From 4ee86a83b7b0834525b2f022c7d45b85677cbf6c Mon Sep 17 00:00:00 2001 From: Yaron Date: Mon, 5 Aug 2024 22:25:07 +0300 Subject: [PATCH] Merge pull request #910 from run-ai/auth-higher-in-nav-tree Auth higher in nav tree --- .../Walkthroughs/quickstart-inference.md | 2 +- docs/admin/admin-ui-setup/admin-ui-users.md | 4 +- .../authentication/accessrules.md | 0 .../authentication/applications.md | 0 .../authentication/authentication-overview.md | 0 .../authentication/img/accessrulestable.png | Bin .../authentication/img/appstable.png | Bin .../authentication/img/auth-rbac.png | Bin .../authentication/img/rolestable.png | Bin .../authentication/img/userstable.png | Bin .../access-control => authentication}/rbac.md | 6 +-- .../researcher-authentication.md | 6 +-- .../{runai-setup => }/authentication/roles.md | 0 .../sso/img/openid-unexpected.png | Bin .../sso/img/openshift-identityerror.png | Bin .../sso/img/unauthorized-client.png | Bin .../authentication/sso/openidconnect.md | 0 .../authentication/sso/openshift.md | 0 .../authentication/sso/saml.md | 0 .../{runai-setup => }/authentication/users.md | 0 docs/admin/researcher-setup/cli-install.md | 2 +- .../researcher-setup-intro.md | 2 +- .../cluster-setup/cluster-install.md | 4 +- .../runai-setup/cluster-setup/dgx-bundle.md | 4 +- .../runai-setup/config/non-root-containers.md | 2 +- docs/admin/runai-setup/config/overview.md | 4 +- .../runai-setup/self-hosted/k8s/next-steps.md | 4 +- .../self-hosted/k8s/project-management.md | 2 +- .../runai-setup/self-hosted/ocp/next-steps.md | 4 +- .../self-hosted/ocp/project-management.md | 2 +- docs/admin/troubleshooting/troubleshooting.md | 6 +-- .../deprecated/k8s-api/launch-job-via-yaml.md | 2 +- .../researcher-rest-api/overview.md | 2 +- docs/developer/rest-auth.md | 4 +- docs/home/index.md | 9 ----- docs/home/whats-new-2-15.md | 2 +- docs/home/whats-new-2-16.md | 2 +- docs/home/whats-new-2-17.md | 2 +- docs/home/whats-new-2-18.md | 4 +- graveyard/project-setup.md | 2 +- graveyard/whats-new-2-10.md | 6 +-- graveyard/whats-new-2-14.md | 2 +- graveyard/whats-new-2021.md | 2 +- graveyard/whats-new-2022.md | 6 +-- mkdocs.yml | 36 ++++++++++-------- 45 files changed, 65 insertions(+), 70 deletions(-) rename docs/admin/{runai-setup => }/authentication/accessrules.md (100%) rename docs/admin/{runai-setup => }/authentication/applications.md (100%) rename docs/admin/{runai-setup => }/authentication/authentication-overview.md (100%) rename docs/admin/{runai-setup => }/authentication/img/accessrulestable.png (100%) rename docs/admin/{runai-setup => }/authentication/img/appstable.png (100%) rename docs/admin/{runai-setup => }/authentication/img/auth-rbac.png (100%) rename docs/admin/{runai-setup => }/authentication/img/rolestable.png (100%) rename docs/admin/{runai-setup => }/authentication/img/userstable.png (100%) rename docs/admin/{runai-setup/access-control => authentication}/rbac.md (95%) rename docs/admin/{runai-setup => }/authentication/researcher-authentication.md (96%) rename docs/admin/{runai-setup => }/authentication/roles.md (100%) rename docs/admin/{runai-setup => }/authentication/sso/img/openid-unexpected.png (100%) rename docs/admin/{runai-setup => }/authentication/sso/img/openshift-identityerror.png (100%) rename docs/admin/{runai-setup => }/authentication/sso/img/unauthorized-client.png (100%) rename docs/admin/{runai-setup => }/authentication/sso/openidconnect.md (100%) rename docs/admin/{runai-setup => }/authentication/sso/openshift.md (100%) rename docs/admin/{runai-setup => }/authentication/sso/saml.md (100%) rename docs/admin/{runai-setup => }/authentication/users.md (100%) delete mode 100644 docs/home/index.md diff --git a/docs/Researcher/Walkthroughs/quickstart-inference.md b/docs/Researcher/Walkthroughs/quickstart-inference.md index b852e3b740..62b61e6b54 100644 --- a/docs/Researcher/Walkthroughs/quickstart-inference.md +++ b/docs/Researcher/Walkthroughs/quickstart-inference.md @@ -12,7 +12,7 @@ To complete this Quickstart you must have: * Run:ai software installed on your Kubernetes cluster. See: [Installing Run:ai on a Kubernetes Cluster](../../admin/runai-setup/installation-types.md). There are additional prerequisites for running inference. See [cluster installation prerequisites](../../admin/runai-setup/cluster-setup/cluster-prerequisites.md#inference) for more information. * Run:ai CLI installed on your machine. See: [Installing the Run:ai Command-Line Interface](../../admin/researcher-setup/cli-install.md) -* You must have *ML Engineer* access rights. See [Adding, Updating and Deleting Users](../../admin/runai-setup/authentication/users.md) for more information. +* You must have *ML Engineer* access rights. See [Adding, Updating and Deleting Users](../../admin/authentication/users.md) for more information. ## Step by Step Walkthrough diff --git a/docs/admin/admin-ui-setup/admin-ui-users.md b/docs/admin/admin-ui-setup/admin-ui-users.md index a385b011b0..bf07fab70a 100644 --- a/docs/admin/admin-ui-setup/admin-ui-users.md +++ b/docs/admin/admin-ui-setup/admin-ui-users.md @@ -11,7 +11,7 @@ date: 2023-Dec-28 The Run:ai UI allows you to manage all of the users in the Run:ai platform. There are two types of users, **local** users and **SSO** users. Local users are users that are created and managed in the Run:ai platform and SSO users are authorized to use the Run:ai platform using an identity provider. All users are assigned levels of access to all aspects of the UI including submitting jobs on the cluster. !!! Tip - It is possible to connect the Run:ai UI to the organization's directory and use single sign-on (SSO). This allows you to set Run:ai roles for users and groups from the organizational directory. For further information see [single sign-on configuration](../runai-setup/authentication/authentication-overview.md). + It is possible to connect the Run:ai UI to the organization's directory and use single sign-on (SSO). This allows you to set Run:ai roles for users and groups from the organizational directory. For further information see [single sign-on configuration](../authentication/authentication-overview.md). ## Create a User @@ -61,7 +61,7 @@ Once you have created the users you can assign them *Access rules*. This provide ### Roles and permissions -Roles provide a way for administrators to group and identify collections of permissions that administrators assign to [subjects](../runai-setup/access-control/rbac.md#subjects). Permissions define the actions that can be performed on managed entities. The [Roles](../runai-setup/access-control/rbac.md#roles) table shows the default roles and permissions that come with the system. See [Role based access control](../runai-setup/access-control/rbac.md) for more information. +Roles provide a way for administrators to group and identify collections of permissions that administrators assign to [subjects](../authentication/rbac.md#subjects). Permissions define the actions that can be performed on managed entities. The [Roles](../authentication/rbac.md#roles) table shows the default roles and permissions that come with the system. See [Role based access control](../authentication/rbac.md) for more information. To add an *Access rule* to a user: diff --git a/docs/admin/runai-setup/authentication/accessrules.md b/docs/admin/authentication/accessrules.md similarity index 100% rename from docs/admin/runai-setup/authentication/accessrules.md rename to docs/admin/authentication/accessrules.md diff --git a/docs/admin/runai-setup/authentication/applications.md b/docs/admin/authentication/applications.md similarity index 100% rename from docs/admin/runai-setup/authentication/applications.md rename to docs/admin/authentication/applications.md diff --git a/docs/admin/runai-setup/authentication/authentication-overview.md b/docs/admin/authentication/authentication-overview.md similarity index 100% rename from docs/admin/runai-setup/authentication/authentication-overview.md rename to docs/admin/authentication/authentication-overview.md diff --git a/docs/admin/runai-setup/authentication/img/accessrulestable.png b/docs/admin/authentication/img/accessrulestable.png similarity index 100% rename from docs/admin/runai-setup/authentication/img/accessrulestable.png rename to docs/admin/authentication/img/accessrulestable.png diff --git a/docs/admin/runai-setup/authentication/img/appstable.png b/docs/admin/authentication/img/appstable.png similarity index 100% rename from docs/admin/runai-setup/authentication/img/appstable.png rename