kubeflow dex 암호 변경

• https://yjwang.tistory.com/entry/kubeflow-installation-On-premise-kfctlistiodex
• https://www.kubeflow.org/docs/started/k8s/kfctl-istio-dex/

# Download the dex config
kubectl get configmap dex -n auth -o jsonpath='{.data.config\.yaml}' > dex-config.yaml

# Edit the dex config with extra users.
# The password must be hashed with bcrypt with an at least 10 difficulty level.
# You can use an online tool like: https://passwordhashing.com/BCrypt

# After editing the config, update the ConfigMap
kubectl create configmap dex --from-file=config.yaml=dex-config.yaml -n auth --dry-run -oyaml | kubectl apply -f -

# Restart Dex to pick up the changes in the ConfigMap
kubectl rollout restart deployment dex -n auth

Sample ConfigMaps

# cat dex-config.yaml 
issuer: http://dex.auth.svc.cluster.local:5556/dex
storage:
  type: kubernetes
  config:
    inCluster: true
web:
  http: 0.0.0.0:5556
logger:
  level: "debug"
  format: text
oauth2:
  skipApprovalScreen: true
enablePasswordDB: true
staticPasswords:
- email: admin@kubeflow.org
  hash: $2a$10$ZlsN1af0YJR2EdKRFLBo7OvEUEnNlyU2abqjZzL/Q8qgZApNtRh8a # testtest
  username: admin
  userID: 08a8684b-db88-4b73-90a9-3cd1661f5466

- email: yjwang@kubeflow.org
  hash: $2a$10$ZlsN1af0YJR2EdKRFLBo7OvEUEnNlyU2abqjZzL/Q8qgZApNtRh8a # testtest
  username: yjwang

staticClients:
- id: kubeflow-oidc-authservice
  redirectURIs: ["/login/oidc"]
  name: 'Dex Login Application'
  secret: pUBnBOY80SnXgjibTYM9ZWNzY2xreNGQok

Password 생성

[root@master01 kubeflow]# kubectl get configmap dex -n auth -o jsonpath='{.data.config\.yaml}' > dex-config.yaml
[root@master01 kubeflow]# yum -y install httpd-tools
[root@master01 kubeflow]# htpasswd -bnBC 10 "usr" testtest | cut -d ':' -f 2 | sed 's/2y/2a/'
$2a$10$ZlsN1af0YJR2EdKRFLBo7OvEUEnNlyU2abqjZzL/Q8qgZApNtRh8a