Configure Google OAuth2 Authentication

Owned by Ashish Hanwadikar
Last updated: Apr 12, 2024 by Abhishek Chaturvedi
1 min read

To enable Google OAuth2, you need to register a new application with Google.

If upgrading Kloudfuse release 1.3.4 and earlier, please make sure to follow post upgrade steps after finishing upgrade.

Create Google OAuth2 Keys

  1. Go to the Credentials page.

  2. Click Create credentials > OAuth client ID.

  3. Select the Web application application type.

  4. Enter Name (e.g. Kloudfuse)

  5. Enter URL of the kloudfuse installation in the Authorized JavaScript Origins. Example: kloudfuse.yourcompany.com

  6. Enter URL with /oauth2/callback of the kloudfuse in the Authorized redirect URIs. Example: kloudfuse.yourcompany.com/oauth2/callback

  7. Click Create

  8. Copy the Client ID and Client Secret from the ‘OAuth Client’ modal. It is required for further steps.

Enable Google Auth in Kloudfuse

Option 1. Using Client ID & Secret

  • In your custom values.yaml, add google client ID and secret:

kfuse-auth: oauth2-proxy: config: clientID: "REPLACE_CLIENT_ID" clientSecret: "REPLACE_CLIENT_SECRET"
Option 2. Using a Kubernetes secrets.

  • Create 2 kubernetes secrets in kfuse namespace.

    • Create secret called kfuse-auth-users as mentioned here.

    • Create secret called kfuse-auth-google. Use base64 encoded values of client-id and client-secret from above. To generate cookie secret, use these steps.

apiVersion: v1 data: client-id: <base 64 encoded google client id> client-secret: <base 64 encoded google client secret> cookie-secret: <base 64 encoded random value> kind: Secret metadata: name: kfuse-auth-google type: Opaque

  • and refer it from your custom values.yaml by adding the following

kfuse-auth: oauth2-proxy: config: existingSecret: "kfuse-auth-google" htpasswdFile: existingSecret: "kfuse-auth-users"