IBM Cloud Docs
Setting the OAuth access type for VPC clusters

Setting the OAuth access type for VPC clusters

Virtual Private Cloud

You can set the OpenShift console and OAuth exposure method for private-only Red Hat OpenShift on IBM Cloud clusters on VPC infrastructure.

Choose between the following options when setting the OpenShift console and OAuth exposure method.

Virtual Private Endpoint Gateway
This is default access type for version 4.13. For more information, see Accessing VPC clusters through the VPE gateway.
Private Service Endpoint URL
This is default access type for cluster versions 4.12 and earlier and 4.14 and later. For more information, see Accessing clusters through the private cloud service endpoint.

Setting the Virtual Private Endpoint Gateway for OAuth and console as the default behavior for all clusters is available on an allowlist basis. To request that your account be allowlisted, see Requesting access to allowlisted features.

Setting the OAuth access type for a cluster from the API

You can use the POST /network/v2/oauth-access-type/{idOrName}/set API to set the access type for your cluster.

  1. Access your Red Hat OpenShift cluster.

  2. Get the name or ID of your cluster. To list the clusters that you have access to, use the GET /v1/clusters API or run ibmcloud ks cluster ls.

  3. Generate an IAM token.

  4. Run the following request. Replace {idOrName} with the name or ID of your cluster.

    curl -X POST "https://containers.cloud.ibm.com/network/v2/oauth-access-type/{idOrName}/set" -H "accept: application/json" -H "Authorization: TOKEN" -H "X-Auth-Resource-Group: RESOURCE-GROUP" -H "Content-Type: application/json" -d "{ \"oauth_access_type\": \"string\"}"
    oauth-access-type
    vpegw: Specify vpegw to expose the OpenShift console and OAuth using the Virtual Private Endpoint gateway.
    legacy: Specify legacy to expose the OpenShift console and OAuth using the Private Service Endpoint URL.

  5. Review the output and verify the OAuth access type is set.

  6. After setting the access type, you must perform a cluster master refresh.

    ibmcloud oc cluster master refresh --cluster CLUSTER

Getting the OAuth access type for a cluster from the API

You can use the GET /network/v2/oauth-access-type/{idOrName} API to get the access type details for your cluster.

  1. Access your Red Hat OpenShift cluster.

  2. Get the name or ID of your cluster. To list the clusters that you have access to, use the GET /v1/clusters API or run ibmcloud ks cluster ls.

  3. Run the following request.

    curl -X GET "https://containers.cloud.ibm.com/global/network/v2/oauth-access-type/{idORName}" -H "accept: application/json" -H "Authorization: TOKEN" -H "X-Auth-Resource-Group: RESOURCE-GROUP" -H "Content-Type: application/json"

  4. Review the output and verify the OAuth access type.

    • 4.13 clusters: If the value is empty, the vpegw behavior is being used.
    • 4.14 clusters: If the value is empty, the legacy behavior is being used.