diff --git a/content/docs/gke/deploy/deploy-cli.md b/content/docs/gke/deploy/deploy-cli.md index 5463994478..59457af4ce 100644 --- a/content/docs/gke/deploy/deploy-cli.md +++ b/content/docs/gke/deploy/deploy-cli.md @@ -148,8 +148,6 @@ Follow these steps to deploy Kubeflow: [Cloud DNS](https://cloud.google.com/dns/docs/) then you can configure this process to be much faster. See [kubeflow/kubeflow#731](https://github.com/kubeflow/kubeflow/issues/731). - * While you wait you can access Kubeflow services by using `kubectl proxy` - and `kubectl port-forward` to connect to services in the cluster. 1. We recommend that you check in the contents of your **${KFAPP}** directory into source control. diff --git a/content/docs/gke/deploy/deploy-ui.md b/content/docs/gke/deploy/deploy-ui.md index 1fe199239f..505c9acbba 100644 --- a/content/docs/gke/deploy/deploy-ui.md +++ b/content/docs/gke/deploy/deploy-ui.md @@ -32,11 +32,7 @@ Follow these steps to open the deployment UI and deploy Kubeflow on GCP: * **Project:** Enter your GCP project ID. * **Deployment name:** Enter a short name that you can use to recognize this - deployment of Kubeflow. If you plan to use [Cloud Identity-Aware Proxy - (Cloud IAP)](https://cloud.google.com/iap/docs/) for access control (see - the next option below), make sure you use the same deployment name - on the deployment UI and when [creating the OAuth - client ID](/docs/gke/deploy/oauth-setup/). + deployment of Kubeflow. The maximum length for the deployment name is 25 characters. * **Choose how to connect to Kubeflow:** You can choose one of the following options: @@ -49,9 +45,9 @@ Follow these steps to open the deployment UI and deploy Kubeflow on GCP: * **Login with Username Password:** Choose this option if you want to allow users to access Kubeflow with a username and password, that is, with basic authentication. See more details [below](#basic-auth). - * **Setup Endpoint later:** Choose this option if you want to skip - the authentication process and set up the URI for the Kubeflow UI later. - See more details [below](#later-auth). + * **Setup Endpoint later:** *(Not recommended.)* Choose this option if you + want to skip the authentication process and set up the URI for the + Kubeflow UI later. See more details [below](#later-auth). * **GKE zone:** Enter the [GCP zone](https://cloud.google.com/compute/docs/regions-zones/) in which @@ -120,16 +116,12 @@ password) to control access to Kubeflow. 1. Click **Kubeflow Service Endpoint** to access your Kubeflow URI. -## Setting up your endpoint later +## Setting up your endpoint later (not recommended) You can choose to deploy Kubeflow without creating an endpoint for the Kubeflow service. 1. Choose the **Setup Endpoint later** option on the Kubeflow deployment UI. -1. Click **Port Forward** to set up port forwarding and access your Kubeflow - cluster at `http://localhost:8080/`. For more information about port - forwarding, see the guide to - [accessing the Kubeflow UIs](/docs/other-guides/accessing-uis/). 1. Finish the setup later by inserting your OAuth client into the Kubeflow cluster. Read more about [customizing Kubeflow](/docs/gke/customizing-gke/) and diff --git a/content/docs/gke/pipelines-tutorial.md b/content/docs/gke/pipelines-tutorial.md index 4ab5d3b87e..e57ccf55da 100644 --- a/content/docs/gke/pipelines-tutorial.md +++ b/content/docs/gke/pipelines-tutorial.md @@ -121,9 +121,7 @@ Set up the following environment variables for use throughout the tutorial: 1. If you want a custom name for your Kubeflow deployment, set the `DEPLOYMENT_NAME` environment variable. The deployment name must be - **4-20 characters** in length. Note that the name must be the same - as the one you use in later steps of this tutorial when configuring the - **redirect URI** for the OAuth client credentials. If you don't set this + **4-20 characters** in length. If you don't set this environment variable, your deployment gets the default name of `kubeflow`: ``` @@ -212,11 +210,10 @@ Notes: * It can take 10-15 minutes for the URI to become available. Kubeflow needs to provision a signed SSL certificate and register a DNS name. - * If you own/manage the domain or a subdomain with [Cloud DNS][dns] - then you can configure this process to be much faster. See - [kubeflow/kubeflow#731](https://github.com/kubeflow/kubeflow/issues/731). - * While you wait you can access Kubeflow services by using `kubectl proxy` - and `kubectl port-forward` to connect to services in the cluster. + + If you own/manage