Create Local Users after Installing Kommander
Create local users after you install the Kommander component of DKP. If you have not installed Kommander yet, and want to create additional users during the installation, see Create Local Users during the Kommander Installation.
D2iQ does not recommend creating local users for production clusters. See Identity Providers for instructions on how to configure an external identity provider to manage your users.
Customize the Dex AppDeployment, and add a configOverrides
section.
Create a
configMap
resource with the credentials of the new local user:
Replace<example_email>
with the user's email address or a username.
Replace<password_bcrypt_hash>
with the bcrypt hash of the password you want to assign. You can use the htpasswd CLI to create the hash of a specific password. For example, by runninghtpasswd -bnBC 10 "" password | tr -d ':\n' && echo
you can generate the hash for the password “password”.CODEcat <<EOF | kubectl apply -f - apiVersion: v1 kind: ConfigMap metadata: name: dex-overrides namespace: kommander data: values.yaml: | config: staticPasswords: - email: <example_email> hash: <password_bcrypt_hash> EOF
Open the Dex AppDeployment to edit it:
CODEkubectl edit -n kommander appdeployment dex
The editor displays the AppDeployment.
Copy the following values and paste them in a location in the file where they are nested in the
spec
field:CODEconfigOverrides: name: dex-overrides
Example:
CODEapiVersion: apps.kommander.d2iq.io/v1alpha3 kind: AppDeployment metadata: ... spec: appRef: kind: ClusterApp name: dex-2.11.1 clusterConfigOverrides: - clusterSelector: matchExpressions: - key: kommander.d2iq.io/cluster-name operator: In values: - host-cluster configMapName: dex-kommander-overrides configOverrides: # Copy and paste this section. name: dex-overrides status: ...
Editing the AppDeployment restarts the HelmRelease for Dex. The new users will be created after the reconciliation. However, the user creation is not completed until you assign it permissions.
You have created a user that does not have any permissions to see or manage your DKP cluster yet. Add RBAC Roles to Local Users to complete the configuration.