/p>\n<ul>\n<li>Una vez creada la Service Account, necesitamos obtener el Token del Service Account, el cual podemos conseguir con el siguiente comando, almacenandolo en una variable de entorno:<\/li>\n<\/ul>\n<p>\n<\/div><style type=\"text\/css\" scopped=\"scopped\">.fusion-syntax-highlighter-5 > .CodeMirror, .fusion-syntax-highlighter-5 > .CodeMirror .CodeMirror-gutters {background-color:var(--awb-color1);}.fusion-syntax-highlighter-5 > .CodeMirror .CodeMirror-gutters { background-color: var(--awb-color2); }.fusion-syntax-highlighter-5 > .CodeMirror .CodeMirror-linenumber { color: var(--awb-color8); }<\/style><div class=\"fusion-syntax-highlighter-container fusion-syntax-highlighter-5 fusion-syntax-highlighter-theme-light\" style=\"opacity:0;margin-top:0px;margin-right:0px;margin-bottom:0px;margin-left:0px;font-size:14px;border-width:1px;border-style:solid;border-color:var(--awb-color3);\"><div class=\"syntax-highlighter-copy-code\"><span class=\"syntax-highlighter-copy-code-title\" data-id=\"fusion_syntax_highlighter_5\" style=\"font-size:14px;\">Copy to Clipboard<\/span><\/div><label for=\"fusion_syntax_highlighter_5\" class=\"screen-reader-text\">Syntax Highlighter<\/label><textarea class=\"fusion-syntax-highlighter-textarea\" id=\"fusion_syntax_highlighter_5\" data-readOnly=\"nocursor\" data-lineNumbers=\"1\" data-lineWrapping=\"\" data-theme=\"default\" data-mode=\"text\/x-sh\">DEX_TOKEN=$(oc -n kasten-io get secret $(oc -n kasten-io get sa k10-dex-sa -o jsonpath='{.secrets[0].name}') -o jsonpath='{.data.token}' | base64 -d)<\/textarea><\/div><div class=\"fusion-text fusion-text-5\"><\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Instalar_Kasten_en_OpenShift_con_Auth\"><\/span>Instalar Kasten en OpenShift con Auth<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Ahora solo nos queda el paso m\u00e1s sencillo, que es instalar Kasten K10 en OpenShift.\u00a0 Para esto, necesitamos ejecutar la instalaci\u00f3n de Kasten con los siguientes datos:<\/p>\n<p>\n<\/div><style type=\"text\/css\" scopped=\"scopped\">.fusion-syntax-highlighter-6 > .CodeMirror, .fusion-syntax-highlighter-6 > .CodeMirror .CodeMirror-gutters {background-color:var(--awb-color1);}.fusion-syntax-highlighter-6 > .CodeMirror .CodeMirror-gutters { background-color: var(--awb-color2); }.fusion-syntax-highlighter-6 > .CodeMirror .CodeMirror-linenumber { color: var(--awb-color8); }<\/style><div class=\"fusion-syntax-highlighter-container fusion-syntax-highlighter-6 fusion-syntax-highlighter-theme-light\" style=\"opacity:0;margin-top:0px;margin-right:0px;margin-bottom:0px;margin-left:0px;font-size:14px;border-width:1px;border-style:solid;border-color:var(--awb-color3);\"><div class=\"syntax-highlighter-copy-code\"><span class=\"syntax-highlighter-copy-code-title\" data-id=\"fusion_syntax_highlighter_6\" style=\"font-size:14px;\">Copy to Clipboard<\/span><\/div><label for=\"fusion_syntax_highlighter_6\" class=\"screen-reader-text\">Syntax Highlighter<\/label><textarea class=\"fusion-syntax-highlighter-textarea\" id=\"fusion_syntax_highlighter_6\" data-readOnly=\"nocursor\" data-lineNumbers=\"1\" data-lineWrapping=\"\" data-theme=\"default\" data-mode=\"text\/x-sh\">helm install k10 kasten\/k10 --namespace kasten-io \\\n  --set auth.openshift.enabled=true \\\n  --set auth.openshift.serviceAccount=k10-dex-sa \\\n  --set auth.openshift.clientSecret=${DEX_TOKEN} \\\n  --set auth.openshift.dashboardURL=https:\/\/kastenocp.vlatam.net\/k10\/ \\\n  --set auth.openshift.openshiftURL=https:\/\/api.ocpdemo.homelab.local:6443 \\\n  --set auth.openshift.insecureCA=true \\\n  --set global.persistence.storageClass=thin-csi<\/textarea><\/div><div class=\"fusion-text fusion-text-6\"><\/p>\n<ul>\n<li>auth.openshift.enabled=true<\/li>\n<li>auth.openshift.serviceAccount=&#8221;service account&#8221;<\/li>\n<li>auth.openshift.clientSecret=&#8221;token from the service account&#8221;<\/li>\n<li>auth.openshift.dashboardURL=&#8221;K10&#8217;s dashboard URL&#8221;<\/li>\n<li>auth.openshift.openshiftURL=&#8221;OpenShift API server&#8217;s URL&#8221;<\/li>\n<li>auth.openshift.insecureCA=false\/true<\/li>\n<\/ul>\n<p><a href=\"https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/KastenOAuth01.