The next step is to access the Keycloak login page using your favourite browser. You can find the IP address of the Keycloak server in the output of the
kubectl get pods command listed above. If Keycloak is running on a remote cluster, you can use sshuttle to help you access it. Run the following commands:
sudo apt install sshuttle -y
sshuttle -r <USERNAME>@<HOST> <keycloak_server>
Then point your browser to
http://<keycloak_server>:8080/ and use the default credentials
admin/admin to log in to Keycloak.
Once you have logged in, navigate to the
Realm Settings screen and click
OpenID Endpoint Configuration. From the JSON code that’s shown, find the
issuer value and make a note of it, as you will need it later.
Now we’re going to create a new
client configuration, so navigate to the
Clients screen and click
Create. Enter your preferred
clientid, for example you could enter “CKF”, select the protocol
openid-connect and hit save. We’ll use the
clientid a bit later, so make a note of the value that you chose.
Access Type to
confidential and in
Valid Redirect URI, add your Charmed Kubeflow deployment’s public URL with the path as follows – it should be similar to
http://<YOUR FQDN>/dex/callback – and press
+. Make a note of this URL as you will need it later. Scroll down and hit
You should now see a new tab at the top of the screen,
Credentials - navigate to it, and make a note of the
client secret as you will need it later.
Add user, and create a new user by filling in
Email, and checking
Email Verified. Hit
Now go to the
Credentials tab and add a new password (unchecking
Client scopes configuration
Navigate to the
Client screen and select your client, eg.
CKF. Navigate to the
Client Scopes tab, Choose
Evaluate enter the username and hit the
evaluate button. Go to the
Generated Access Token tab, and make a note of the
scopes that are shown in the JSON code shown, as you will need this information later. Typically they are likely to be