ccu, Administrators
684
edits
Changes
Jump to navigation
Jump to search
=== DEX with LDAP ===
TODO: outdatedFinally, switched we need to containerized DEX. Check what still needs to be doneset up all the rules for rbac.
Set up according to [https://github.com/krishnapmv/k8s-ldap this tutorial]
with customized install scripts in kubernetes/init/dex/
# Create secrets for TLS connections, use certs == Persistent volumes == === Local persistent volumes === Check directory local_storage:* clone the git repository for ccuthe provisioner using clone_provisioner.uni-konstanzsh (delete first if already here).de## Modify ca-cm* install helm: install_helm.sh, get_helm.yml to contain correct cash.## Run upload_ccu_tlsDo NOT run helm init (unsafe and soon obsolete).sh# Spin * set up login application serviceand run provisioner: <syntaxhighlight lang="bash">> cd install> generate_config.sh## Modify loginapp> kubectl apply -cmf install_storageclass.yml: server configyaml## Modify loginapp> kubectl apply -ing-srvf install_service.yml: service data, mapping of ports to outside worldyaml## Modify loginapp> kubectl apply -deployf provisioner_generated.yml: ID secret for TLSyaml</syntaxhighlight>## Run start-login-service.sh# Spin After local persistent volumes on the nodes have been generated in /mnt/kubernetes, they should show up dexunder## Modify dex-cm.yml: server data and LDAP configuration## Modify dex-ing-srv.yml: service data, mapping of ports to outside world<syntaxhighlight lang="bash">## Modify dex-deploy.yml: ID secret for TLS> kubectl get pv## Run start-dex-service.sh</syntaxhighlight>
→Authentication
The daemonset should be active on any node with an nVidia GPU.
== Authentication systems ==
The master node should now login to the docker registry of the cluster.
</syntaxhighlight>
Also, we need to provide the read-only secret for the docker registry in every namespace.
TODO: howto.