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-medium wp-image-1404\" src=\"https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/KastenOAuth01-300x145.jpg\" alt=\"\" width=\"300\" height=\"145\" srcset=\"https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/KastenOAuth01-200x96.jpg 200w, https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/KastenOAuth01-300x145.jpg 300w, https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/KastenOAuth01-400x193.jpg 400w, https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/KastenOAuth01-600x289.jpg 600w, https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/KastenOAuth01-768x370.jpg 768w, https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/KastenOAuth01-800x385.jpg 800w, https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/KastenOAuth01-1024x493.jpg 1024w, https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/KastenOAuth01-1200x578.jpg 1200w, https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/KastenOAuth01.jpg 1434w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><\/a> <a href=\"https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/KastenOAuth12.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-medium wp-image-1405\" src=\"https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/KastenOAuth12-300x109.jpg\" alt=\"\" width=\"300\" height=\"109\" srcset=\"https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/KastenOAuth12-200x73.jpg 200w, https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/KastenOAuth12-300x109.jpg 300w, https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/KastenOAuth12-400x145.jpg 400w, https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/KastenOAuth12-600x218.jpg 600w, https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/KastenOAuth12-768x279.jpg 768w, https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/KastenOAuth12-800x290.jpg 800w, https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/KastenOAuth12-1024x372.jpg 1024w, https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/KastenOAuth12-1200x435.jpg 1200w, https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/KastenOAuth12.jpg 1480w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p>Lo siguiente, una vez todos los pods se encuentren en ejecuci\u00f3n y sin errores, debemos crear los clusterrolebindings para el grupo de AD que contiene los usuarios que deseamos utilizar para autenticarnos en Kasten:<\/p>\n<p>\n<\/div><style type=\"text\/css\" scopped=\"scopped\">.fusion-syntax-highlighter-7 > .CodeMirror, .fusion-syntax-highlighter-7 > .CodeMirror .CodeMirror-gutters {background-color:var(--awb-color1);}.fusion-syntax-highlighter-7 > .CodeMirror .CodeMirror-gutters { background-color: var(--awb-color2); }.fusion-syntax-highlighter-7 > .CodeMirror .CodeMirror-linenumber { color: var(--awb-color8); }<\/style><div class=\"fusion-syntax-highlighter-container fusion-syntax-highlighter-7 fusion-syntax-highlighter-theme-light\" style=\"opacity:0;margin-top:0px;margin-right:0px;margin-bottom:0px;margin-left:0px;font-size:14px;border-width:1px;border-style:solid;border-color:var(--awb-color3);\"><div class=\"syntax-highlighter-copy-code\"><span class=\"syntax-highlighter-copy-code-title\" data-id=\"fusion_syntax_highlighter_7\" style=\"font-size:14px;\">Copy to Clipboard<\/span><\/div><label for=\"fusion_syntax_highlighter_7\" class=\"screen-reader-text\">Syntax Highlighter<\/label><textarea class=\"fusion-syntax-highlighter-textarea\" id=\"fusion_syntax_highlighter_7\" data-readOnly=\"nocursor\" data-lineNumbers=\"1\" data-lineWrapping=\"\" data-theme=\"default\" data-mode=\"text\/x-sh\">oc adm policy add-cluster-role-to-group cluster-admin k10admins\noc adm policy add-cluster-role-to-group k10-admin k10admins<\/textarea><\/div><div class=\"fusion-text fusion-text-7\"><\/p>\n<p>&nbsp;<\/p>\n<p>Si intentamos ahora conectarnos al Dashboard de Kasten, lo primero que nos aparecer\u00e1 ser\u00e1 la interfaz de autenticaci\u00f3n de OCP, con todas las opciones de autenticaci\u00f3n.\u00a0\u00a0 Elegimos el proveedor LDAP que configuramos previamente, y nos conectamos con el usuario requerido, en mi caso, con el usuario k10admin.<\/p>\n<p><a href=\"https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/KastenOAuth25.