Oauth2 Configuration
Table of Contents
Introduction
The oauth2 secret depends on the type of authentication server used.
For Oauth2 configuration, we need oauth2 secret for the authentication server. Example for authentication server
Authentication server on Azure
For Azure, the authentication server administrator should supply the Azure tenant id ($AZURE_TENANT_ID), app id ($AZURE_APP_ID) and client secret ($AZURE_CLIENT_SECRET). The secret is created with:
kubectl create secret generic oauth2 \
--from-literal=TENANT_ID=$AZURE_TENANT_ID \
--from-literal=CLIENT_ID=$AZURE_APP_ID \
--from-literal=CLIENT_SECRET=$AZURE_CLIENT_SECRET \
--namespace ${namespace}
Authentication server on AWS
For Cognito, the authentication server administrator should supply the Cognito region ($COGNITO_REGION), pool id ($COGNITO_POOL_ID), client id ($COGNITO_CLIENT_ID), client secret ($COGNITO_CLIENT_SECRET) and the domain ($COGNITO_DOMAIN). The secret is created with:
kubectl create secret generic oauth2 \
--from-literal=REGION=$COGNITO_REGION \
--from-literal=POOL_ID=$COGNITO_POOL_ID \
--from-literal=CLIENT_ID=$COGNITO_CLIENT_ID \
--from-literal=CLIENT_SECRET=$COGNITO_CLIENT_SECRET \
--from-literal=DOMAIN=$COGNITO_DOMAIN \
--namespace ${namespace}
Authentication server on Okta
For Okta, the authentication server administrator should supply the Okta client id ($OKTA_CLIENT_ID), client secret ($OKTA_CLIENT_SECRET), the domain ($OKTA_DOMAIN), and the authorization server id ($OKTA_AUTH_SERVER). The secret is created with:
kubectl create secret generic oauth2 \
--from-literal=CLIENT_ID=$OKTA_CLIENT_ID \
--from-literal=CLIENT_SECRET=$OKTA_CLIENT_SECRET \
--from-literal=DOMAIN=$OKTA_DOMAIN \
--from-literal=AUTH_SERVER_ID=$OKTA_AUTH_SERVER \
--namespace ${namespace}