OpenShift ROSA: Get the OIDC URL within the cluster

AWS Kubernetes OpenShift ROSA OIDC Identity provider

1 min read | by Jordi Prats

When running a ROSA cluster (OpenShift on AWS) we might need to get it's Identity provider (OIDC) for, for example, configure STS (IRSA). We can get it directly from the cluster reading the Authentication object

To do so we just need to use kubectl get on the Authentication object named **cluster as follows:

$ kubectl get authentication -o yaml apiVersion: config.openshift.io/v1 kind: Authentication metadata:  name: cluster  (...) spec:  oauthMetadata:  name: ""  serviceAccountIssuer: https://rh-oidc.s3.us-east-1.amazonaws.com/cdefb6lj4p4k1a01i561h9rb221cv53  type: ""  webhookTokenAuthenticator:  kubeConfig:  name: webhook-authentication-integrated-oauth status:  integratedOAuthMetadata:  name: oauth-openshift

We can always use a jsonpath to directly retrieve the URL:

$ kubectl get authentication cluster -o jsonpath='{ .spec.serviceAccountIssuer }' https://rh-oidc.s3.us-east-1.amazonaws.com/cdefb6lj4p4k1a01i561h9rb221cv53

Posted on 20/10/2022

OpenShift ROSA: Get the OIDC URL within the cluster

Categories