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-1401\" src=\"https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/KastenOAuth25-300x130.jpg\" alt=\"\" width=\"399\" height=\"173\" srcset=\"https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/KastenOAuth25-200x87.jpg 200w, https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/KastenOAuth25-300x130.jpg 300w, https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/KastenOAuth25-400x173.jpg 400w, https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/KastenOAuth25-600x260.jpg 600w, https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/KastenOAuth25-768x332.jpg 768w, https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/KastenOAuth25-800x346.jpg 800w, https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/KastenOAuth25-1024x443.jpg 1024w, https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/KastenOAuth25-1200x519.jpg 1200w, https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/KastenOAuth25.jpg 1306w\" sizes=\"(max-width: 399px) 100vw, 399px\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<p><a href=\"https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/KastenOAuth28.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-1406\" src=\"https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/KastenOAuth28-300x165.jpg\" alt=\"\" width=\"398\" height=\"219\" srcset=\"https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/KastenOAuth28-200x110.jpg 200w, https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/KastenOAuth28-300x165.jpg 300w, https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/KastenOAuth28-400x220.jpg 400w, https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/KastenOAuth28-600x331.jpg 600w, https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/KastenOAuth28-768x423.jpg 768w, https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/KastenOAuth28-800x441.jpg 800w, https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/KastenOAuth28-1024x564.jpg 1024w, https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/KastenOAuth28-1200x661.jpg 1200w, https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/KastenOAuth28.jpg 1339w\" sizes=\"(max-width: 398px) 100vw, 398px\" \/><\/a><\/p>\n<p>La primera vez que nos autentiquemos con un usuario LDAP, nos aparecer\u00e1 el siguiente mensaje.\u00a0 Hacemos clik en &#8220;<strong>Allow selected permissions<\/strong>&#8221; para continuar.<\/p>\n<p><a href=\"https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/KastenOAuth12.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-1405\" src=\"https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/KastenOAuth12-300x109.jpg\" alt=\"\" width=\"404\" height=\"147\" srcset=\"https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/KastenOAuth12-200x73.jpg 200w, https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/KastenOAuth12-300x109.jpg 300w, https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/KastenOAuth12-400x145.jpg 400w, https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/KastenOAuth12-600x218.jpg 600w, https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/KastenOAuth12-768x279.jpg 768w, https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/KastenOAuth12-800x290.jpg 800w, https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/KastenOAuth12-1024x372.jpg 1024w, https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/KastenOAuth12-1200x435.jpg 1200w, https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/KastenOAuth12.jpg 1480w\" sizes=\"(max-width: 404px) 100vw, 404px\" \/><\/a><\/p>\n<p>Finalmente ya estamos conectados a Kasten, y podemos ver que nuestro usuario k10admin tiene acceso completo gracias a los clusterroles que le hemos asignado.<\/p>\n<p><a href=\"https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/KastenOAuth29-scaled.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-1407\" src=\"https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/KastenOAuth29-300x113.jpg\" alt=\"\" width=\"420\" height=\"158\" srcset=\"https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/KastenOAuth29-200x75.jpg 200w, https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/KastenOAuth29-300x113.jpg 300w, https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/KastenOAuth29-400x150.jpg 400w, https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/KastenOAuth29-600x225.jpg 600w, https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/KastenOAuth29-768x288.jpg 