Skip to content
Datawiza DocsDatawiza Docs
Ask Questionsopen in new window
Homeopen in new window
Sign Upopen in new window
  • Overview
    • Architecture
      • Prerequisites
        • Upgrading
            • Secure a Web App Using Auth0
              • Secure a Web App Using Azure AD
                • Secure a Web App Using Azure AD B2C
                  • One Click Integration With Azure AD
                    • Secure a Web App Using Azure AD SAML
                      • Secure a Web App Using Cognito
                        • Secure a Web App Using Github
                          • Secure a Web App Using Google
                            • Secure a Web App Using Google Workspace (previously G Suite)
                              • Secure a Web App Using Keycloak
                                • Secure a Web App Using Okta
                                  • Secure a Web App Using Okta SAML
                                    • Secure a Web App Using PingOne
                                      • Secure a Web App Using Twitter
                                        • Deploy Datawiza Access Proxy with a Web App using Kubernetes
                                          • Deploy Datawiza Access Proxy using Helm
                                            • Preview
                                              • Part I: Okta Configuration
                                                • Part II: Create Application on Datawiza Cloud Management Console (DCMC)
                                                  • Sign Into DCMC
                                                    • Create New Deployment
                                                      • Create and Configure our Application
                                                        • IdP Configuration
                                                          • Note Down Provisioning Keys
                                                          • Part III: Deploying the DAP using Helm
                                                            • Helm
                                                            • Part IV: Granular Access Control and Further Steps
                                                              • Summary
                                                              • Secure Multiple Web Apps Using Different IdPs
                                                                • Secure a Web App Using Multiple IdPs
                                                                  • Enable B2B Single Sign-On (SSO) for a SaaS Application
                                                                  • FAQ

                                                                    Deploy Datawiza Access Proxy using Helm

                                                                    timer iconAbout 2 min

                                                                    On This Page
                                                                    • Preview
                                                                    • Part I: Okta Configuration
                                                                    • Part II: Create Application on Datawiza Cloud Management Console (DCMC)
                                                                      • Sign Into DCMC
                                                                      • Create New Deployment
                                                                      • Create and Configure our Application
                                                                      • IdP Configuration
                                                                      • Note Down Provisioning Keys
                                                                    • Part III: Deploying the DAP using Helm
                                                                      • Helm
                                                                    • Part IV: Granular Access Control and Further Steps
                                                                    • Summary

                                                                    # Deploy the Datawiza Access Proxy (DAP) with a Header-Based Web App using Helm to enable SSO and Granular Access Control

                                                                    # Preview

                                                                    In this tutorial, we will use Helm to deploy the Datawiza Access Proxy (DAP) alongside our Header-Based App. After deploying the DAP, we will see how to enable SSO policies and granular access control. The IdP used in this example is Okta.


                                                                    # Part I: Okta Configuration

                                                                    You will need to register an OIDC application in the Okta developer console and obtain the following values for this application:

                                                                    • Okta Org
                                                                    • Client ID
                                                                    • Client Secret
                                                                    • (Optional) Okta API Token

                                                                    These values will later be used to set up our Application in the Datawiza Cloud Management Console (DCMC). Please follow IdP Configuration Guide: Okta on how to obtain those keys/values. Note that the values of Sign-in redirect URIs should be http://node-ip:30001/authorization-code/callback and Sign-out redirect URIs should be http://node-ip:30001 since we will use the NodePort as the type service in this tutorial.


                                                                    # Part II: Create Application on Datawiza Cloud Management Console (DCMC)

                                                                    We need to create a new deployment on the DCMC, which will contain our application. We'll generate a PROVISIONING_KEY and PROVISIONING_SECRET which will be needed when configuring Helm values. This is in order for the DAP to get the latest configurations and policies from the DCMC.

                                                                    # Sign Into DCMC

                                                                    1. Login to the DCMCopen in new window.

                                                                    DCMC login

                                                                    # Create New Deployment

                                                                    1. Click the button Getting started. Specify a Name and a Description. Click Next.

                                                                    New deployment

                                                                    # Create and Configure our Application

                                                                    Configure our application with the following fields:

                                                                    • Name: Helm demo app
                                                                    • Public Domain: http://node-ip:30001
                                                                      • Note: We manually configure the node port as 30001.
                                                                    • Listen Port: 9772
                                                                    • Upstream Server: http://header-based-app:3001
                                                                      • We assume that both header-based app and DAP are in the same namespace default, so we can make use of kubedns by giving http://header-based-app:3001.
                                                                    • Click Next.

                                                                    New App

                                                                    # IdP Configuration

                                                                    1. Input the IdP name. Select OIDC as Protocol and Okta as Identity Provider. Populate the fields of the form with the keys/values obtained from IdP Configuration Guide: Okta. Choose Okta IdP

                                                                    # Note Down Provisioning Keys

                                                                    Note down your PROVISIONING_KEY and PROVISIONING_SECRET. We will need these values later in our Helm example-values.yaml file. Meanwhile, we provide command lines to log in to our container repo and pull our docker image. Also, you can use kubectl create secret command to create a Kubernetes secret. You can see hereopen in new window for more details about pulling an Image from a Private Registry.

                                                                    API keys


                                                                    # Part III: Deploying the DAP using Helm

                                                                    # Helm

                                                                    Helm is the package manager for Kubernetes and you can see hereopen in new window for more information.

                                                                    # Get Repo Info

                                                                    helm repo add datawiza https://datawiza-inc.github.io/helm-charts/
                                                                    helm repo update
                                                                    
                                                                    1
                                                                    2

                                                                    # Installing the Chart

                                                                    Then, create a value file for Helm to use when installing DAP. Here is a simple example named example-values.yaml:

                                                                    PROVISIONING_KEY: replace-with-your-provisioning-key
                                                                    PROVISIONING_SECRET: replace-with-your-provisioning-key
                                                                    containerPort: 9772
                                                                    imagePullSecrets: replace-with-you-secret
                                                                    service:
                                                                      nodePort: 30001
                                                                    
                                                                    1
                                                                    2
                                                                    3
                                                                    4
                                                                    5
                                                                    6

                                                                    To install the chart with the release name my-release:

                                                                    helm install my-release -f example-values.yaml datawiza/access-broker
                                                                    
                                                                    1

                                                                    After installing chart successfully, the header-based app should have SSO enabled with Okta. Open a browser and type in http://nodeIP:30001/. You should see the Okta login page as follows.

                                                                    Okta login


                                                                    # Part IV: Granular Access Control and Further Steps

                                                                    Please refer to Step4: Pass User Attributes and Step5: Achieve Granular Access Control to interact further with the additional features provided by the Datatwiza Access Proxy.


                                                                    # Summary

                                                                    In summary, we have seen how to use Helm to deploy the DAP in a Kubernetes environment.

                                                                    Prev
                                                                    Deploy Datawiza Access Proxy with a Web App using Kubernetes
                                                                    Next
                                                                    Secure Multiple Web Apps Using Different IdPs
                                                                    You can also reach us on Discord
                                                                    Copyright © 2022 Datawiza Technologies Inc