如何使用 Kubeflow 管道进行身份验证 API
How to authenticate with Kubeflow Pipelines API
我希望尝试使用原始 Kubeflow 管道 API 触发管道,但关于如何进行身份验证的信息很少。我在 https://www.kubeflow.org/docs/pipelines/reference/api/kubeflow-pipeline-api-spec/ 中可以找到的所有信息是:
Security
Bearer
Type: apiKey
--
Name: authorization
In: header
当发送带有无效持有者令牌的请求时,我知道它需要一个 JWT,但我不知道如何生成一个。
Invalid IAP credentials: Expected JWT to have 3 parts separated by a '.' but there are 1 parts
是否可以在不使用 kfp 的情况下执行此操作?
没有 'kfp' 会非常混乱并且难以自动化。
无论如何,here是一种方式
0) curl -v http://$SERVICE:$PORT
Response:
>> <a href="/dex/auth?client_id=kubeflow-oidc-authservice&redirect_uri=%2Flogin%2Foidc&response_type=code&scope=profile+email+groups+openid&state=STATE_VALUE">Found</a>.
STATE=STATE_VALUE
1) curl -v "http://$SERVICE:$PORT/dex/auth?client_id=kubeflow-oidc-authservice&redirect_uri=%2Flogin%2Foidc&response_type=code&scope=profile+email+groups+openid&state=$STATE_VALUE"
Response:
>> <a href="/dex/auth/local?req=REQ_VALUE">Found</a>
REQ=REQ_VALUE
2) curl -v 'http://$SERVICE:$PORT/dex/auth/local?req=REQ_VALUE' -H 'Content-Type: application/x-www-form-urlencoded' --data 'login=admin%40kubeflow.org&password=12341234'
3) curl -v 'http://$SERVICE:$PORT/dex/approval?req=$REQ_VALUE'
Response:
>> <a href="/login/oidc?code=CODE_VALUE&state=STATE_VALUE">See Other</a>.
CODE=CODE_VALUE
4) curl -v 'http://$SERVICE:$PORT/login/oidc?code=$CODE_VALUE&state=$STATE_VALUE'
Response:
>> set cookie authservice_session=SESSION
5) curl -v 'http://$SERVICE:$PORT/pipeline/apis/v1beta1/pipelines' -H 'Cookie: authservice_session=SESSION'
Response:
>> 200 OK { ... }
我希望尝试使用原始 Kubeflow 管道 API 触发管道,但关于如何进行身份验证的信息很少。我在 https://www.kubeflow.org/docs/pipelines/reference/api/kubeflow-pipeline-api-spec/ 中可以找到的所有信息是:
Security
Bearer
Type: apiKey
--
Name: authorization
In: header
当发送带有无效持有者令牌的请求时,我知道它需要一个 JWT,但我不知道如何生成一个。
Invalid IAP credentials: Expected JWT to have 3 parts separated by a '.' but there are 1 parts
是否可以在不使用 kfp 的情况下执行此操作?
没有 'kfp' 会非常混乱并且难以自动化。
无论如何,here是一种方式
0) curl -v http://$SERVICE:$PORT
Response:
>> <a href="/dex/auth?client_id=kubeflow-oidc-authservice&redirect_uri=%2Flogin%2Foidc&response_type=code&scope=profile+email+groups+openid&state=STATE_VALUE">Found</a>.
STATE=STATE_VALUE
1) curl -v "http://$SERVICE:$PORT/dex/auth?client_id=kubeflow-oidc-authservice&redirect_uri=%2Flogin%2Foidc&response_type=code&scope=profile+email+groups+openid&state=$STATE_VALUE"
Response:
>> <a href="/dex/auth/local?req=REQ_VALUE">Found</a>
REQ=REQ_VALUE
2) curl -v 'http://$SERVICE:$PORT/dex/auth/local?req=REQ_VALUE' -H 'Content-Type: application/x-www-form-urlencoded' --data 'login=admin%40kubeflow.org&password=12341234'
3) curl -v 'http://$SERVICE:$PORT/dex/approval?req=$REQ_VALUE'
Response:
>> <a href="/login/oidc?code=CODE_VALUE&state=STATE_VALUE">See Other</a>.
CODE=CODE_VALUE
4) curl -v 'http://$SERVICE:$PORT/login/oidc?code=$CODE_VALUE&state=$STATE_VALUE'
Response:
>> set cookie authservice_session=SESSION
5) curl -v 'http://$SERVICE:$PORT/pipeline/apis/v1beta1/pipelines' -H 'Cookie: authservice_session=SESSION'
Response:
>> 200 OK { ... }