===== Creating Local Users in OKD/Openshift 4.21 Using HTPasswd =====

A fresh OKD installation only provides the ``kubeadmin`` user.  
To allow local users to log in and deploy pods, configure an HTPasswd
identity provider.

----

==== Step 1: Create the htpasswd file ====

<code bash>
docker run --rm \
  -v $(pwd):/work \
  docker.io/httpd:2 \
  htpasswd -cbB /work/users.htpasswd user1 MyPassword123

docker run --rm \
  -v $(pwd):/work \
  docker.io/httpd:2 \
  htpasswd -bB /work/users.htpasswd user2 MyPassword123
  
docker run --rm \
  -v $(pwd):/work \
  docker.io/httpd:2 \
  htpasswd -bB /work/users.htpasswd user3 MyPassword123
</code>

----

==== Step 2: Create the secret in the openshift-config namespace ====

<code bash>
oc create secret generic htpasswd-secret \
  --from-file=htpasswd=users.htpasswd \
  -n openshift-config
</code>

----

==== Step 3: Configure OAuth to use HTPasswd ====

Edit the OAuth configuration:

<code bash>
oc edit oauth cluster
</code>

Add:

<code yaml>
spec:
  identityProviders:
  - name: local-users
    mappingMethod: claim
    type: HTPasswd
    htpasswd:
      fileData:
        name: htpasswd-secret
</code>

Wait for the OAuth operator to restart.

----

==== Step 4: Test login ====

Log out of the Web Console and log in with:

  * Username: ``myuser``
  * Password: ``MyPassword123``

----

==== Step 5: Grant permissions to the new user ====

Allow user to create their own Projects:

<code bash>
oc adm policy add-cluster-role-to-user self-provisioner myuser
</code>

Or give admin access to a specific namespace:

<code bash>
oc adm policy add-role-to-user admin myuser -n mynamespace
</code>

The user can now create and run pods.


Grant access to others to existing project:
<code>
oc adm policy add-role-to-user admin user1 -n project1
oc adm policy add-role-to-user admin user2 -n project1
oc adm policy add-role-to-user admin user3 -n project1
</code>