-
Notifications
You must be signed in to change notification settings - Fork 828
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Is there a way to make open profile for every ldap users? #2619
Comments
Hello, please run this trough a spell checker first. I cannot decipher what you want to say in English. |
So what I want is to make a Profile(Namespace) that every ldap users can use. |
That is propably something that you have to handle in LDAP outside of Kubeflow. |
@korjwl1 AFAIK, currently this is not possible in KF. But, if you were able to get a full list of emails of every user that should have access to this open KF Profile, you can engineer something that will create a Considering you're allowing every user to have their own KF Profile, each of your users can be represented by the instance of Profile CRD. You could create some minimalist K8s Controller that for every KF Profile will create instances of Alternatively, if not every KF User have their own KF Profile, your controller could list every RoleBinding in every KF Profile, filter over those with prefix Or, you could develop a controller that has RO access to your LDAP with logic to create RoleBindings and AuthorizationPolicies for every user in given group(s) (you would have to map somehow the LDAP Group <-> KF Profile though in your controller). This would be like an in-house developed KF Group Management functionality (although based on a workaround). Please note that all of the ideas in this comment are based on a workaround and something you'd have to develop on your own, although you may receive some guidance. I have experience in writing such tools and K8s Controllers in general so I could provide some help. |
Our group is using Kubeflow with LDAP login right now.
I let every user to make their own namespaces but then have some problem.
Since we are using very limited gpu nodes, it is quite hard to know whether there is any gpu nodes left or not.
The best solution I think is to make every user to use a single profile.
Is there any way to make a open profile so that every ldap users will be joined automatically even when a new ldap user comes in?
The text was updated successfully, but these errors were encountered: