Configure GitHub OAuth

Configure GitHub and Spinnaker to use GitHub as an OAuth2 authenticator.
Prerequisites
Ability to modify developer settings for your GitHub organization
Access to Halyard
A Spinnaker deployment with DNS and SSL configured
Configure GitHub OAuth in GitHub
1. Login to GitHub and go to Settings > Developer Settings > OAuth Apps > New OAuth App
2. Make note of the Client ID / Client Secret
3.Homepage URL: This would be the URL of your Spinnaker service e.g. https://spinnaker.acme.com​
4.Authorization callback URL: This is going to match your --pre-established-redirect-uri in halyard and the URL needs login appended to your gate endpoint. Example  https://gate.spinnaker.acme.com/login or https://spinnaker.acme.com/gate/login
Configure GitHub OAuth in Spinnaker
Operator
Halyard
Add the following snippet to your SpinnakerService manifest under the spec.spinnakerConfig.config.security.authn level:
oauth2:
    enabled: true
    client:
      clientId: a08xxxxxxxxxxxxx93
      clientSecret: 6xxxaxxxxxxxxxxxxxxxxxxx59   # Secret Enabled Field
      scope: read:org,user:email
      preEstablishedRedirectUri: https://gate.spinnaker.acme.com/login
    provider: GITHUB
Run the following commands in Halyard with your Client ID and Client Secret.
CLIENT_ID=a08xxxxxxxxxxxxx93
CLIENT_SECRET=6xxxaxxxxxxxxxxxxxxxxxxx59
PROVIDER=GITHUB
 
hal config security authn oauth2 edit \
  --client-id $CLIENT_ID \
  --client-secret $CLIENT_SECRET \
  --provider $PROVIDER \
  --scope read:org,user:email \
  --pre-established-redirect-uri "https://gate.spinnaker.acme.com/login"
 
hal config security authn oauth2 enable
Additional OAuth resources 
Spinnaker: OAuth​
Github: OAuth and 
SSL Spinnaker: SSL​

Continuous Deployment to Kubernetes using GitHub triggered Spinnaker pipelines

Troubleshooting

Last modified 11mo ago