Skip to content

Instantly share code, notes, and snippets.

@nerdalert

nerdalert/maas-ODH-fix.md

Created February 18, 2026 15:38
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save nerdalert/3e66d25ffa5f0f9b2ab8b40db77932f1 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save nerdalert/3e66d25ffa5f0f9b2ab8b40db77932f1 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
maas-ODH-fix.md 
#### ODH MaaS Deploy Fix ####

#  Step 1: Run the deploy script (it will hang — kill it after it says "Waiting for operator webhook")

  ./scripts/deploy.sh --operator-type odh
  # Wait until you see: "Waiting for deployment/opendatahub-operator-controller-manager in opendatahub-operator-system..."
  # Then Ctrl+C — the operator is actually running in the "opendatahub" namespace

#  Step 2: Verify the operator is running

  oc get deployment -n opendatahub
  # Should show opendatahub-operator-controller-manager 3/3 READY

#  Step 3: Apply DSCInitialization

cat <<'EOF' | oc apply -f -
apiVersion: dscinitialization.opendatahub.io/v1
kind: DSCInitialization
metadata:
  name: default-dsci
spec:
  applicationsNamespace: opendatahub
  monitoring:
    managementState: Managed
    namespace: opendatahub-monitoring
    metrics: {}
  trustedCABundle:
    managementState: Managed
EOF

#  Step 4: Apply DataScienceCluster

oc apply --server-side=true -f scripts/data/datasciencecluster.yaml

#  Step 5: Wait for DataScienceCluster to be ready

oc wait datasciencecluster default-dsc --for=condition=KserveReady --timeout=600s

#  Step 6: Configure TLS backend

AUTHORINO_NAMESPACE=kuadrant-system deployment/overlays/tls-backend/configure-authorino-tls.sh

# Step 7: Restart deployments to pick up TLS config

oc rollout restart deployment/maas-api -n opendatahub
oc rollout restart deployment/authorino -n kuadrant-system
oc rollout status deployment/authorino -n kuadrant-system --timeout=120s
oc rollout status deployment/maas-api -n opendatahub --timeout=120s

#  Step 8: Configure AuthPolicy for ROSA cluster audience

source scripts/deployment-helpers.sh
CLUSTER_AUD=$(get_cluster_audience)
echo "Cluster audience: $CLUSTER_AUD"

oc annotate authpolicy maas-api-auth-policy -n opendatahub opendatahub.io/managed="false" --overwrite

oc patch authpolicy maas-api-auth-policy -n opendatahub --type=merge --patch-file <(cat <<EOF
spec:
  rules:
    authentication:
      openshift-identities:
        kubernetesTokenReview:
          audiences:
            - $CLUSTER_AUD
            - maas-default-gateway-sa
EOF
)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment