apiVersion: v1 kind: ConfigMap metadata: annotations: name: kerberos-config-osh-client namespace: psse-scanchain-prod data: linux-krb5.conf: | includedir /etc/krb5.conf.d/ # depending on your config, you may wish to uncomment the following: # includedir /var/lib/sss/pubconf/krb5.include.d/ [libdefaults] default_realm = IPA.REDHAT.COM dns_lookup_realm = true dns_lookup_kdc = true rdns = false dns_canonicalize_hostname = false ticket_lifetime = 24h forwardable = true udp_preference_limit = 1 default_ccache_name = FILE:/tmp/krb5cc_%{uid} max_retries = 1 kdc_timeout = 1500 [realms] REDHAT.COM = { default_domain = redhat.com dns_lookup_kdc = true master_kdc = kerberos.corp.redhat.com admin_server = kerberos.corp.redhat.com } IPA.REDHAT.COM = { default_domain = ipa.redhat.com dns_lookup_kdc = true # Trust tickets issued by legacy realm on this host auth_to_local = RULE:[1:$1@$0](.*@REDHAT\.COM)s/@.*// auth_to_local = DEFAULT } #DO NOT ADD A [domain_realms] section #https://mojo.redhat.com/docs/DOC-1166841 --- #oc create configmap osh-client-config --from-file=client.conf --dry-run=client -o yaml > osh-client-config.yaml apiVersion: v1 kind: ConfigMap metadata: name: osh-client-config namespace: pct-security-tooling data: client.conf: |+ # client config file for covscan # Hub XML-RPC address. HUB_URL = "https://cov01.lab.eng.brq2.redhat.com/covscanhub/xmlrpc" BREW_URL = "https://brewhub.engineering.redhat.com/brewhub" KOJI_URL = "https://koji.fedoraproject.org/kojihub" KOJI_PROFILES = "brew,koji" CIM_SERVER = "cov01.lab.eng.brq2.redhat.com" CIM_PORT = "8080" DEFAULT_MOCKCONFIG = "fedora-rawhide-x86_64" # Hub authentication method: "krbv", "password", or "gssapi" AUTH_METHOD = "krbv" KRB_REALM = "IPA.REDHAT.COM" # Kerberos principal. If commented, default principal obtained by kinit is used. KRB_PRINCIPAL = "HTTP/osh-pct-security-tooling.apps.ocp-c1.prod.psi.redhat.com@IPA.REDHAT.COM" # Kerberos keytab file. KRB_KEYTAB = "/kerberos/kerberos-keytab-osh" # Enables XML-RPC verbose flag DEBUG_XMLRPC = 0