Google supports OAuth 2.0 to allow users to login to third party applications such as Sysdig using Google credentials. Sysdig integrates seamlessly with Google to allow users to create and then login to their Sysdig account. By default the configured user will be a non-admin user.
Steps to enable Google OAuth for on-premises installations
The Sysdig Cloud on-prem installation has to have a DNS name associated. Google does not support applications that do not have an associated DNS name. For the examples that follow DNS_NAME refers to the DNS name that will be configured for the API servers.
To begin, obtain OAuth 2.0 client credentials from the Google API Console.
First go to the Credentials Section of the API console. Followed by going to the OAuth consent screen
After hitting Save, the next step is to create the appropriate credentials for the Sysdig application. To do that click on Credentials as shown here.
Select OAuth client ID as shown here.
Next we will tell Google the necessary configuration for the user.
Besides the name the 2 parameters to be configured are
Authorized redirect URIs (https://DNS_NAME:API_PORT/api/oauth/google/auth)
When you hit create you should see the following page
Take the client ID and the client secret from the step above and use it to configure Sysdig Cloud
In the Sysdig Cloud admin console:
Alternately for Kubernetes installations get the current configuration (you can use also a versioned one if you have it):
kubectl get configmap sysdigcloud-config --namespace sysdigcloud -o yaml > current_config.yaml
cp current_config.yaml new_config.yaml
Edit new_config.yaml and add the new parameters for the Google OAuth alongside existing config under “data”:
# Optional: Sysdig Cloud Google OAuth Client ID
# Optional: Sysdig Cloud Google OAuth Client Secret
Apply the new config file with:
kubectl replace -f new_config.yaml --namespace sysdigcloud