You can use Kloudfuse UI through your google account authentication. To enable Google OAuth2, you need to register a new application with Google.
Create Google OAuth2 Keys
Go to the Credentials page.
Click Create credentials > OAuth client ID.
Select the Web application application type.
Enter Name (e.g. Kloudfuse)
Enter URL of the kloudfuse installation in the Authorized JavaScript Origins. Example: kloudfuse.yourcompany.com
Click Create
Copy the Client ID and Client Secret from the ‘OAuth Client’ modal
Enable Google Auth in Kloudfuse
Create a new secret (say, kfuse-credentials) secret in kfuse namespace of your kloudfuse installation in the following format:
apiVersion: v1 data: GoogleApiKey: <Client Secret> GoogleClientId: <Client ID> GoogleDomain: <Google Domain> JwtSigningKey: and0c2lnbmluZ2tleQ== admin-user: <admin user> admin-password: <admin password> kind: Secret metadata: name: kfuse-credentials type: Opaque
Replace/add Client ID, Client Secret and google domain - you will need to do base64 encode the Client ID, Client Secret and the google domain. You can also use the admin-user and admin-password fields in the kfuse-credentials secret to change the admin user and password from their default values. These values need to be base64 encoded.
To encode the above values in base64 you can use the following command:
echo -n <value to be encoded> | base64
kubectl apply -f kfuse-credentials.yaml -n kfuse
In the
custom_values.yamlfile that you used for kfuse helm chart installation, add the following lines:auth: config: AUTH_TYPE: "google" AUTH_COOKIE_MAX_AGE_IN_SECONDS: 259200 auth: existingAdminSecret: "kfuse-credentials" existingSecret: "kfuse-credentials"Install using the helm command with the
custom_values.yaml.For the config to take effect, Restart the auth service using:
kubectl rollout restart deployment auth
You should now see a Google login button (if AUTH_TYPE is set to “google”) on the login page.