1

我希望尝试使用原始的 Kubeflow Pipeline API 来触发管道,但是关于如何进行身份验证的信息很少。我可以在https://www.kubeflow.org/docs/pipelines/reference/api/kubeflow-pipeline-api-spec/中找到的所有信息是:

安全

Bearer
Type: apiKey
--
Name: 授权
In: header

当发送带有无效承载令牌的请求时,我知道它需要一个 JWT,但我不知道如何生成一个。

Invalid IAP credentials: Expected JWT to have 3 parts separated by a '.' but there are 1 parts

不使用可以做到这一点kfp吗?

4

1 回答 1

1

没有 'kfp' 会非常混乱且难以自动化。

无论如何,是一种方法


0) curl -v http://$SERVICE:$PORT

Response:
>> <a href="/dex/auth?client_id=kubeflow-oidc-authservice&amp;redirect_uri=%2Flogin%2Foidc&amp;response_type=code&amp;scope=profile+email+groups+openid&amp;state=STATE_VALUE">Found</a>.

STATE=STATE_VALUE

1) curl -v "http://$SERVICE:$PORT/dex/auth?client_id=kubeflow-oidc-authservice&redirect_uri=%2Flogin%2Foidc&response_type=code&scope=profile+email+groups+openid&amp;state=$STATE_VALUE"
Response:
>> <a href="/dex/auth/local?req=REQ_VALUE">Found</a>

REQ=REQ_VALUE

2) curl -v 'http://$SERVICE:$PORT/dex/auth/local?req=REQ_VALUE' -H 'Content-Type: application/x-www-form-urlencoded' --data 'login=admin%40kubeflow.org&password=12341234'

3) curl -v 'http://$SERVICE:$PORT/dex/approval?req=$REQ_VALUE'

Response:
>> <a href="/login/oidc?code=CODE_VALUE&amp;state=STATE_VALUE">See Other</a>.

CODE=CODE_VALUE

4) curl -v 'http://$SERVICE:$PORT/login/oidc?code=$CODE_VALUE&amp;state=$STATE_VALUE'

Response:
>> set cookie authservice_session=SESSION

5) curl -v 'http://$SERVICE:$PORT/pipeline/apis/v1beta1/pipelines' -H 'Cookie: authservice_session=SESSION'

Response:
>> 200 OK { ... }
于 2020-12-04T03:42:43.873 回答