Links

Configure GitHub OAuth

Configure GitHub and Spinnaker to use GitHub as an OAuth2 authenticator.

Prerequisites

  • Ability to modify developer settings for your GitHub organization
  • Access to Halyard
  • A Spinnaker deployment with DNS and SSL configured

Configure GitHub OAuth in GitHub

  1. 1.
    Login to GitHub and go to Settings > Developer Settings > OAuth Apps > New OAuth App
  2. 2.
    Make note of the Client ID / Client Secret
  3. 3.
    Homepage URL: This would be the URL of your Spinnaker service e.g. https://spinnaker.acme.com
  4. 4.
    Authorization callback URL: This is going to match your --pre-established-redirect-uri in halyard and the URL needs login appended to your gate endpoint. Example https://gate.spinnaker.acme.com/login or https://spinnaker.acme.com/gate/login

Configure GitHub OAuth in Spinnaker

Operator
Halyard
Add the following snippet to your SpinnakerService manifest under the spec.spinnakerConfig.config.security.authn level:
oauth2:
enabled: true
client:
clientId: a08xxxxxxxxxxxxx93
clientSecret: 6xxxaxxxxxxxxxxxxxxxxxxx59 # Secret Enabled Field
scope: read:org,user:email
preEstablishedRedirectUri: https://gate.spinnaker.acme.com/login
provider: GITHUB
Run the following commands in Halyard with your Client ID and Client Secret.
CLIENT_ID=a08xxxxxxxxxxxxx93
CLIENT_SECRET=6xxxaxxxxxxxxxxxxxxxxxxx59
PROVIDER=GITHUB
hal config security authn oauth2 edit \
--client-id $CLIENT_ID \
--client-secret $CLIENT_SECRET \
--provider $PROVIDER \
--scope read:org,user:email \
--pre-established-redirect-uri "https://gate.spinnaker.acme.com/login"
hal config security authn oauth2 enable

Additional OAuth resources