Deploy Console¶
Important
To deploy Pachyderm's Console, an Enterprise License is required.
Note that this section is an add-on to the deployment of Pachyderm, locally or in the cloud. It details the additional steps required to install and access your Console.
- If you plan to deploy in the cloud, this section will complement your values.yaml (find Pachyderm's deployment instructions matching your target (AWS, Google, Azure...) in the Deploy section of the documentation).
- To deploy locally, follow the instructions below.
Deploy Locally¶
Reminder
A local installation helps you learn some of the Pachyderm basics and experiment with the product. It is not designed to be a production environment.
We provide an easy "one line" deployment command to install Pachyderm with Console on a local environment. All you need is your enterprise token and a Kubernetes cluster running on your local environment.
Follow the deployment instructions in our Local Installation page. You are all set!
Note
When installing, we create a default mock user (username:admin
, password: password
) to authenticate to Console without the hassle of connecting your Identity Provider.
Deploy In The Cloud¶
The deployment of Console in your favorite Cloud usually requires, at a minimum, the set up an Ingress (see below), the activation of Authentication, and the setup of a DNS.
- You can opt for a quick installation that will alleviate those infrastructure constraints (Not recommended in Production but an easy way to get started) and speed up your installation by following the steps in our Quick Cloud Deployment page, then connect to your Console:
Reminder
- Use the mock user (username:
admin
, password:password
) to authenticate to Console.
-
For a production environment:
- Set up your Ingress and DNS.
- Set up your IDP during deployment. To configure your Identity Provider as a part of
helm install
, see examples for theoidc.upstreamIDPs
value in the helm chart values specification and read our IDP Configuration page for a better understanding of each field. - Or manually update your values.yaml with
oidc.mockIDP = false
then set up an Identity Provider by usingpachctl
.
Warning
-
When enterprise is enabled through Helm, auth is automatically activated (i.e., you do not need to run
pachctl auth activate
) and apachyderm-bootstrap-config
k8s secret is created containing an entry for your rootToken. Usekubectl get secret pachyderm-bootstrap-config -o go-template='{{.data.rootToken | base64decode }}'
to retrieve it and save it where you see fit.However, this secret is only used when configuring through helm:
- If you run
pachctl auth activate
, the secret is not updated. Instead, the rootToken is printed in your STDOUT for you to save. - Same behavior if you activate enterprise manually (
pachctl license activate
) then activate authentication (pachctl auth activate
).
- If you run
-
Set the helm value
pachd.activateAuth
to false to prevent the automatic bootstrap of auth on the cluster.
Connect to Console¶
-
Run
pachctl port-forward
(Background this process in a new tab of your terminal). -
Connect to your Console (Pachyderm UI):
- Point your browser to
http://localhost:4000
- Authenticate as the mock User using
admin
&password
- Point your browser to
-
Point your browser to:
http://<external-IP-address-or-domain-name>:80
or,https://<external-IP-address-or-domain-name>:443
if TLS is enabled
-
Authenticate:
- As the mock User using
admin
&password
if you used the mockIDP. - As a User of your IdP otherwise.
- As the mock User using
You are all set! You should land on the Projects page of Console.