Set Up Default User for Rok Registry¶
Rok Registry authenticates users using Dex as the default OIDC Provider. This guide will walk you through setting up a default Dex user for Rok Registry.
Note
If you have already configured a default user in Dex, you can skip this section.
Note
You will be able to log in to your Rok Registry instance with the username
user@example.com
and the password you will set up in this guide.
Choose one of the following options in order to set up a default user in Dex for authenticating with Rok Registry:
Air Gapped
Follow Option 2 and proceed with the manual installation.
Overview
What You'll Need¶
- A configured management environment.
- Your clone of the Arrikto GitOps repository.
Option 1: Set Up Default User Automatically (preferred)¶
Rok Registry does not currently support setting up the default user automatically. Please follow Option 2: Set Up Default User Manually to set up the default user for Rok Registry.
Option 2: Set Up Default User Manually¶
If you want to set the default user for Rok Registry manually, follow the instructions below.
Procedure¶
Go to your GitOps repository, inside your
rok-tools
management environment:root@rok-tools:~# cd ~/ops/deployments
Pick a password for the default user in Dex and hash it using
bcrypt
:root@rok-tools:~/ops/deployments# export DEX_DEFAULT_USER_PWHASH=$(python3 -c \ > 'from passlib.hash import bcrypt; import getpass; \ > print(bcrypt.using(rounds=12, ident="2y").hash(getpass.getpass()))') \ > && echo ${DEX_DEFAULT_USER_PWHASH?} $2y$12$JBTJLFpg8w12TfVW6tl1y.It67wVqyuXelrD/7Uo885emt7.R0OjO
Edit
kubeflow/manifests/common/dex/overlays/deploy/patches/config-map.yaml
and fill the relevant field with the hash of the password you chose:... staticPasswords: - email: user@example.com hash: $2y$12$JBTJLFpg8w12TfVW6tl1y.It67wVqyuXelrD/7Uo885emt7.R0OjO # <-- Update this line with your DEX_DEFAULT_USER_PWHASH
Commit your changes:
root@rok-tools:~/ops/deployments# git commit -am "Set Up Default User for Rok Registry"
Verify¶
Go to your GitOps repository, inside your
rok-tools
management environment:root@rok-tools:~# cd ~/ops/deployments
Verify you have properly configured the password for the default user in Dex:
root@rok-tools:~/ops/deployments# kustomize build \ > kubeflow/manifests/common/dex/overlays/deploy | \ > grep -q "hash: ${DEX_DEFAULT_USER_PWHASH?}" && echo OK OK
What's Next¶
The next step is to configure Rok Registry to use Dex for authentication.