How to test Operator Login
- Deploy the pods
kind delete cluster
kind create cluster --config ~/operator/testing/kind-config.yaml
kubectl apply -k ~/operator/resources
kubectl apply -k ~/operator/examples/kustomization/tenant-tiny
kubectl -n minio-operator port-forward svc/console 9090 <----------------------- MinIO Operator Login (This is the Service)- Get the JWT
SA_TOKEN=$(kubectl -n minio-operator get secret $(kubectl -n minio-operator get serviceaccount console-sa -o jsonpath="{.secrets[0].name}") -o jsonpath="{.data.token}" | base64 --decode)
echo $SA_TOKEN- Go to http://localhost:9090/ and login with above JWT
As a result you will see:
- Deploy all pods in a cluster:
kind delete cluster
kind create cluster --config ~/operator/testing/kind-config.yaml
kubectl apply -k ~/operator/resources
kubectl apply -k ~/operator/examples/kustomization/tenant-tiny- Proxy to get access to internal API
kubectl proxy Your host
+--------------------------------------------------+ +-----------------+
| | | |
| k8s +----------------------------------------+-----+--8001--+ |
| | | | | |
| +------+---+ +---------------------+ | | | |
| | k8s | | | MINIO NAMESPACE | | | | |
| | API | | | | | | |
| | | | +------------+ | | | +------------+ |
| +----------+ | | OPERATOR | | | | | OPERATOR | |
| | +------------+ | | | +------------+ |
| | +------------+ | | | +------------+ |
| | | O-CONSOLE | | | | | O-CONSOLE | |
| | +------------+ | | | +------------+ |
| +---------------------+ | | |
| | | |
| +----------------------------+ | | |
| | TENANT NAMESPACE | | | |
| | | | | |
| | | | | |
| +----------------------------+ | | |
+--------------------------------------------------+ +-----------------+
- To run console server in operator mode:
cd ~/console
make install
~/go/bin/console operator- To open React Page in port 5005 for JS Debug:
cd ~/console/portal-ui
yarn install
yarn build
yarn run start- Login with
any passwordin the UI on port 5005 (Because of the proxy you can use any password only here):
You should see:
- Deploy all pods in a cluster:
kind delete cluster
kind create cluster --config ~/operator/testing/kind-config.yaml
kubectl apply -k ~/operator/resources
kubectl apply -k ~/operator/examples/kustomization/tenant-tiny- Proxy to get access to internal API
kubectl proxy Your host
+--------------------------------------------------+ +-----------------+
| | | |
| k8s +----------------------------------------+-----+--8001--+ |
| | | | | |
| +------+---+ +---------------------+ | | | |
| | k8s | | | MINIO NAMESPACE | | | | |
| | API | | | | | | |
| | | | +------------+ | | | +------------+ |
| +----------+ | | OPERATOR | | | | | OPERATOR | |
| | +------------+ | | | +------------+ |
| | +------------+ | | | +------------+ |
| | | O-CONSOLE | | | | | O-CONSOLE | |
| | +------------+ | | | +------------+ |
| +---------------------+ | | |
| | | |
| +----------------------------+ | | |
| | TENANT NAMESPACE | | | |
| | | | | |
| | | | | |
| +----------------------------+ | | |
+--------------------------------------------------+ +-----------------+
- To run console server in operator mode with
Single Sign Onenabled:
As
MinIOEmployee, you can getAuth 0from Lenin at our Google Drive document.
export CONSOLE_ACCESS_KEY=<some-value>
export CONSOLE_SECRET_KEY=<some-value>
export CONSOLE_HMAC_JWT_SECRET=<some-value>
export CONSOLE_PBKDF_PASSPHRASE=<some-value>
export CONSOLE_PBKDF_SALT=<some-value>
export CONSOLE_M3_HOSTNAME=http://localhost:8787
export CONSOLE_HOSTNAME=0.0.0.0
export CONSOLE_IDP_URL=https://<some-url>/.well-known/openid-configuration
export CONSOLE_IDP_CLIENT_ID=<the-id>
export CONSOLE_IDP_SECRET=<the-secret>
export CONSOLE_IDP_CALLBACK=http://localhost:5005/oauth_callback
export CONSOLE_OPERATOR_SA_TOKEN=<JWT>
export CGO_ENABLED=0
cd ~/console
make install
~/go/bin/console operator- To open React Page in port 5005 for JS Debug:
cd ~/console/portal-ui
yarn install
yarn build
yarn run start- Login with via
SSOmethod:
You should see below after clicking in the button or some similar page depending on the
IDPselected (For Employee's credentials ask Lenin):
Then you should see the Operator Page