prepare
wget https://github.com/kubeflow/kubeflow/releases/download/v0.7.0/kfctl_v0.7.0_linux.tar.gz
tar -xvf kfctl_v0.7.0_linux.tar.gz
cat <<EOF >> ~/.bash_profile
export KF_NAME=kf
export BASE_DIR=/export/ns
export KF_DIR=\$BASE_DIR/\$KF_NAME
export CONFIG_URI="https://raw.githubusercontent.com/kubeflow/manifests/dc04ff600cee722d93cf80d413aa73ddd8387f1f/kfdef/kfctl_existing_arrikto.0.7.0.yaml"
export CONFIG_FILE=\$KF_DIR/kfctl_existing_arrikto.yaml
EOF
setup
mkdir -p ${KF_DIR}cd ${KF_DIR}
wget -O kfctl_existing_arrikto.yaml $CONFIG_URI
# Credentials for the default user are admin@kubeflow.org:12341234
# To change them, please edit the dex-auth application parameters
# inside the KfDef file.
vim $CONFIG_FILE
kfctl apply -V -f ${CONFIG_FILE}
kubectl edit rolebindings.rbac.authorization.k8s.io -n kubeflow centraldashboard ###设置subject namespace kubeflow, 否则启动报没有k8s权限
kubectl edit clusterrolebindings.rbac.authorization.k8s.io -n kubeflow centraldashboard ###同上
# kubeflow自定义crd profile的controller, 管理profile,一个用户账号对应一个profile,一个profile对应一个namespace,是kubeflow的资源管理模式
kubectl -n kubeflow set image deployment/profiles-deployment manager=gcr.azk8s.cn/kubeflow-images-public/profile-controller:v20191024-v0.7.0-rc.5-12-g956569ba-e3b0c4
# kubeflow用户对k8s资源proflie的访问控制,默认安装镜像版本启动报错
kubectl -n kubeflow set image deployment/profiles-deployment manager=gcr.io/kubeflow-images-public/kfam:v20191014-v0.7.0-rc.0-10-gdf3c9366-e3b0c4
#kubeflow的用户登录认证,浏览器->istio_ingress->oidc-authenservice->oidc-provider(dex)->kubeflow(centroldashboard),默认安装镜像启动8080端口无响应
kubectl -n kubeflow set image deployment/authservice authservice=gcr.azk8s.cn/arrikto/kubeflow/oidc-authservice:28c59ef
###设置storageclass,否则创建notebook无法新建盘
kubectl patch storageclass rbd -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'
access
Kubeflow: Authentication with Istio + Dex
kubectl port-forward svc/istio-ingressgateway -n istio-system 8080:80