768w, https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/KastenOAuth29-800x300.jpg 800w, https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/KastenOAuth29-1024x384.jpg 1024w, https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/KastenOAuth29-1200x450.jpg 1200w, https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/KastenOAuth29-1536x576.jpg 1536w\" sizes=\"(max-width: 420px) 100vw, 420px\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>Ya luego podemos crear clusterrolebindings o rolebindings adicionales a otros grupos de usuarios de AD con distintos privilegios, o con acceso restringido a projects\/namespaces especificos, utilizando las funcionalidades de RBAC de Kasten K10.<\/p>\n<p>&nbsp;<\/p>\n<p>Espero les haya resultado interesante y que les sea de utilidad.\u00a0 Saludos!!!<\/p>\n<p>\n<\/div>[\/fusion_builder_column][\/fusion_builder_row][\/fusion_builder_container]<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hola a todos!\u00a0 Hasta ahora hemos hablado de como instalar<\/p>\n","protected":false},"author":1,"featured_media":1409,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[25,67,27,68],"tags":[37,33,32,29,31,70,69],"aioseo_notices":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Instalar Kasten en Openshift con OAuth y Active Directory - vLatam<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/patriciocerda.com\/?p=1397\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Instalar Kasten en Openshift con OAuth y Active Directory - vLatam\" \/>\n<meta property=\"og:description\" content=\"Hola a todos!\u00a0 Hasta ahora hemos hablado de como instalar\" \/>\n<meta property=\"og:url\" content=\"https:\/\/patriciocerda.com\/?p=1397\" \/>\n<meta property=\"og:site_name\" content=\"vLatam\" \/>\n<meta property=\"article:published_time\" content=\"2022-09-13T12:53:24+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-12-21T10:57:24+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/IntroBlog1397.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"720\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"pcerda\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"pcerda\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/patriciocerda.com\/?p=1397\",\"url\":\"https:\/\/patriciocerda.com\/?p=1397\",\"name\":\"Instalar Kasten en Openshift con OAuth y Active Directory - vLatam\",\"isPartOf\":{\"@id\":\"https:\/\/patriciocerda.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/patriciocerda.com\/?p=1397#primaryimage\"},\"image\":{\"@id\":\"https:\/\/patriciocerda.com\/?p=1397#primaryimage\"},\"thumbnailUrl\":\"https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/IntroBlog1397.png\",\"datePublished\":\"2022-09-13T12:53:24+00:00\",\"dateModified\":\"2022-12-21T10:57:24+00:00\",\"author\":{\"@id\":\"https:\/\/patriciocerda.com\/#\/schema\/person\/613aa192d7dbcedcd20e08318891aa2a\"},\"breadcrumb\":{\"@id\":\"https:\/\/patriciocerda.com\/?p=1397#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/patriciocerda.com\/?p=1397\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/patriciocerda.com\/?p=1397#primaryimage\",\"url\":\"https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/IntroBlog1397.png\",\"contentUrl\":\"https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/IntroBlog1397.png\",\"width\":1280,\"height\":720},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/patriciocerda.com\/?p=1397#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/patriciocerda.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Instalar Kasten en Openshift con OAuth y Active Directory\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/patriciocerda.com\/#website\",\"url\":\"https:\/\/patriciocerda.com\/\",\"name\":\"vLatam\",\"description\":\"El Blog de Patricio Cerda\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/patriciocerda.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/patriciocerda.com\/#\/schema\/person\/613aa192d7dbcedcd20e08318891aa2a\",\"name\":\"pcerda\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/patriciocerda.