# Step 3: Create credentials using JWT token via web server
API_URL="http://${NODE_IP}:30080/api/v2.31/auth.create_credentials"
PAYLOAD='{"label": "k8s-agent-credentials"}'
RESPONSE=$(curl -s -X POST \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $TOKEN" \
-d "$PAYLOAD" \
"$API_URL")
So im setting the server like this:
global:
defaultStorageClass: $STORAGE_CLASS
apiserver:
replicaCount: 1
resources:
requests:
cpu: "200m"
memory: "512Mi"
limits:
cpu: "2000m"
memory: "4Gi"
service:
type: NodePort
nodePort: 30008
port: 8008
additionalConfigs:
secure.conf: |
{
"http": {
"session_secret": {
"apiserver": "V8gcW3EneNDcNfO7G_TSUsWe7uLozyacc9_I33o7bxUo8rCN31VLRg"
}
},
"auth": {
"fixed_users": {
"enabled": true,
"pass_hashed": false,
"users": [
{"username": "admin", "password": "$ADMIN_PASS", "name": "Administrator"},
{"username": "user1", "password": "clearml456!", "name": "Regular User"}
]
},
"token_secret": "AAAAAA"
}
}
webserver:
replicaCount: 1
resources:
requests:
cpu: "100m"
memory: "256Mi"
limits:
cpu: "1000m"
memory: "2Gi"
service:
type: NodePort
nodePort: 30080
port: 8080
fileserver:
replicaCount: 1
resources:
requests:
cpu: "100m"
memory: "256Mi"
limits:
cpu: "1000m"
memory: "2Gi"
service:
type: NodePort
nodePort: 30081
port: 8081
storage:
data:
class: $STORAGE_CLASS
size: 50Gi
ingress:
enabled: false
elasticsearch:
enabled: true
master:
replicas: 1
persistence:
enabled: true
storageClass: $STORAGE_CLASS
size: 20Gi
data:
replicas: 1
persistence:
enabled: true
storageClass: $STORAGE_CLASS
size: 50Gi
mongodb:
enabled: true
replicaCount: 1
persistence:
enabled: true
storageClass: $STORAGE_CLASS
size: 20Gi
redis:
enabled: true
master:
persistence:
enabled: true
storageClass: $STORAGE_CLASS
size: 10Gi
then
helm install clearml clearml/clearml \
--namespace "$NS" \
--values /tmp/server-values.yaml \
--wait \
--timeout "$TMO"
with this i have full acess to the running server, and can create the credentials via UI with no problem
yes that was my understanding but:
From browser network analysis:
- Create User :
POST /api/v2.31/auth.create_uservia port 30080- Payload:{"email": "...", "name": "...", "company": "...", "given_name": "...", "family_name": "..."} - Response: User ID- Login :
POST /api/v2.31/auth.loginvia port 30080- Payload:{"username": "username"} - Response: JWT token- Create Credentials :
POST /api/v2.31/auth.create_credentialsvia port 30080- Headers:Authorization: Bearer <JWT_TOKEN> - Response:
{"access_key": "...", "secret_key": "..."}
but no mater what i get Unauthorized (missing credentials) when trying programatically
How are you trying it programatically? Are you providing API keys for authentication?
this is how i am doing it and Its prob something simple that i am missing
But in all of them i get missing credentials Unauthorized (missing credentials)
What i intended to do was via calls do the same so i can automate it
examples that i tested:
# Step 1: Create a user via the web UI API
CREATE_USER_URL="http://${NODE_IP}:30080/api/v2.31/auth.create_user"
USER_PAYLOAD='{"email": "k8s-agent@clearml.ai", "name": "k8s-agent", "company": "clearml", "given_name": "k8s", "family_name": "agent"}'
CREATE_USER_RESPONSE=$(curl -s -X POST \
-H "Content-Type: application/json" \
-d "$USER_PAYLOAD" \
"$CREATE_USER_URL")
# Step 2: Login via web UI API
LOGIN_URL="http://${NODE_IP}:30080/api/v2.31/auth.login"
LOGIN_PAYLOAD='{"username": "k8s-agent"}'
LOGIN_RESPONSE=$(curl -s -X POST \
-H "Content-Type: application/json" \
-d "$LOGIN_PAYLOAD" \
"$LOGIN_URL")
#Step 4: Using the configured admin credentials for initial authentication
curl -s -X POST \
-H "Content-Type: application/json" \
-u "admin:mypassword123" \
-d "$USER_PAYLOAD" \
"$CREATE_USER_URL"
curl -s -X POST \
-H "Content-Type: application/json" \
-d '{"username": "admin", "password": "clearml123!"}' \
"
"
{"meta":{"id":"db21b4b3124f4bdda14c00f60c621599","trx":"db21b4b3124f4bdda14c00f60c621599","endpoint":{"name":"auth.login","requested_version":"2.31","actual_version":"1.0"},"result_code":401,"result_subcode":20,"# First, try to login as adminsing credentials)","error_stack":null,"error_data":{}},"data":{}}
Hi @<1811208768843681792:profile|BraveGrasshopper38> , you can do anything programatically that you can do via the webUI. I suggest opening dev tools (F12) and checking what is being sent in the network tab when you create credentials.
i also tried to match it with the secure.conf
Defaulted container "clearml-apiserver" out of: clearml-apiserver, init-apiserver (init)
{
"http": {
"session_secret": {
"apiserver": "V8gcW3EneNDcNfO7G_TSUsWe7uLozyacc9_I33o7bxUo8rCN31VLRg"
}
},
"auth": {
"fixed_users": {
"enabled": true,
"pass_hashed": false,
"users": [
{"username": "admin", "password": "clearml123!", "name": "Administrator"},
{"username": "user1", "password": "clearml456!", "name": "Regular User"}
]
},
"token_secret": "Rq8FW84sSqVgq7WvBB_4EzNl9y8z8IGiDXX3C345_a5AZfcwZcwCIA"
}
}
With no sucess, @<1523701070390366208:profile|CostlyOstrich36> I hope this provides a clear idea of what i am trying, any help is fantastic