Documented about how to change default password in README.md

Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>
biswajit-9776 · Jul 14, 2024 · 9a0b306 · 9a0b306
1 parent 473b103
commit 9a0b306
Showing 1 changed file with 29 additions and 8 deletions.
diff --git a/README.md b/README.md
@@ -465,25 +465,46 @@ If you absolutely need to expose Kubeflow over HTTP, you can disable the `Secure
 
 ### Change default user password
 
-For security reasons, we don't want to use the default password for the default Kubeflow user when installing in security-sensitive environments. Instead, you should define your own password before deploying. To define a password for the default user:
+For security reasons, we don't want to use the default password for the default Kubeflow user when installing in security-sensitive environments. Instead, you should define your own password and apply it either **before creating the cluster** or **after creating the cluster**. 
 
-1. Pick a password for the default user, with email `user@example.com`, and hash it using `bcrypt`:
-
-TODO this changed slightly in https://github.com/kubeflow/manifests/pull/2669 and https://github.com/kubeflow/manifests/pull/2229
+Pick a password for the default user, with email `user@example.com`, and hash it using `bcrypt`:
 
     ```sh
     python3 -c 'from passlib.hash import bcrypt; import getpass; print(bcrypt.using(rounds=12, ident="2y").hash(getpass.getpass()))'
     ```
 
-2. Edit `common/dex/base/config-map.yaml` and fill the relevant field with the hash of the password you chose:
+#### Before creating the cluster:
+
+1. Edit `common/dex/base/dex-passwords.yaml` and fill the relevant field with the hash of the password you chose:
 
     ```yaml
     ...
-      staticPasswords:
-      - email: user@example.com
-        hash: <enter the generated hash here>
+      stringData:
+        DEX_USER_PASSWORD: <replace the generated hash here>
+    ```
+
+#### After creating the cluster:
+
+1. Delete the existing secret _dex-passwords_ in auth namespace using the following command:
+
+    ```sh
+    kubectl delete secret dex-passwords -n auth
+    ```
+
+3. Create secret dex-passwords with new hash using the following command:
+
+    ```sh
+    kubectl create secret generic dex-passwords --from-literal=DEX_USER_PASSWORD='<place the generated hash here' -n auth
+    ```
+
+4. Restart the _dex_ pod in auth namespace using the following command:
+
+    ```sh
+    kubectl delete pods --all -n auth
     ```
 
+5. Try to login using the new dex password.
+
 ## Upgrading and extending
 
 For modifications and in place upgrades of the Kubeflow platform we provide a rough description for advanced users: