Skip to content

Notes on New Deployments⚓︎

This page has some installation and post-installation configuration steps that are useful for deployments.

Pre-installation considerations⚓︎

For productive deployments, you probably want to increase the size of the MinIO default tenant. This is done by editing the configuration file in paas/data_storage/minio/tenants/base/tenant.yaml. Don't forget to push the changes to a new branch to install from.

Using external identity providers⚓︎

You can (and should) use external identity providers (IDPs) to authenticate users in Kubeflow and other components. prokube uses Keycloak as the default identity provider, where you can configure one or multiple upstream IDPs such as Azure AD or Google Workspace. This allows you to manage users and groups in a central place and control access to Kubeflow and other components. See User Management for more details.

Maintenance⚓︎

Updating certificates on GitLab instance⚓︎

  • Stop GitLab and renew the certificates: 
    sudo gitlab-ctl stop
sudo certbot renew
  • Edit /etc/gitlab/gitlab.rb and add: 
    nginx['ssl_certificate'] = "/etc/letsencrypt/live/<your-gitlab-domain>/fullchain.pem"
nginx['ssl_certificate_key'] = "/etc/letsencrypt/live/<your-gitlab-domain>/privkey.pem"
registry_nginx['ssl_certificate'] = "/etc/letsencrypt/live/<your-gitlab-domain>/fullchain.pem"
registry_nginx['ssl_certificate_key'] = "/etc/letsencrypt/live/<your-gitlab-domain>/privkey.pem"
  • Then run: 
    sudo gitlab-ctl start
sudo gitlab-ctl reconfigure