Configure Google OAuth2 Authentication

To enable Google OAuth2, you must register a new application with Google.

Create Google OAuth2 Keys

In the Google environment, follow these steps:

Navigate to the Google Credentials page.
Click Create credentials > OAuth client ID.
Select the Web application type.
Enter Name , such as Kloudfuse.
Enter URL of the kloudfuse installation in the Authorized JavaScript Origins.

Example: kloudfuse.yourcompany.com
Enter URL that has the /oauth2/callback of the kloudfuse in the Authorized redirect URIs.

Example: kloudfuse.yourcompany.com/oauth2/callback
Click Create.
Copy the Client ID and Client Secret from the OAuth Client modal.

Save it for next steps.

In your custom-values.yaml file, add google client ID and secret:

 kfuse-auth:
   oauth2-proxy:
     config:
       clientID: "REPLACE_CLIENT_ID"
       clientSecret: "REPLACE_CLIENT_SECRET"

yaml

In the kfuse namespace, create 2 kubernetes secrets:

Create a secret called kfuse-auth-users as mentioned here.
Create a new kubernetes secret, kfuse-auth-users; you can also update an existing secret.

Use the output of cat users.txt| base64 as the value of users.txt entry in the secret.

Use the edit command if editing an existing secret.

Edit Secret

kubectl edit secret kfuse-auth-users

Create kubernetes secret kfuse-auth-users

apiVersion: v1
data:
  users.txt: |-
    <base64-encoded-value-from-above>
kind: Secret
metadata:
  name: kfuse-auth-users
type: Opaque

yaml

Include the two secrets in your custom-values.yaml file:

Add secrets to custom-values.yaml

kfuse-auth:
  oauth2-proxy:
    config:
      existingSecret: "kfuse-auth-google"
    htpasswdFile:
      existingSecret: "kfuse-auth-users"

yaml