Author: Philip Godfrey
Pre-requisite – Installing Kubeflow
If you haven’t installed Kubeflow in Oracle Cloud Infrastructure, you’ll be pleased to know I’ve created a blog on this exact topic. You can find it here.
You can then work through the previous blog in this series -which you can find here
Dex for authentication within a Cluster in
Kubernetes
“you can think of Dex as an intermediary between kubectl and widely
used identity providers like Okta, GitHub, Google, Microsoft, and Linkedin,
among others.”
https://loft.sh/blog/dex-for-kubernetes-how-does-it-work/
Now we need to
go up two levels in the terminal and navigate to dex/base/
We then need to
output the ‘configmap.yaml’ file onto screen using the below:
kubectl get configmap dex -n auth -o yaml
Copy and save
this into a Notepad file and name the file ‘dex.yaml’
Create empty
Dex.yaml file
In the terminal
we need to create an empty file named `dex.yaml` - we can do so using the code
below:
sudo
touch dex.yaml
We need to
update this file, to copy in the contents of `dex.yaml` notepad file, we can
use vi to do this
sudo
vi dex.yaml
NOTE:
·
Press
i to change to INSERT mode
·
Paste
in the contents of the previous code (using right-click)
·
Press
ESC to exit INSERT mode.
·
To
save and quit the file, you need to use
:wq!
We then need to
get the configmap section from the dex auth ‘configmap.yaml’ file. We can do so
using the below code:
kubectl
get configmap dex -n auth -o jsonpath='{.data.config\.yaml}'
We need to save
this output into Notepad and name the file ‘dex-yaml.yaml’
If we create
this into the terminal using the ‘sudo touch’ and ‘sudo vi’ command we’re now
quite familiar with from previous steps. This will allow us to create this file
as a copy.
Note: it’s best practice to create a copy of a file, just
in-case anything goes wrong with the amended version we’re working on. If
anything did go wrong, we can revert to the original
sudo
touch dex-yaml.yaml
sudo
vi dex-yaml.yaml
We need to
update this file to add in our new user. In this example we are creating:
Next we need to
create the ‘configmap’ file from the amended ‘dex-yaml.yaml’ file we’ve just
created – we can do so using the code below:
kubectl
create configmap dex --from-file=config.yaml=dex-yaml.yaml -n auth
--dry-run=client -o yaml | kubectl apply -f –
To confirm this has run successfully, we should expect to
see confirmation in the terminal:
Configmap/dex
configured
Restarting dex deployment
At this point,
the dex deployment within the auth namespace needs to be restarted, so it can
pick up the changes we’ve made for our new user, we can do so using the
‘rollout restart’ command as below:
kubectl
rollout restart deployment dex -n auth
We will receive
confirmation from the terminal if the command has run successfully.
deployment.apps/dex
restarted
Kubeflow Login
Navigate to the
Kubeflow login screen and login using the newly created user.
Now we can
login with as the newly created user, providing the username and password
created in the terminal. If this is successful, we should be presented with the
Kubeflow dashboard!
We now have
confirmation that:
·
The
new user has been created
·
It
will use the password we have specified
·
It
will have access to the profile (or namespace) we have created
Note that the
user will have full rights to this namespace and will have the ability to add
others to this namespace.
At the moment,
this user will only have access to this namespace (as the owner) but could be
granted permissions to other namespaces within Kubeflow.
To view
permissions to a namespace, simply click on the ‘Manage Contributors’ tab on
the left-hand menu. You can add other contributors simply by providing their
email address.
Comments
Post a Comment