kubeflow部署指导(3)——kubeflow部署

一、获取组件仓库并部署

git clone GitHub - shikanon/kubeflow-manifests: kubeflow国内一键安装文件
cd kubeflow-manifests

1.1 authservice-0 运行CrashLoopBackOff, /var/lib/authservice无执行权限失败问题

manifest1.3/007-oidc-authservice-oidc-authservice-base.yaml 给/var/lib/authservice添加权限 spec.spec下

  initContainers:
  - name: fix-permission
    image: swr.cn-north-4.myhuaweicloud.com/ddn-k8s/gcr.io/google-containers/busybox:latest
    command: ['sh', '-c']
    args: ['chmod -R 777 /var/lib/authservice;']
    volumeMounts:
    - mountPath: /var/lib/authservice
      name: data

1.2 pvc绑定pv问题,需先手动创建pv

# 设置storageClassName及selector.matchLabels.volume配置匹配

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: authservice-pvc
  namespace: istio-system
spec:
  accessModes:
  - ReadWriteOnce
  storageClassName: local-storage
  resources:
    requests:
      storage: 10Gi
  selector:
    matchLabels:
      volume: authservice-pv


# 创建pv本地路径
mkdir -p /data/istio-authservice /data/katib-mysql /data/minio /data/mysql-pv-claim

# 创建create_pv_storage.yaml

apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: local-storage
provisioner: kubernetes.io/no-provisioner
volumeBindingMode: WaitForFirstConsumer

---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: authservice
  namespace: istio-system
  labels:
	volume: authservice-pv
    type: local
spec:
  storageClassName: local-storage
  capacity:
    storage: 10Gi
  accessModes:
    - ReadWriteOnce
  hostPath:
    path: "/data/istio-authservice"

---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: katib-mysql-pv
  namespace: kubeflow
  labels:
	volume: katib-mysql-pv
    type: local
spec:
  storageClassName: local-storage
  capacity:
    storage: 10Gi
  accessModes:
    - ReadWriteOnce
  hostPath:
    path: "/data/katib-mysql"

---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: minio
  namespace: kubeflow
  labels:
	volume: minio-pv
    type: local
spec:
  storageClassName: local-storage
  capacity:
    storage: 20Gi
  accessModes:
    - ReadWriteOnce
  hostPath:
    path: "/data/minio"

---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: mysql-pv-claim
  namespace: kubeflow
  labels:
	volume: mysql-pv-claim
    type: local
spec:
  storageClassName: local-storage
  capacity:
    storage: 20Gi
  accessModes:
    - ReadWriteOnce
  hostPath:
    path: "/data/mysql-pv-claim"


# 创建pv
kubectl apply -f create_pv_storage.yaml

1.3 kubeflow一键安装

python3 install.py

二、浏览器访问

# kubeflow浏览器入口访问
http:192.168.xx.xx:30000
# 查看istio-ingressgateway端口
kubectl get svc -n istio-system

NAME                    TYPE        CLUSTER-IP    EXTERNAL-IP   PORT(S)                                                                      AGE
authservice             ClusterIP   10.1.49.47    <none>        8080/TCP                                                                     5d22h
cluster-local-gateway   ClusterIP   10.1.26.63    <none>        15020/TCP,80/TCP                                                             5d21h
istio-ingressgateway    NodePort    10.1.63.214   <none>        15021:30866/TCP,80:30000/TCP,443:31177/TCP,31400:32735/TCP,15443:31781/TCP   5d22h
istiod                  ClusterIP   10.1.204.58   <none>        15010/TCP,15012/TCP,443/TCP,15014/TCP
# 外部访问,删除istio的authorizationpolicies的流量鉴权
kubectl delete authorizationpolicies --all -A
# dex账户登陆用户名及密码
kubectl -n auth get configmaps dex -o yaml

staticPasswords:
    - email: "admin@example.com"
      # hash string is "password"
      hash: "$2y$12$X.oNHMsIfRSq35eRfiTYV.dPIYlWyPDRRc1.JVp0f3c.YqqJNW4uK"
      username: "admin"
      userID: "08a8684b-db88-4b73-90a9-3cd1661f5466"
# 重设密码,转换hash值(Python)
from passlib.hash import bcrypt
import getpass
print(bcrypt.using(rounds=12, ident="2y").hash(getpass.getpass()))