Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Kloudfuse platform supports OKTA integration for customers who use OKTA based authorization within their organization. To enable it, please follow these steps.

  • Setup okta account per https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/oauth_provider/#okta

  • Create a config map specification as follows in kfuse namespace replacing the DNS host and account (note the configmap name):

    apiVersion: v1
    data:
      oauth2_proxy.cfg: |
        custom_templates_dir = "/data/custom-templates"
        display_htpasswd_form = "true"
        email_domains = [ "*" ]
        cookie_secure = "true"
        provider = "oidc"
        redirect_url = "https://<REPLACE_DNS_HOST>/oauth2/callback"
        oidc_issuer_url = "https://<REPLACE_OKTA_ACCOUNT_ID>.okta.com/oauth2/default"
    
    kind: ConfigMap
    metadata:
      annotations:
      labels:
        app.kubernetes.io/managed-by: Helm
      name: kfuse-auth-okta-config
  • Create secret called kfuse-auth-okta. Use base64 encoded values of client-id and client-secret from above. To generate cookie secret, run:

    python3 -c 'import os,base64; print(base64.b64encode(os.urandom(32)).decode())' 
    apiVersion: v1
    data:
      client-secret: <base 64 encoded client secret>
      client-id: <base 64 encoded client id>
      cookie-secret: <base 64 encoded cookie secret>
    kind: Secret
    metadata:
      name: kfuse-auth-okta
    type: Opaque
  • Update custom-values.yaml file to include following to refer to the config map and secrets we created.

    kfuse-auth:
      oauth2-proxy:
        config:
          existingSecret: "kfuse-auth-okta"
          existingConfig: "kfuse-auth-okta-config"

  • No labels