HI,
Can you explain me how to configure Kasten K10 OIDC provider with google please ?
Thanks in advance.
Best regards.
Userlevel 4
+2
Hello
Thank you for using our K10 community!
Please take a look in our documentation where we have the setup for OIDC irrespective of whether the Kubernetes cluster is configured, also there are some Kasten blogs showing how to setup K10 with OTKA that might be helpful:
https://docs.kasten.io/latest/access/authentication.html#openid-connect-authentication
https://www.kasten.io/kubernetes/resources/blog/how-to-configure-k10-with-oidc-based-authentication-using-okta
Hope it helps.
Rubens
Userlevel 3
HI Rubens,
Ok thanks I have successfully connected the oidc provider google.
how can I use the parameters k10AdminGroups and k10AdminUsers? I have tried to set a google group email or google user email but it doesnt give me permission admin.
Best regards.
Userlevel 4
+2
Hello
Could you please share with us the helm values for k10AdminGroups/Users would like to see how have you setup, please remove any confidential information.
Also if possible let us know which error or message are you seeing while logged in on K10 dashboard.
Rubens
Userlevel 3
HI Rubens,
I have set the oidc and the groups as following:
auth:
k10AdminUsers:
- "reynald@example.com"
k10AdminGroups:
- "kasten-admins@example.com"
oidcAuth:
enabled: true
providerURL: "https://accounts.google.com" #URL to your OIDC provider
redirectURL: "https://kasten.xxx.xx" #URL to the K10 gateway service
scopes: "profile email" #Space separated OIDC scopes required for userinfo. Example: "profile email"
prompt: "select_account" #The prompt type to be requested with the OIDC provider. Default is select_account.
clientID: "XXXXXXXXXXXX" #ClientID given by the OIDC provider for K10
clientSecret: "XXXXXXXX" #ClientSecret given by the OIDC provider for K10
usernameClaim: "email" #Claim to be used as the username
usernamePrefix: "" #Prefix that has to be used with the username obtained from the username claim
groupClaim: "groups" #Name of a custom OpenID Connect claim for specifying user groups
groupPrefix: "" #All groups will be prefixed with this value to prevent conflicts.
logoutURL: "" #URL to your OIDC provider's logout endpoint
Best regards.
Userlevel 3
HI,
Do you have some news about this configuration please?
Best regards.
Userlevel 4
+2
Hello
Apologies for delay,
Could you please check on K10 Dashboard > Settings > User Roles, and verify if the user/group you setup in the helm values was added to the Subject list of the Cluster Role Binding k10-admin:
I.e.:
If it was not added, it might be that the id you provided is not the correct Id/name for the user/group on GCP (Google Cloud Platform).
The users/groups in K10AdminGroups/K10AdminUsers will be appended to the list of subjects in the default ClusterRoleBinding that is created when K10 is installed to bind them to the ClusterRole named k10-admin.
Hope it helps
Rubens
Userlevel 3
HI Rubens,
I am not using GCP but Gsuites account. I have no users on the subject list of role assignment kasten-io-k10-k10-admin.
on the values.yml file I have the user and group declared as following:
auth:
k10AdminUsers:
- "reynald@square1.io"
k10AdminGroups:
- "kasten-admins@square1.io"
if I look my account it appear as user reynald@square1.io:
I have try with only reynald but nothing works.
Best regards.
Comment
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.