Okta for Kubernetes — A Step-by-Step Guide

A bunch of old keys against a bright yellow background

What Is SSO for Kubernetes?

Implementing Okta SSO for Kubernetes Using Loft

Provision Your Kubernetes Cluster

aws eks --region <cluster-region> update-kubeconfig --name <cluster-name>
kubectl config current-context

Install Loft CLI

Mac Terminal

curl -s -L "https://github.com/loft-sh/loft/releases/latest" | sed -nE 's!.*"([^"]*loft-darwin-amd64)".*!https://github.com\1!p' | xargs -n 1 curl -L -o loft && chmod +x loft;
sudo mv loft /usr/local/bin;

Linux Bash

curl -s -L "https://github.com/loft-sh/loft/releases/latest" | sed -nE 's!.*"([^"]*loft-linux-amd64)".*!https://github.com\1!p' | xargs -n 1 curl -L -o loft && chmod +x loft;
sudo mv loft /usr/local/bin;

Windows Powershell

md -Force "$Env:APPDATA\loft"; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]'Tls,Tls11,Tls12';
Invoke-WebRequest -UseBasicParsing ((Invoke-WebRequest -URI "https://github.com/loft-sh/loft/releases/latest" -UseBasicParsing).Content -replace "(?ms).*`"([^`"]*loft-windows-amd64.exe)`".*","https://github.com/`$1") -o $Env:APPDATA\loft\loft.exe;
$env:Path += ";" + $Env:APPDATA + "\loft";
[Environment]::SetEnvironmentVariable("Path", $env:Path, [System.EnvironmentVariableTarget]::User);

Create an Okta Account

Deploy Loft to Your Kubernetes Cluster

loft start

Configure Your Domain for Loft

helm upgrade --install ingress-nginx ingress-nginx --repository-config='' \
-n ingress-nginx --create-namespace \
--repo https://kubernetes.github.io/ingress-nginx \
--set-string controller.config.hsts=false \
--wait
loft start --host=yourdomainname.com

Configure Single Sign-On for Loft

Create App Integration in Okta

Update Auth Configuration in Loft

auth:
oidc:
issuerUrl: 'https://${MY-OKTA-SUBDOMAIN}.okta.com'
clientId: CLIENT_ID
clientSecret: CLIENT_SECRET
groupsClaim: groups
# This is needed because okta uses thin id tokens
# that do not contain the groups directly
getUserInfo: true
auth:
oidc: ...
password:
disabled: true # Disable password-based authentication

Assign Users in Okta

Conclusion

--

--

--

>> www.loft.sh << Build Your Internal Kubernetes Platform With Virtual Clusters, Namespace Self-Service & Secure Multi-Tenancy

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Integrating LVM with Hadoop and providing Elasticity to DataNode Storage

How UPI payment gateway works?

KYVE. Test network.

Raise your hand if you want to quit drinking coffee. Why, though???

Programming Log: April 17th, 2022.

How To Create a CSS Neon Effect With CSS Shadows

Text Neon Effect With CSS Gradients

Introduction to Terraform

How to Maximise SSD Life Span & Performance

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Loft Labs

Loft Labs

>> www.loft.sh << Build Your Internal Kubernetes Platform With Virtual Clusters, Namespace Self-Service & Secure Multi-Tenancy

More from Medium

How to reduce your Prometheus cost

Chart showing the costs for Managed Service for Prometheus became much lower

20 Kubernetes Blogs, Journals, and Podcasts to Follow in 2022

Capacity Planning — Kubernetes Cluster Deployment

Kubernetes Secrets from Secrets Manager using External Secrets Operators