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/patriciocerda.com\/wp-content\/litespeed\/avatar\/ce92117b9294544adeaad229a8fbac13.jpg?ver=1778589913\",\"contentUrl\":\"https:\/\/patriciocerda.com\/wp-content\/litespeed\/avatar\/ce92117b9294544adeaad229a8fbac13.jpg?ver=1778589913\",\"caption\":\"pcerda\"},\"url\":\"https:\/\/patriciocerda.com\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Instalar Kasten en Openshift con OAuth y Active Directory - vLatam","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/patriciocerda.com\/?p=1397","og_locale":"en_US","og_type":"article","og_title":"Instalar Kasten en Openshift con OAuth y Active Directory - vLatam","og_description":"Hola a todos!\u00a0 Hasta ahora hemos hablado de como instalar","og_url":"https:\/\/patriciocerda.com\/?p=1397","og_site_name":"vLatam","article_published_time":"2022-09-13T12:53:24+00:00","article_modified_time":"2022-12-21T10:57:24+00:00","og_image":[{"width":1280,"height":720,"url":"https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/IntroBlog1397.png","type":"image\/png"}],"author":"pcerda","twitter_card":"summary_large_image","twitter_misc":{"Written by":"pcerda","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/patriciocerda.com\/?p=1397","url":"https:\/\/patriciocerda.com\/?p=1397","name":"Instalar Kasten en Openshift con OAuth y Active Directory - vLatam","isPartOf":{"@id":"https:\/\/patriciocerda.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/patriciocerda.com\/?p=1397#primaryimage"},"image":{"@id":"https:\/\/patriciocerda.com\/?p=1397#primaryimage"},"thumbnailUrl":"https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/IntroBlog1397.png","datePublished":"2022-09-13T12:53:24+00:00","dateModified":"2022-12-21T10:57:24+00:00","author":{"@id":"https:\/\/patriciocerda.com\/#\/schema\/person\/613aa192d7dbcedcd20e08318891aa2a"},"breadcrumb":{"@id":"https:\/\/patriciocerda.com\/?p=1397#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/patriciocerda.com\/?p=1397"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/patriciocerda.com\/?p=1397#primaryimage","url":"https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/IntroBlog1397.png","contentUrl":"https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/IntroBlog1397.png","width":1280,"height":720},{"@type":"BreadcrumbList","@id":"https:\/\/patriciocerda.com\/?p=1397#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/patriciocerda.com\/"},{"@type":"ListItem","position":2,"name":"Instalar Kasten en Openshift con OAuth y Active Directory"}]},{"@type":"WebSite","@id":"https:\/\/patriciocerda.com\/#website","url":"https:\/\/patriciocerda.com\/","name":"vLatam","description":"El Blog de Patricio Cerda","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/patriciocerda.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/patriciocerda.com\/#\/schema\/person\/613aa192d7dbcedcd20e08318891aa2a","name":"pcerda","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/patriciocerda.com\/#\/schema\/person\/image\/","url":"https:\/\/patriciocerda.com\/wp-content\/litespeed\/avatar\/ce92117b9294544adeaad229a8fbac13.jpg?ver=1778589913","contentUrl":"https:\/\/patriciocerda.com\/wp-content\/litespeed\/avatar\/ce92117b9294544adeaad229a8fbac13.jpg?ver=1778589913","caption":"pcerda"},"url":"https:\/\/patriciocerda.com\/?author=1"}]}},"jetpack_featured_media_url":"https:\/\/patriciocerda.com\/wp-content\/uploads\/2022\/09\/IntroBlog1397.png","_links":{"self":[{"href":"https:\/\/patriciocerda.com\/index.php?rest_route=\/wp\/v2\/posts\/1397"}],"collection":[{"href":"https:\/\/patriciocerda.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/patriciocerda.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/patriciocerda.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/patriciocerda.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1397"}],"version-history":[{"count":5,"href":"https:\/\/patriciocerda.com\/index.php?rest_route=\/wp\/v2\/posts\/1397\/revisions"}],"predecessor-version":[{"id":1433,"href":"https:\/\/patriciocerda.com\/index.php?rest_route=\/wp\/v2\/posts\/1397\/revisions\/1433"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/patriciocerda.com\/index.php?rest_route=\/wp\/v2\/media\/1409"}],"wp:attachment":[{"href":"https:\/\/patriciocerda.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1397"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/patriciocerda.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1397"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/patriciocerda.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1397"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}