to docs/admin/authentication/img/appstable.png diff --git a/docs/admin/runai-setup/authentication/img/auth-rbac.png b/docs/admin/authentication/img/auth-rbac.png similarity index 100% rename from docs/admin/runai-setup/authentication/img/auth-rbac.png rename to docs/admin/authentication/img/auth-rbac.png diff --git a/docs/admin/runai-setup/authentication/img/rolestable.png b/docs/admin/authentication/img/rolestable.png similarity index 100% rename from docs/admin/runai-setup/authentication/img/rolestable.png rename to docs/admin/authentication/img/rolestable.png diff --git a/docs/admin/runai-setup/authentication/img/userstable.png b/docs/admin/authentication/img/userstable.png similarity index 100% rename from docs/admin/runai-setup/authentication/img/userstable.png rename to docs/admin/authentication/img/userstable.png diff --git a/docs/admin/runai-setup/access-control/rbac.md b/docs/admin/authentication/rbac.md similarity index 95% rename from docs/admin/runai-setup/access-control/rbac.md rename to docs/admin/authentication/rbac.md index 3e96e9e71c..5678185ff1 100644 --- a/docs/admin/runai-setup/access-control/rbac.md +++ b/docs/admin/authentication/rbac.md @@ -97,7 +97,7 @@ The table contains the following columns: To create a new access rule: -1. Press the ![Tools and Settings](../../admin-ui-setup/img/tools-and-settings.svg) icon, then *Access rules & Roles*. +1. Press the ![Tools and Settings](../admin-ui-setup/img/tools-and-settings.svg) icon, then *Access rules & Roles*. 2. Choose the *ACCESS RULES* tab, then press *NEW ACCESS RULE*. 3. Select a subject type from the dropdown. Choose from: @@ -108,12 +108,12 @@ To create a new access rule: 3. **Application**—an application that has been created in the platform. 4. Select a [Role] from the dropdown. -5. Press the ![Scope](../../../images/scope-icon.svg) icon and select a scope, and press *SAVE RULE* when done. +5. Press the ![Scope](../../images/scope-icon.svg) icon and select a scope, and press *SAVE RULE* when done. !!! Note You cannot edit access rules. To change an access rules, you need to delete the rule, then create a new rule to replace it. You can also add multiple rules for the same user. To delete a rule: -1. Press the ![Tools and Settings](../../admin-ui-setup/img/tools-and-settings.svg) icon, then *Roles and Access rules*. +1. Press the ![Tools and Settings](../admin-ui-setup/img/tools-and-settings.svg) icon, then *Roles and Access rules*. 2. Choose *Access rules*, then select a rule and press *Delete*. diff --git a/docs/admin/runai-setup/authentication/researcher-authentication.md b/docs/admin/authentication/researcher-authentication.md similarity index 96% rename from docs/admin/runai-setup/authentication/researcher-authentication.md rename to docs/admin/authentication/researcher-authentication.md index 09e228d55a..3c774f4fab 100644 --- a/docs/admin/runai-setup/authentication/researcher-authentication.md +++ b/docs/admin/authentication/researcher-authentication.md @@ -29,7 +29,7 @@ Assign Researchers to Projects: ## Kubernetes Configuration !!! Important - As of Run:ai version 2.15, you only need to perform this step when accessing Run:ai from the [command-line interface](../../researcher-setup/cli-install.md) or sending [YAMLs directly](../../../developer/cluster-api/submit-yaml.md) to Kubernetes + As of Run:ai version 2.15, you only need to perform this step when accessing Run:ai from the [command-line interface](../researcher-setup/cli-install.md) or sending [YAMLs directly](../../developer/cluster-api/submit-yaml.md) to Kubernetes As described in [authentication overview](authentication-overview.md), you must direct the Kubernetes API server to authenticate via Run:ai. This requires adding flags to the Kubernetes API Server. The flags show in the Run:ai user interface under `Settings` | `General` | `Researcher Authentication` | `Server configuration`. @@ -151,7 +151,7 @@ Modifying the API Server configuration differs between Kubernetes distributions: ## Command-line Interface Access -To control access to Run:ai (and Kubernetes) resources, you must modify the Kubernetes configuration file. The file is distributed to users as part of the [Command-line interface installation](../../researcher-setup/cli-install.md#kubernetes-configuration). +To