一、获取组件仓库并部署
git clone GitHub - shikanon/kubeflow-manifests: kubeflow国内一键安装文件
cd kubeflow-manifests
1.1 authservice-0 运行CrashLoopBackOff, /var/lib/authservice无执行权限失败问题
manifest1.3/007-oidc-authservice-oidc-authservice-base.yaml 给/var/lib/authservice添加权限 spec.spec下
initContainers:
- name: fix-permission
image: swr.cn-north-4.myhuaweicloud.com/ddn-k8s/gcr.io/google-containers/busybox:latest
command: ['sh', '-c']
args: ['chmod -R 777 /var/lib/authservice;']
volumeMounts:
- mountPath: /var/lib/authservice
name: data
1.2 pvc绑定pv问题,需先手动创建pv
# 设置storageClassName及selector.matchLabels.volume配置匹配
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: authservice-pvc
namespace: istio-system
spec:
accessModes:
- ReadWriteOnce
storageClassName: local-storage
resources:
requests:
storage: 10Gi
selector:
matchLabels:
volume: authservice-pv
# 创建pv本地路径
mkdir -p /data/istio-authservice /data/katib-mysql /data/minio /data/mysql-pv-claim
# 创建create_pv_storage.yaml
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: local-storage
provisioner: kubernetes.io/no-provisioner
volumeBindingMode: WaitForFirstConsumer
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: authservice
namespace: istio-system
labels:
volume: authservice-pv
type: local
spec:
storageClassName: local-storage
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce
hostPath:
path: "/data/istio-authservice"
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: katib-mysql-pv
namespace: kubeflow
labels:
volume: katib-mysql-pv
type: local
spec:
storageClassName: local-storage
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce
hostPath:
path: "/data/katib-mysql"
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: minio
namespace: kubeflow
labels:
volume: minio-pv
type: local
spec:
storageClassName: local-storage
capacity:
storage: 20Gi
accessModes:
- ReadWriteOnce
hostPath:
path: "/data/minio"
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: mysql-pv-claim
namespace: kubeflow
labels:
volume: mysql-pv-claim
type: local
spec:
storageClassName: local-storage
capacity:
storage: 20Gi
accessModes:
- ReadWriteOnce
hostPath:
path: "/data/mysql-pv-claim"
# 创建pv
kubectl apply -f create_pv_storage.yaml
1.3 kubeflow一键安装
python3 install.py
二、浏览器访问
# kubeflow浏览器入口访问
http:192.168.xx.xx:30000
# 查看istio-ingressgateway端口
kubectl get svc -n istio-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
authservice ClusterIP 10.1.49.47 <none> 8080/TCP 5d22h
cluster-local-gateway ClusterIP 10.1.26.63 <none> 15020/TCP,80/TCP 5d21h
istio-ingressgateway NodePort 10.1.63.214 <none> 15021:30866/TCP,80:30000/TCP,443:31177/TCP,31400:32735/TCP,15443:31781/TCP 5d22h
istiod ClusterIP 10.1.204.58 <none> 15010/TCP,15012/TCP,443/TCP,15014/TCP
# 外部访问,删除istio的authorizationpolicies的流量鉴权
kubectl delete authorizationpolicies --all -A
# dex账户登陆用户名及密码
kubectl -n auth get configmaps dex -o yaml
staticPasswords:
- email: "admin@example.com"
# hash string is "password"
hash: "$2y$12$X.oNHMsIfRSq35eRfiTYV.dPIYlWyPDRRc1.JVp0f3c.YqqJNW4uK"
username: "admin"
userID: "08a8684b-db88-4b73-90a9-3cd1661f5466"
# 重设密码,转换hash值(Python)
from passlib.hash import bcrypt
import getpass
print(bcrypt.using(rounds=12, ident="2y").hash(getpass.getpass()))