3c5fa979a4
Re-organized topic hierarchy Tiny edit to restart review workflow. Squashed with Resolved index.rst conflict commit Change-Id: I13472792cb19d1e9975ac76c6954d38054d606c5 Signed-off-by: Keane Lim <keane.lim@windriver.com> Signed-off-by: MCamp859 <maryx.camp@intel.com>
74 lines
2.1 KiB
ReStructuredText
74 lines
2.1 KiB
ReStructuredText
|
|
.. luo1591184217439
|
|
.. _deprovision-windows-active-directory-authentication:
|
|
|
|
===================================================
|
|
Deprovision Windows Active Directory Authentication
|
|
===================================================
|
|
|
|
You can remove Windows Active Directory authentication from |prod-long|.
|
|
|
|
.. rubric:: |proc|
|
|
|
|
#. Remove the configuration of kube-apiserver to use oidc-auth-apps for
|
|
authentication.
|
|
|
|
|
|
#. Determine the UUIDs of parameters used in the kubernetes **kube-apiserver** group.
|
|
|
|
These include oidc\_client\_id, oidc\_groups\_claim,
|
|
oidc\_issuer\_url and oidc\_username\_claim.
|
|
|
|
.. code-block:: none
|
|
|
|
~(keystone_admin)$ system service-parameter-list
|
|
|
|
#. Delete each parameter.
|
|
|
|
.. code-block:: none
|
|
|
|
~(keystone_admin)$ system service-parameter-delete <UUID>
|
|
|
|
#. Apply the changes.
|
|
|
|
.. code-block:: none
|
|
|
|
~(keystone_admin)$ system service-parameter-apply kubernetes
|
|
|
|
|
|
#. Uninstall oidc-auth-apps.
|
|
|
|
.. code-block:: none
|
|
|
|
~(keystone_admin)$ system application-remove oidc-auth-apps
|
|
|
|
#. Clear the helm-override configuration.
|
|
|
|
.. code-block:: none
|
|
|
|
~(keystone_admin)$ system helm-override-update oidc-auth-apps dex kube-system --reset-values
|
|
~(keystone_admin)$ system helm-override-show oidc-auth-apps dex kube-system
|
|
|
|
~(keystone_admin)$ system helm-override-update oidc-auth-apps oidc-client kube-system --reset-values
|
|
~(keystone_admin)$ system helm-override-show oidc-auth-apps oidc-client kube-system
|
|
|
|
#. Remove secrets that contain certificate data.
|
|
|
|
.. code-block:: none
|
|
|
|
~(keystone_admin)$ kubectl delete secret local-dex.tls -n kube-system
|
|
~(keystone_admin)$ kubectl delete secret dex-client-secret -n kube-system
|
|
~(keystone_admin)$ kubectl delete secret wadcert -n kube-system
|
|
|
|
#. Remove any |RBAC| RoleBindings added for |OIDC| users and/or groups.
|
|
|
|
For example:
|
|
|
|
.. code-block:: none
|
|
|
|
$ kubectl delete clusterrolebinding testuser-rolebinding
|
|
$ kubectl delete clusterrolebinding billingdeptgroup-rolebinding
|
|
|
|
|
|
|