Kloudfuse platform supports OKTA integration for customers who use OKTA based authorization within their organization. To enable it, please follow these steps.
Setup okta account per https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/oauth_provider/#okta
Create a config map specification as follows in kfuse namespace replacing the DNS host and account (note the configmap name):
apiVersion: v1 data: oauth2_proxy.cfg: | custom_templates_dir = "/data/custom-templates" display_htpasswd_form = "true" email_domains = [ "*" ] cookie_secure = "true" provider = "oidc" redirect_url = "https://<REPLACE_DNS_HOST>/oauth2/callback" oidc_issuer_url = "https://<REPLACE_OKTA_ACCOUNT_ID>.okta.com/oauth2/default" kind: ConfigMap metadata: annotations: labels: app.kubernetes.io/managed-by: Helm name: kfuse-auth-okta-config
Create secret called
kfuse-auth-okta. Use base64 encoded values of client-id and client-secret from above. To generate cookie secret, use these steps.apiVersion: v1 data: client-secret: <base 64 encoded client secret> client-id: <base 64 encoded client id> cookie-secret: <base 64 encoded cookie secret> kind: Secret metadata: name: kfuse-auth-okta type: Opaque
Update custom-values.yaml file to include following to refer to the config map and secrets we created.
kfuse-auth: oauth2-proxy: config: existingSecret: "kfuse-auth-okta" existingConfig: "kfuse-auth-okta-config"