Menu
I have followed the steps in Kubernetes Engine for Kubeflow.
The deployment went fine and all pods/services are up, including the endpoint at https://<name>.endpoints.<project>.cloud.goog/, with the correct <name> and <project> of course.
When I went to the above url, I was redirected to a "Sign in with Google" page. I assumed that OAuth was also configured correctly.
However, after signing in, I was shown an Access Denied page below.
Is there another way to provide access? I thought it was handled by OAuth.
556
The deployment created by kfctl.sh in "Deploy Kubeflow on GKE using the command line" also creates a load balancer resource for the ingress into the cluster and secures it using Cloud Identity-Aware Proxy (IAP).
To allow access to the resource for new users, go to:
Google Cloud Console > IAM & Admin > Identity-Aware Proxy
Select the desired resource and click "Add Member".
Fill in the user in the "Access Denied" page and select "Cloud IAP > IAP-Secured Web App User" for role.
Once the policy change is propagated, the user will be able to access the URL successfully.
182
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
