Configuring OKTA
- Abhishek Chaturvedi (Unlicensed)
- Rabiya Ahmed
- Vinay Krishnamurthy
Owned by Abhishek Chaturvedi (Unlicensed)
Kloudfuse platform supports OKTA integration for customers who use OKTA based authorization within their organization. To enable it, please follow these steps.
Setup okta account per https://oauth2-proxy.github.io/oauth2-proxy/7.3.x/configuration/oauth_provider/#okta
Create a config map specification as follows in kfuse namespace replacing the DNS host and account (note the configmap name):
apiVersion: v1 data: oauth2_proxy.cfg: | custom_templates_dir = "/data/custom-templates" display_htpasswd_form = "true" email_domains = [ "*" ] cookie_secure = "true" provider = "oidc" redirect_url = "https://<REPLACE_DNS_HOST>/oauth2/callback" oidc_issuer_url = "https://<REPLACE_OKTA_ACCOUNT_ID>.okta.com/oauth2/default" kind: ConfigMap metadata: annotations: labels: app.kubernetes.io/managed-by: Helm name: kfuse-auth-okta-config
Create secret called
kfuse-auth-oktainkfusenamespace. Use base64 encoded values of client-id and client-secret from above. To generate cookie secret, run:python3 -c 'import base64,secrets,string; print(base64.b64encode(bytes("".join(secrets.choice(string.ascii_letters + string.punctuation + string.digits) for i in range(32)), "utf-8")).decode())'apiVersion: v1 data: client-secret: <base 64 encoded client secret> client-id: <base 64 encoded client id> cookie-secret: <base 64 encoded cookie secret> kind: Secret metadata: name: kfuse-auth-okta type: OpaqueUpdate custom-values.yaml file to include following to refer to the config map and secrets we created.