Create Profile

When a user first logs in to Kubeflow, a user profile is automatically created. The admin can "simulate" this procedure, that is, create a profile manually, in case they want to setup namespaces in a bulk way. This section will guide you through creating a Profile for a Kubeflow user.

What You'll Need



Repeat the procedure below for every user that you want to create a Kubeflow Profile for.

  1. Specify the user ID for the user, which they will use in order to log in:

    root@rok-tools:~# export USER=<USER_ID>

    Replace <USER_ID> with the desired user ID, for example:

    root@rok-tools:~# export USER=user


    USER depends on the way you have configured authservice via USERID_CLAIM and can be a username or email.


    In case you want to create a shared namespace, USER can have a dummy value, because you don't need to have a real user in your OIDC provider.

  2. Set the name of the namespace that corresponds to this user:

    root@rok-tools:~# export NAMESPACE=kubeflow-${USER//[^a-zA-Z0-9\-]/-}


    The namespace should be a DNS-1123 compatible name, with a kubeflow- prefix.

  3. Switch to the kubeflow/manifests/common directory of your GitOps repository:

    root@rok-tools:~# cd ~/ops/deployments/kubeflow/manifests/common
  4. Create the profile based on the given template:

    root@rok-tools:~/ops/deployments/kubeflow/manifests/common# mkdir -p namespace-resources/profiles
    root@rok-tools:~/ops/deployments/kubeflow/manifests/common# j2 namespace-resources/profile.yaml.j2 \
    > -o namespace-resources/profiles/$NAMESPACE.yaml
  5. Stage changes for commit:

    root@rok-tools:~/ops/deployments/kubeflow/manifests/common# git add namespace-resources/profiles/$NAMESPACE.yaml
  6. Commit your changes:

    root@rok-tools:~/ops/deployments/kubeflow/manifests/common# git commit -am "Create Profile for $USER"
  7. Apply changes:

    root@rok-tools:~/ops/deployments/kubeflow/manifests/common# kubectl apply -f namespace-resources/profiles/$NAMESPACE.yaml
  8. Wait for the namespace to be created:

    root@rok-tools:~/ops/deployments/kubeflow/manifests/common# while ! kubectl get ns $NAMESPACE; do :; done



Repeat these steps for every namespace that you wish to verify.

  1. Specify the namespace that you want to verify:

    root@rok-tools:~# export NAMESPACE=<NAMESPACE>

    Replace NAMESPACE with the name of the namespace that you wish to verify, for example:

    root@rok-tools:~# export NAMESPACE=kubeflow-user
  2. Check that you have created the necessary service accounts:

    root@rok-tools:~# kubectl get -n $NAMESPACE serviceaccounts
    NAME              SECRETS   AGE
    default           1         19d
    default-editor    1         19d
    default-viewer    1         19d
  3. Check that you have created the necessary role bindings:

    root@rok-tools:~# kubectl get -n $NAMESPACE rolebindings
    NAME                             AGE
    default-editor                   19d
    default-viewer                   19d
    namespaceAdmin                   19d


You have successfully created a Kubeflow user Profile.

What's Next

Check out the rest of the operations you can perform on your Kubeflow deployment.