文章目录
- 为新用户创建配置文件
- 配置用户密码
- 重启auth生效
为新用户创建配置文件
apiVersion: kubeflow.org/v1beta1
kind: Profile
metadata:
name: kubeflow-cyw-example-com # replace with the name of profile you want, this will be user's namespace name
spec:
owner:
kind: User
name: cyw@email.com # replace with the email of the user
resourceQuotaSpec: # resource quota can be set optionally
hard:
cpu: "64"
memory: 128Gi
requests.nvidia.com/gpu: "8"
persistentvolumeclaims: "5"
requests.storage: "100Gi"
kubectl create -f profile.yaml
profile.kubeflow.org/kubeflow-cyw-example-com created
配置用户密码
#通过python生成秘钥hash
root@tensorboard-mnist-tfjob-7765d4ff44-m9xsv:/# python3 -c 'from passlib.hash import bcrypt; import getpass; print(bcrypt.using(rounds=12, ident="2y").hash(getpass.getpass()))'
Password:
$2y$12$a9GlZi9N8/ZnvI5WS0uULeo/p5xeuXzs93m9/GqVY4rztr3KMVeeK
kubectl get/edit cm -n auth dex
apiVersion: v1
data:
config.yaml: |
issuer: http://dex.auth.svc.cluster.local:5556/dex
storage:
type: kubernetes
config:
inCluster: true
web:
http: 0.0.0.0:5556
logger:
level: "debug"
format: text
oauth2:
skipApprovalScreen: true
enablePasswordDB: true
staticPasswords:
- email: user@example.com
hash: xxx
# https://github.com/dexidp/dex/pull/1601/commits
# FIXME: Use hashFromEnv instead
username: user
userID: "15841185641784"
- email: cyw@email.com # 注意跟User_name保持一致
hash: $2y$12$a9GlZi9N8/ZnvI5WS0uULeo/p5xeuXzs93m9/GqVY4rztr3KMVeeK
username: cyw
......
重启auth生效
kubectl rollout restart deployment -n auth dex
deployment.apps/dex restarted
参考资料:https://v1-7-branch.kubeflow.org/docs/components/multi-tenancy/getting-started/
