Local Authentication
After installing Kloudfuse, add users and manage their credentials.
|
The user appears in the Admin > Users tab after they log in for the first time. |
Follow these steps:
-
Connect to your Kloudfuse Kubernetes cluster.
-
Remove any existing local copy of the
users.txtfile:rm -f users.txt -
Retrieve the current
users.txtfrom thekfuse-auth-userssecret and save it locally. The file uses htpasswd format.kubectl get secret -n kfuse kfuse-auth-users -o json | jq -r '.data."users.txt"' | base64 -d > users.txtIf the secret does not exist yet, create a new empty
users.txtfile. -
(Optional) If changing the password of an existing user, remove that user’s entry from
users.txt. -
Create or update the user’s password.
This example is for user
testuser. For the admin user, useadmin.htpasswd -Bn testuser >> users.txt
|
|
-
Ensure that
users.txthas no blank lines between entries:sed -i '' '/^$/d' users.txt -
Ensure that
users.txtends with a newline:echo "" >> users.txt -
Encode
users.txtin base64:cat users.txt | base64 -
Update the
kfuse-auth-usersKubernetes secret with the base64-encoded value:kubectl edit secret kfuse-auth-usersSet the
users.txtfield to the output of the previous step.If the secret does not exist, create it:
apiVersion: v1 data: users.txt: |- <base64-encoded-value> kind: Secret metadata: name: kfuse-auth-users type: Opaqueyaml -
For fresh installations, update your
custom-values.yamlto reference thekfuse-auth-userssecret:kfuse-auth: oauth2-proxy: htpasswdFile: existingSecret: kfuse-auth-usersyamlSkip this step when adding a new user or updating the password of an existing user.
-
Restart the
kfuse-authdeployment to apply the changes:kubectl -n kfuse rollout restart deployment kfuse-auth -
After logging in with the new credentials for the first time, the user appears in the Admin > Users interface.
