Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

You can use Kloudfuse UI through your google account authentication. To enable Google OAuth2, you need to register a new application with Google.

If upgrading Kloudfuse release 1.3.4 and earlier, please make sure to follow post upgrade steps after finishing upgrade.

Create Google OAuth2 Keys

  1. Go to the Credentials page.

  2. Click Create credentials > OAuth client ID.

  3. Select the Web application application type.

  4. Enter Name (e.g. Kloudfuse)

  5. Enter URL of the kloudfuse installation in the Authorized JavaScript Origins. Example: kloudfuse.yourcompany.com

  6. Enter URL with /oauth2/callback of the kloudfuse in the Authorized redirect URIs. Example: kloudfuse.yourcompany.com/oauth2/callback

  7. Click Create

  8. Copy the Client ID and Client Secret from the ‘OAuth Client’ modal. It is required for further steps.

Enable Google Auth in Kloudfuse

...

Option 1. Using Client ID & Secret
  • In your custom values.yaml, add google client ID and secret:

Code Block

...

 kfuse-auth:
   

...

oauth2-proxy:

...

 

...

   

...

 config:

...

 

...

   

...

 

...

  

...

clientID: 

...

"REPLACE_CLIENT_ID"
   

...

 

...

 

...

 

...

 

...

  1. Replace/add Client ID, Client Secret and google domain - you will need to do base64 encode the Client ID, Client Secret and the google domain. You can also use the admin-user and admin-password fields in the kfuse-credentials secret to change the admin user and password from their default values. These values need to be base64 encoded.

  2. To encode the above values in base64 you can use the following command:

    Code Block
    echo -n <value to be encoded> | base64
  3. Code Block
    kubectl apply -f kfuse-credentials.yaml -n kfuse

In the custom_values.yaml file that you used for kfuse helm chart installation, add the following lines:

...

clientSecret: "REPLACE_CLIENT_SECRET"
Option 2. Using a Kubernetes secrets.
  • Create 2 kubernetes secrets in kfuse namespace.

    • Create secret called kfuse-auth-users as mentioned here.

    • Create secret called kfuse-auth-google. Use base64 encoded values of client-id and client-secret from above. To generate cookie secret, use these steps.

Code Block
apiVersion: v1
data:
  client-id: <base 64 encoded google client id>
  client-secret: <base 64 encoded google client secret>
  cookie-secret: <base 64 encoded random value>
kind: Secret
metadata:
   name: kfuse-auth-google
type: Opaque
  • and refer it from your custom values.yaml by adding the following

Code Block
kfuse-auth:
  oauth2-proxy:
    config:
      

...

existingSecret: "kfuse-

...

auth-google"
    htpasswdFile:
      existingSecret: "kfuse-

...

Install using the helm command with the custom_values.yaml .

For the config to take effect, Restart the auth service using:

Code Block
kubectl rollout restart deployment auth

...

auth-users"