Create Profile¶
When a user first logs in to Kubeflow, a user profile is automatically created.
The admin can "simulate" this procedure, that is, create a profile manually, in
case they want to setup namespaces in a bulk way. This section will guide you
through creating a Profile
for a Kubeflow user.
What You'll Need¶
- A configured management environment.
- Your clone of the Arrikto GitOps repository.
- An existing Kubeflow deployment.
Procedure¶
Note
Repeat the procedure below for every user that you want to create a Kubeflow Profile for.
Specify the user ID for the user, which they will use in order to log in:
root@rok-tools:~# export USER=<USER_ID>
Replace
<USER_ID>
with the desired user ID, for example:root@rok-tools:~# export USER=user
Note
USER
depends on the way you have configured authservice viaUSERID_CLAIM
and can be a username or email.Note
In case you want to create a shared namespace,
USER
can have a dummy value, because you don't need to have a real user in your OIDC provider.Set the name of the namespace that corresponds to this user:
root@rok-tools:~# export NAMESPACE=kubeflow-${USER//[^a-zA-Z0-9\-]/-}
Note
The namespace should be a DNS-1123 compatible name, with a
kubeflow-
prefix.Switch to the
kubeflow/manifests/common
directory of your GitOps repository:root@rok-tools:~# cd ~/ops/deployments/kubeflow/manifests/common
Create the profile based on the given template:
root@rok-tools:~/ops/deployments/kubeflow/manifests/common# mkdir -p namespace-resources/profiles
root@rok-tools:~/ops/deployments/kubeflow/manifests/common# j2 namespace-resources/profile.yaml.j2 \ > -o namespace-resources/profiles/$NAMESPACE.yaml
Stage changes for commit:
root@rok-tools:~/ops/deployments/kubeflow/manifests/common# git add namespace-resources/profiles/$NAMESPACE.yaml
Commit your changes:
root@rok-tools:~/ops/deployments/kubeflow/manifests/common# git commit -am "Create Profile for $USER"
Apply changes:
root@rok-tools:~/ops/deployments/kubeflow/manifests/common# kubectl apply -f namespace-resources/profiles/$NAMESPACE.yaml
Wait for the namespace to be created:
root@rok-tools:~/ops/deployments/kubeflow/manifests/common# while ! kubectl get ns $NAMESPACE; do :; done
Verify¶
Note
Repeat these steps for every namespace that you wish to verify.
Specify the namespace that you want to verify:
root@rok-tools:~# export NAMESPACE=<NAMESPACE>
Replace
NAMESPACE
with the name of the namespace that you wish to verify, for example:root@rok-tools:~# export NAMESPACE=kubeflow-user
Check that you have created the necessary service accounts:
root@rok-tools:~# kubectl get -n $NAMESPACE serviceaccounts NAME SECRETS AGE default 1 19d default-editor 1 19d default-viewer 1 19d
Check that you have created the necessary role bindings:
root@rok-tools:~# kubectl get -n $NAMESPACE rolebindings NAME AGE default-editor 19d default-viewer 19d namespaceAdmin 19d
Summary¶
You have successfully created a Kubeflow user Profile.
What's Next¶
Check out the rest of the operations you can perform on your Kubeflow deployment.