Red Hat OpenShift Data Science is a cloud platform for developing, training, testing and deploying machine learning (ML) models. Built around a set of open-source technologies, this platform enables data scientists to accelerate their ML workflows and promote the reproducibility of their work, fostering a more robust and practical model deployment.
This article will delve into the Red Hat OpenShift Data Science project while focusing on a recent issue within the platform. I recently encountered a problem wherein the
kubeadmin user could not access the settings page from the Data Science project dashboard. In this article, I will cover how I resolve this problem, hoping it will prove helpful to others who might face a similar situation.
The updated OpenShift Data Science dashboard has a new admin panel designed settings navigation bar for managing various features. These include custom notebook images, user management, cluster settings, and more. However, this section requires specific configurations for it to be enabled.
I encountered an issue where the
kubeadmin user could not access this settings panel, despite being a superuser. This issue arises because the OpenShift Data Science platform determines administrative privileges based on a list of admin users within a group rather than individual users.
To grant access to the settings panel, a user must be included in the admin group we use as a
rhods-admins list group. Here is the general workflow to add a user to the
- In the
OdhDashboardConfigCustom Resource Definition (CRD), we have an attribute named
groupsConfig. Inside it,
adminGroupswill store OpenShift Groups added as admins.
apiVersion: opendatahub.io/v1alpha kind: OdhDashboardConfig metadata: creationTimestamp: null name: odh-dashboard-config namespace: redhat-ods-applications spec: ... groupsConfig: adminGroups: 'rhods-admins' allowedGroups: 'system:authenticated'
- Next, we must define one or more Groups with the same name as the one specified above. Within these groups, we should list all of our admin users.
apiVersion: user.openshift.io/v1 kind: Group metadata: name: rhods-admins users: - <user-name>
To resolve the
kubeadmin access issue, I added
kubeadmin to the
rhods-admins group as shown below:
127.0.0.1 $ oc get group rhods-admins -o yaml apiVersion: user.openshift.io/v1 kind: Group metadata: name: rhods-admins users: - b64:kube:admin
One thing to note here is the use of the
b64: prefix with
kube:admin. Initially, I encountered the following error:
groups.user.openshift.io "rhods-admins" was not valid: * user: Invalid value: "kube:admin": usernames that contain ":" must begin with "b64:"
As it turns out, the OpenShift API specification dictates that usernames containing the
: character must be prefixed with
b64: to be valid. Hence, the correct way to add kubeadmin to the group is
As the OpenShift Data Science project continues to evolve, it's likely that further adjustments may be required. Stay tuned for more insights and tutorials on how to navigate the dynamic landscape of data science in the cloud.