Red Hat OpenShift Data Science is a cloud platform for developing, training, testing and deploying machine learning (ML) models. Built around a set of open-source technologies, this platform enables data scientists to accelerate their ML workflows and promote the reproducibility of their work, fostering a more robust and practical model deployment.
This article will delve into the Red Hat OpenShift Data Science project while focusing on a recent issue within the platform. I recently encountered a problem wherein the kubeadmin user could not access the settings page from the Data Science project dashboard. In this article, I will cover how I resolve this problem, hoping it will prove helpful to others who might face a similar situation.
Issue Encountered
The updated OpenShift Data Science dashboard has a new admin panel designed settings navigation bar for managing various features. These include custom notebook images, user management, cluster settings, and more. However, this section requires specific configurations for it to be enabled.
I encountered an issue where the kubeadmin user could not access this settings panel, despite being a superuser. This issue arises because the OpenShift Data Science platform determines administrative privileges based on a list of admin users within a group rather than individual users.
Checkout Youtube for the solution
Enabling the RHODS Settings Panel
To grant access to the settings panel, a user must be included in the admin group we use as a rhods-admins list group. Here is the general workflow to add a user to the rhods-admins group:
- In the
OdhDashboardConfigCustom Resource Definition (CRD), we have an attribute namedgroupsConfig. Inside it,adminGroupswill store OpenShift Groups added as admins.
apiVersion: opendatahub.io/v1alpha
kind: OdhDashboardConfig
metadata:
creationTimestamp: null
name: odh-dashboard-config
namespace: redhat-ods-applications
spec:
...
groupsConfig:
adminGroups: 'rhods-admins'
allowedGroups: 'system:authenticated'
- Next, we must define one or more Groups with the same name as the one specified above. Within these groups, we should list all of our admin users.
apiVersion: user.openshift.io/v1
kind: Group
metadata:
name: rhods-admins
users:
- <user-name>
Resolving the kubeadmin Access Issue
To resolve the kubeadmin access issue, I added kubeadmin to the rhods-admins group as shown below:
127.0.0.1 $ oc get group rhods-admins -o yaml
apiVersion: user.openshift.io/v1
kind: Group
metadata:
name: rhods-admins
users:
- b64:kube:admin
One thing to note here is the use of the b64: prefix with kube:admin. Initially, I encountered the following error:
groups.user.openshift.io "rhods-admins" was not valid:
* user[0]: Invalid value: "kube:admin": usernames that contain ":" must begin with "b64:"
As it turns out, the OpenShift API specification dictates that usernames containing the : character must be prefixed with b64: to be valid. Hence, the correct way to add kubeadmin to the group is b64:kube:admin.
This fixes the issue immediately.
As the OpenShift Data Science project continues to evolve, it's likely that further adjustments may be required. Stay tuned for more insights and tutorials on how to navigate the dynamic landscape of data science in the cloud.
Top comments (1)
Ah, lovely \o/ The kubeadmin vs b64:kube:admin got me as well... Thanks!