Console Setup
Before You Start #
You must have Pachyderm installed using one of the following guides:
Deploy #
- Set up your Proxy and DNS and point your browser to:
http://<external-IP-address-or-domain-name>:80or,https://<external-IP-address-or-domain-name>:443if TLS is enabled
- Set up your IDP during deployment.
Note
You can use the mock user (username: admin, password:password) to login to Console when authentication is enabled but no Identity provider was wired (Enterprise). - Configure your Identity Provider
- As Part of Helm: To configure your Identity Provider as a part of
helm install, see examples for theoidc.upstreamIDPsvalue in the helm chart values specification and read our IDP Configuration page for a better understanding of each field. - Manually via Values.yaml: You can manually update your values.yaml with
oidc.mockIDP = false.
- As Part of Helm: To configure your Identity Provider as a part of
- Connect.
You are all set! You should land on the Projects page of Console.
Enterprise + Helm #
When Enterprise is enabled through Helm, Auth is automatically activated. This means that you do not need to run pachctl auth activate; a pachyderm-auth Kubernetes secret is created which contains a rootToken key. Use {{"kubectl get secret pachyderm-auth -o go-template='{{.data.rootToken | base64decode }}'"}} to retrieve it and save it where you see fit.
Considerations #
- If you run
pachctl auth activate, the secret is not updated. Instead, the rootToken is printed in your STDOUT for you to save; the same behavior applies if you activate enterprise manually (pachctl license activate) and then activate authentication (pachctl auth activate). - You can set the helm value
pachd.activateAuthto false to prevent the automatic bootstrap of auth on the cluster.