Configure GitHub OAuth for Spinnaker
Configure GitHub and Spinnaker to use GitHub as an OAuth2 authenticator.
Requirements for configuring GitHub OAuth
- Ability to modify developer settings for your GitHub organization
- Access to Halyard
- A SpinnakerTM deployment with DNS and SSL configured
Configuring GitHub OAuth in GitHub
- Login to GitHub and go to Settings > Developer Settings > OAuth Apps > New OAuth App
- Note the Client ID / Client Secret
- Homepage URL: This would be the URL of your Spinnaker service e.g.
https://spinnaker.acme.com - Authorization callback URL: This is going to match your
--pre-established-redirect-uriin halyard and the URL needsloginappended to your gate endpoint e.g.https://gate.spinnaker.acme.com/loginorhttps://spinnaker.acme.com/gate/login
Configuring GitHub OAuth in Spinnaker
Add the following snippet to your SpinnakerService manifest under the spec.spinnakerConfig.config.security.authn level:
oauth2:
enabled: true
client:
clientId: a08xxxxxxxxxxxxx93
clientSecret: 6xxxaxxxxxxxxxxxxxxxxxxx59 # Secret Enabled Field
scope: read:org,user:email
preEstablishedRedirectUri: https://gate.spinnaker.acme.com/login
provider: GITHUB
For additional configuration options review the Spinnaker Manifest Configuration Reference
Run the following commands in Halyard with your Client ID and Client Secret.
CLIENT_ID=a08xxxxxxxxxxxxx93
CLIENT_SECRET=6xxxaxxxxxxxxxxxxxxxxxxx59
PROVIDER=GITHUB
hal config security authn oauth2 edit \
--client-id $CLIENT_ID \
--client-secret $CLIENT_SECRET \
--provider $PROVIDER \
--scope read:org,user:email \
--pre-established-redirect-uri "https://gate.spinnaker.acme.com/login"
hal config security authn oauth2 enable
Additional OAuth resources
Feedback
Was this page helpful?
Thank you for letting us know!
Sorry to hear that. Please tell us how we can improve.
Last modified April 16, 2021: (3f9b597)