Prerequisites
Kubernetes v1.21.5
a default Storage Class before install kubeflow
kubesphere v3.3
Install Kubesphere
https://kubesphere.io/docs/v3.3/installing-on-kubernetes/introduction/overview/
Execute the following commands to start installation:
kubectl apply -f https://github.com/kubesphere/ks-installer/releases/download/v3.3.1/kubesphere-installer.yaml
kubectl apply -f https://github.com/kubesphere/ks-installer/releases/download/v3.3.1/cluster-configuration.yaml
Use kubectl get pod --all-namespaces to see whether all pods are running normally in relevant namespaces of KubeSphere. If they are, check the port (30880 by default) of the console through the following command:
kubectl get svc/ks-console -n kubesphere-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ks-console NodePort 10.233.28.132 80:30880/TCP 11m
Make sure port 30880 is opened in security groups and access the web console through the NodePort (IP:30880) with the default account and password (admin/P@88w0rd).
keycloak setting on Kubesphere
Edit kubesphere setting.
kubectl -n kubesphere-system edit cc ks-installer
alerting: enabled: false auditing: enabled: false authentication: authenticateRateLimiterDuration: 10m0s authenticateRateLimiterMaxTries: 100 // default 10 jwtSecret: "" oauthOptions: accessTokenInactivityTimeout: 30m accessTokenMaxAge: 1h identityProviders: - mappingMethod: auto name: keycloak provider: clientID: kubesphere clientSecret: RfVoSi9W2zM2bIKRd7bZWz0z1FP0oSsm idTokenSkipVerify: true issuer: 'https://{keycloak-server}:{keycloak-port}/realms/{your_reaml}' redirectURL: 'http://{kubesphere-server}:30880/oauth/redirect/keycloak' scopes: - openid - email - profile type: OIDCIdentityProvider common: core:
To prevent the Vanned from system, Change authenticateRateLimiterMaxTries 10 to 100 or something.
kubectl rollout restart -n kubesphere-system deploy ks-installer
kubectl rollout restart -n kubesphere-system deploy ks-apiserver
keycloak
keycloak 에 유저 만들기
keyclaok에client 세팅