the domain or a subdomain with [Cloud DNS][dns] + then you can configure this process to be much faster. See + [kubeflow/kubeflow#731](https://github.com/kubeflow/kubeflow/issues/731). ### Create a Cloud Storage bucket diff --git a/content/docs/gke/troubleshooting-gke.md b/content/docs/gke/troubleshooting-gke.md index 1bb5212de9..2f66eed8cc 100644 --- a/content/docs/gke/troubleshooting-gke.md +++ b/content/docs/gke/troubleshooting-gke.md @@ -283,9 +283,6 @@ Events: ### Fixing the problem -Note: You can ignore the error you have not enabled Cloud IAP for the cluster, -that is, if you are connecting via a port-forward. - If you have any redundant Kubeflow deployments, you can delete them using the [Deployment Manager](https://cloud.google.com/deployment-manager/docs/). diff --git a/content/docs/other-guides/accessing-uis.md b/content/docs/other-guides/accessing-uis.md index b65c36e4bf..be322788bf 100644 --- a/content/docs/other-guides/accessing-uis.md +++ b/content/docs/other-guides/accessing-uis.md @@ -7,17 +7,9 @@ weight = 1 Kubeflow includes a number of web user interfaces (UIs). This document provides instructions on how to connect to them. -To access the Kubeflow UI's you need to connect to the -[ISTIO gateway](https://istio.io/docs/concepts/traffic-management/#gateways) that -provides access to the Kubeflow -[service mesh](https://istio.io/docs/concepts/what-is-istio/#what-is-a-service-mesh). - -How you access the ISTIO gateway will vary depending on how you've configured it. +## Overview of Kubeflow UIs - -## Accessing Kubeflow web UIs - -The Kubeflow web UIs include the following: +The Kubeflow UIs include the following: * A central **Kubeflow** UI for navigation between the Kubeflow applications. * **Pipelines** for a Kubeflow Pipelines dashboard @@ -36,6 +28,15 @@ The central UI dashboard looks like this: alt="Kubeflow central UI" class="mt-3 mb-3 border border-info rounded"> +## Overview of accessing the Kubeflow UIs + +To access the Kubeflow UIs, you need to connect to the +[Istio gateway](https://istio.io/docs/concepts/traffic-management/#gateways) that +provides access to the Kubeflow +[service mesh](https://istio.io/docs/concepts/what-is-istio/#what-is-a-service-mesh). + +How you access the Istio gateway varies depending on how you've configured it. + ## URL pattern with Google Cloud Platform (GCP) If you followed the guide to [deploying Kubeflow on GCP](/docs/gke/deploy/), @@ -56,14 +57,22 @@ guide to ## Using kubectl and port-forwarding If you didn't configure Kubeflow to integrate with an identity provider and perform -any authorization then you can port-forward directly to the ISTIO gateway. +any authorization then you can port-forward directly to the Istio gateway. + +Port-forwarding typically does not work if any of the following are true: -Port-forwarding typically won't work if any of the following are true + * You've deployed Kubeflow on GCP using the + [GCP deployment UI](/docs/gke/deploy/deploy-ui/) or the default settings + with the [CLI deployment](/docs/gke/deploy/deploy-cli/). (If you want to + use port forwarding, you must deploy Kubeflow on an existing Kubernetes + cluster using the [`kfctl_k8s_istio` + configuration](/docs/started/k8s/kfctl-k8s-istio/).) - * you've configured the ISTIO ingress to only accept -HTTPS traffic on a specific domain or IP address + * You've configured the Istio ingress to only accept + HTTPS traffic on a specific domain or IP address. - * you've configured the ISTIO ingress to perform an authorization check (e.g. using IAP or Dex) + * You've configured the Istio ingress to perform an authorization check + (for example, using Cloud IAP or [Dex](https://github.com/dexidp/dex)). You can access Kubeflow via `kubectl` and port-forwarding as follows: @@ -76,7 +85,7 @@ You can access Kubeflow via `kubectl` and port-forwarding as follows: installation guide](https://kubernetes.io/docs/tasks/tools/install-kubectl/). 1. Use the following command to set up port forwarding to the - [ISTIO gateway](https://istio.io/docs/tasks/traffic-management/ingress/ingress-control/). + [Istio gateway](https://istio.io/docs/tasks/traffic-management/ingress/ingress-control/). {{% code-webui-port-forward %}} @@ -86,8 +95,6 @@ You can access Kubeflow via `kubectl` and port-forwarding as follows: http://localhost:8080/ ``` - * Port-forwarding will not work if you're using basic authentication with GCP. - * Depending on how you've configured Kubeflow, not all UIs work behind port-forwarding to the reverse proxy.