K
Q

How to provide access to Kubeflow on GKE?

12/10/2018

I have followed the steps in Kubernetes Engine for Kubeflow.

The deployment went fine and all pods/services are up, including the endpoint at https://<name>.endpoints.<project>.cloud.goog/, with the correct <name> and <project> of course.

When I went to the above url, I was redirected to a "Sign in with Google" page. I assumed that OAuth was also configured correctly.

However, after signing in, I was shown an Access Denied page below.

Is there another way to provide access? I thought it was handled by OAuth.

Access Denied

-- Azmi Kamis
google-kubernetes-engine
kubeflow
kubernetes

Similar Questions

Why Azure AKS Service IP address is not accessible
Pod be scheduled in untainted master with lower priority?
helm install stable/jenkins failed: PodInitializing
How to upgrade kubectl client version

1 Answer

12/11/2018

The deployment created by kfctl.sh in "Deploy Kubeflow on GKE using the command line" also creates a load balancer resource for the ingress into the cluster and secures it using Cloud Identity-Aware Proxy (IAP).

To allow access to the resource for new users, go to:

Google Cloud Console > IAM & Admin > Identity-Aware Proxy

Select the desired resource and click "Add Member".

Fill in the user in the "Access Denied" page and select "Cloud IAP > IAP-Secured Web App User" for role.

Once the policy change is propagated, the user will be able to access the URL successfully.

-- Azmi Kamis
Source: StackOverflow