Configure GitHub OAuth for Spinnaker
Configure GitHub and Spinnaker to use GitHub as an OAuth2 authenticator.
Requirements for configuring GitHub OAuth
- Ability to modify developer settings for your GitHub organization
- Access to Halyard
- A SpinnakerTM deployment with DNS and SSL configured
Configuring GitHub OAuth in GitHub
- Login to GitHub and go to Settings > Developer Settings > OAuth Apps > New OAuth App
- Note the Client ID / Client Secret
- Homepage URL: This would be the URL of your Spinnaker service e.g.
https://spinnaker.acme.com
- Authorization callback URL: This is going to match your
--pre-established-redirect-uri
in halyard and the URL needslogin
appended to your gate endpoint e.g.https://gate.spinnaker.acme.com/login
orhttps://spinnaker.acme.com/gate/login
Configuring GitHub OAuth in Spinnaker
Add the following snippet to your SpinnakerService
manifest under the spec.spinnakerConfig.config.security.authn
level:
oauth2:
enabled: true
client:
clientId: a08xxxxxxxxxxxxx93
clientSecret: 6xxxaxxxxxxxxxxxxxxxxxxx59 # Secret Enabled Field
scope: read:org,user:email
preEstablishedRedirectUri: https://gate.spinnaker.acme.com/login
provider: GITHUB
For additional configuration options review the Spinnaker Operator Reference
Run the following commands in Halyard with your Client ID and Client Secret.
CLIENT_ID=a08xxxxxxxxxxxxx93
CLIENT_SECRET=6xxxaxxxxxxxxxxxxxxxxxxx59
PROVIDER=GITHUB
hal config security authn oauth2 edit \
--client-id $CLIENT_ID \
--client-secret $CLIENT_SECRET \
--provider $PROVIDER \
--scope read:org,user:email \
--pre-established-redirect-uri "https://gate.spinnaker.acme.com/login"
hal config security authn oauth2 enable
Additional OAuth resources
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.
Last modified April 12, 2021: (8405118)