Set Up Default User for Rok Registry

Rok Registry authenticates users using Dex as the default OIDC Provider. This guide will walk you through setting up a default Dex user for Rok Registry.

Note

If you have already configured a default user in Dex, you can skip this section.

Note

You will be able to log in to your Rok Registry instance with the username user@example.com and the password you will set up in this guide.

Choose one of the following options in order to set up a default user in Dex for authenticating with Rok Registry:

Option 1: Set Up Default User Automatically (preferred)

In this section you will set the default user for Rok Registry in an automated manner, using the rok-deploy CLI.

Procedure

Choose one of the following options, based on your cloud provider.

Rok Registry does not currently support setting up the default user automatically on AWS. Please follow Option 2: Set Up Default User Manually to set up the default user for Rok Registry.
Rok Registry does not currently support setting up the default user automatically on Azure. Please follow Option 2: Set Up Default User Manually to set up the default user for Rok Registry.
Rok Registry does not currently support setting up the default user automatically on Google Cloud. Please follow Option 2: Set Up Default User Manually to set up the default user for Rok Registry.

Option 2: Set Up Default User Manually

In this section you will set the default user for Rok Registry manually.

Procedure

  1. Go to your GitOps repository, inside your rok-tools management environment:

    root@rok-tools:~# cd ~/ops/deployments
    
  2. Pick a password for the default user in Dex and hash it using bcrypt:

    root@rok-tools:~/ops/deployments# export DEX_DEFAULT_USER_PWHASH=$(python3 -c \
    >   'from passlib.hash import bcrypt; import getpass; \
    >   print(bcrypt.using(rounds=12, ident="2y").hash(getpass.getpass()))') \
    >   && echo ${DEX_DEFAULT_USER_PWHASH?}
    $2y$12$JBTJLFpg8w12TfVW6tl1y.It67wVqyuXelrD/7Uo885emt7.R0OjO
    
  3. Edit kubeflow/manifests/common/dex/overlays/deploy/patches/config-map.yaml and fill the relevant field with the hash of the password you chose:

    ...
      staticPasswords:
      - email: user@example.com
        hash: $2y$12$JBTJLFpg8w12TfVW6tl1y.It67wVqyuXelrD/7Uo885emt7.R0OjO  # <-- Update this line with your DEX_DEFAULT_USER_PWHASH
    
  4. Commit your changes:

    root@rok-tools:~/ops/deployments# git commit -am "Set Up Default User for Rok Registry"
    

Verify

  1. Go to your GitOps repository, inside your rok-tools management environment:

    root@rok-tools:~# cd ~/ops/deployments
    
  2. Verify you have properly configured the password for the default user in Dex:

    root@rok-tools:~/ops/deployments# kustomize build \
    >   kubeflow/manifests/common/dex/overlays/deploy | \
    >   grep -q "hash: ${DEX_DEFAULT_USER_PWHASH?}" && echo OK
    OK
    

Summary

You have successfully set up the default user for Rok Registry.

What’s Next

The next step is to configure Rok Registry to use Dex for authentication.