Kubeflow
- By Kubeflow Charmers | bundle
- Cloud
| Channel | Revision | Published |
|---|---|---|
| latest/stable | 414 | 01 Dec 2023 |
| latest/candidate | 294 | 24 Jan 2022 |
| latest/beta | 430 | 30 Aug 2024 |
| latest/edge | 423 | 26 Jul 2024 |
| 1.9/stable | 426 | 31 Jul 2024 |
| 1.9/beta | 420 | 19 Jul 2024 |
| 1.9/edge | 425 | 31 Jul 2024 |
| 1.8/stable | 414 | 22 Nov 2023 |
| 1.8/beta | 411 | 22 Nov 2023 |
| 1.8/edge | 413 | 22 Nov 2023 |
| 1.7/stable | 409 | 27 Oct 2023 |
| 1.7/beta | 408 | 27 Oct 2023 |
| 1.7/edge | 407 | 27 Oct 2023 |
| 1.6/stable | 329 | 07 Sep 2022 |
| 1.6/beta | 326 | 23 Aug 2022 |
| 1.6/edge | 328 | 07 Sep 2022 |
| 1.4/stable | 321 | 30 Jun 2022 |
| 1.4/edge | 320 | 30 Jun 2022 |
juju deploy kubeflow --channel edge
Deploy Kubernetes operators easily with Juju, the Universal Operator Lifecycle Manager. Need a Kubernetes cluster? Install MicroK8s to create a full CNCF-certified Kubernetes system in under 60 seconds.
Platform:
In Charmed Kubeflow authentication is based on Dex. This doc describes the authentication flow for various scenarios.
Contents:
Unauthenticated Request
The authentication flow for an unauthenticated request consists of these steps:
- User makes an unauthenticated request
- Redirected to /dex
- User logs in via Dex
- Redirected to gatekeeper callback endpoint
- Sets a cookie with auth token for future requests
- Redirected back to original page, with authorization token
The flow of an unauthenticated request is shown here:
- A user makes a request that goes through Ambassador. To learn more about Ambassador authentication solutions, see here.
- Ambassador checks with the gatekeeper service before allowing any request to go through
- The gatekeeper service responds to Ambassador that the request is unauthenticated, and a redirect URL
- Ambassador returns an HTTP 301 redirecting user to Dex
Logging In
- User makes request to /dex
- Ambassador is configured to not check with the gatekeeper for requests to /dex
- Dex presents a login page to the user
- The user submits their credentials
- Dex uses the configured connector to authenticate the user against an external auth service
- Dex may also be configured with basic username/password support. This is the default in Charmed Kubeflow.
- See the dex configuration section for more information on how to configure Dex with other connectors.
- Dex redirects the user to a callback URL managed by the gatekeeper
Receive Token
- User makes request to callback URL
- Ambassador sends request to gatekeeper service
- Gatekeeper service generates JWT token in the
Set-Cookieresponse header
Authenticated Request
- User makes authenticated request
- Ambassador checks with the gatekeeper service to see if request is authenticated
- Gatekeeper service affirms request is authenticated by looking at JWT token
- Ambassador communicates with Kubeflow service for requested endpoint
- Ambassador returns requested endpoint to user