Configuring OKTA
Kloudfuse platform supports OKTA integration for customers who use OKTA based authorization within their organization. To enable it, please follow these steps.
Setup okta account per OAuth Provider Configuration | OAuth2 Proxy
Create a config map specification as follows in kfuse namespace replacing the DNS host and account (note the configmap name):
apiVersion: v1 data: oauth2_proxy.cfg: | custom_templates_dir = "/data/custom-templates" display_htpasswd_form = "true" email_domains = [ "*" ] cookie_secure = "true" provider = "oidc" redirect_url = "https://<REPLACE_DNS_HOST>/oauth2/callback" oidc_issuer_url = "https://<REPLACE_OKTA_ACCOUNT_ID>.okta.com/oauth2/default" kind: ConfigMap metadata: annotations: labels: app.kubernetes.io/managed-by: Helm name: kfuse-auth-okta-config
Create secret called
kfuse-auth-okta
inkfuse
namespace. Use base64 encoded values of client-id and client-secret from above. To generate cookie secret, run:python3 -c 'import base64,secrets,string; print(base64.b64encode(bytes("".join(secrets.choice(string.ascii_letters + string.punctuation + string.digits) for i in range(32)), "utf-8")).decode())'
apiVersion: v1 data: client-secret: <base 64 encoded client secret> client-id: <base 64 encoded client id> cookie-secret: <base 64 encoded cookie secret> kind: Secret metadata: name: kfuse-auth-okta type: Opaque
Update custom-values.yaml file to include following to refer to the config map and secrets we created.