Before You Start #
You must have Pachyderm installed using one of the following guides:
Deploy #
- Set up your Proxy and DNS and point your browser to:
http://<external-IP-address-or-domain-name>:80
or,https://<external-IP-address-or-domain-name>:443
if TLS is enabled
- Set up your IDP during deployment.
âšī¸
You can use the mock user (username:admin
, password: password
) to login to Console when authentication is enabled but no Identity provider was wired (Enterprise).
- Configure your Identity Provider
- As Part of Helm: To configure your Identity Provider as a part of
helm install
, see examples for theoidc.upstreamIDPs
value in the helm chart values specification and read our IDP Configuration page for a better understanding of each field. - Manually via Values.yaml: You can manually update your values.yaml with
oidc.mockIDP = false
.
- As Part of Helm: To configure your Identity Provider as a part of
- Connect.
Method:
pachctl connect http://pachyderm.<your-proxy.host-value>
pachctl connect https://pachyderm.<your-proxy.host-value>
You are all set! You should land on the Projects page of Console.
Enterprise + Helm #
When Enterprise is enabled through Helm, Auth is automatically activated. This means that you do not need to run pachctl auth activate
; a pachyderm-auth
Kubernetes secret is created which contains a rootToken key. Use {{"kubectl get secret pachyderm-auth -o go-template='{{.data.rootToken | base64decode }}'"}}
to retrieve it and save it where you see fit.
Considerations #
- If you run
pachctl auth activate
, the secret is not updated. Instead, the rootToken is printed in your STDOUT for you to save; the same behavior applies if you activate enterprise manually (pachctl license activate
) and then activate authentication (pachctl auth activate
). - You can set the helm value
pachd.activateAuth
to false to prevent the automatic bootstrap of auth on the cluster.