control access to Run:ai (and Kubernetes) resources, you must modify the Kubernetes configuration file. The file is distributed to users as part of the [Command-line interface installation](../researcher-setup/cli-install.md#kubernetes-configuration). When making changes to the file, keep a copy of the original file to be used for cluster administration. After making the modifications, distribute the modified file to Researchers. @@ -174,4 +174,4 @@ You can also submit a Job from the Run:ai User interface and verify that the new * On the top-right, select `Submit Job`. !!! Tip - If you do not see the button or it is disabled, then you either do not have `Researcher` access or the cluster has not been set up correctly. For more information, refer to [user interface overview](../../admin-ui-setup/overview.md). + If you do not see the button or it is disabled, then you either do not have `Researcher` access or the cluster has not been set up correctly. For more information, refer to [user interface overview](../admin-ui-setup/overview.md). diff --git a/docs/admin/runai-setup/authentication/roles.md b/docs/admin/authentication/roles.md similarity index 100% rename from docs/admin/runai-setup/authentication/roles.md rename to docs/admin/authentication/roles.md diff --git a/docs/admin/runai-setup/authentication/sso/img/openid-unexpected.png b/docs/admin/authentication/sso/img/openid-unexpected.png similarity index 100% rename from docs/admin/runai-setup/authentication/sso/img/openid-unexpected.png rename to docs/admin/authentication/sso/img/openid-unexpected.png diff --git a/docs/admin/runai-setup/authentication/sso/img/openshift-identityerror.png b/docs/admin/authentication/sso/img/openshift-identityerror.png similarity index 100% rename from docs/admin/runai-setup/authentication/sso/img/openshift-identityerror.png rename to docs/admin/authentication/sso/img/openshift-identityerror.png diff --git a/docs/admin/runai-setup/authentication/sso/img/unauthorized-client.png b/docs/admin/authentication/sso/img/unauthorized-client.png similarity index 100% rename from docs/admin/runai-setup/authentication/sso/img/unauthorized-client.png rename to docs/admin/authentication/sso/img/unauthorized-client.png diff --git a/docs/admin/runai-setup/authentication/sso/openidconnect.md b/docs/admin/authentication/sso/openidconnect.md similarity index 100% rename from docs/admin/runai-setup/authentication/sso/openidconnect.md rename to docs/admin/authentication/sso/openidconnect.md diff --git a/docs/admin/runai-setup/authentication/sso/openshift.md b/docs/admin/authentication/sso/openshift.md similarity index 100% rename from docs/admin/runai-setup/authentication/sso/openshift.md rename to docs/admin/authentication/sso/openshift.md diff --git a/docs/admin/runai-setup/authentication/sso/saml.md b/docs/admin/authentication/sso/saml.md similarity index 100% rename from docs/admin/runai-setup/authentication/sso/saml.md rename to docs/admin/authentication/sso/saml.md diff --git a/docs/admin/runai-setup/authentication/users.md b/docs/admin/authentication/users.md similarity index 100% rename from docs/admin/runai-setup/authentication/users.md rename to docs/admin/authentication/users.md diff --git a/docs/admin/researcher-setup/cli-install.md b/docs/admin/researcher-setup/cli-install.md index e5c5e6778c..85446ce0d8 100644 --- a/docs/admin/researcher-setup/cli-install.md +++ b/docs/admin/researcher-setup/cli-install.md @@ -7,7 +7,7 @@ The instructions below will guide you through the process of installing the CLI. ## Researcher Authentication -When enabled, Researcher authentication requires additional setup when installing the CLI. To configure authentication see [Setup Project-based Researcher Access Control](../runai-setup/authentication/researcher-authentication.md). Use the modified Kubernetes configuration file described in the article. +When enabled, Researcher authentication requires additional setup when installing the CLI. To configure authentication see [Setup Project-based Researcher Access Control](../authentication/researcher-authentication.md). Use the modified Kubernetes configuration file described in the article. ## Prerequisites diff --git a/docs/admin/researcher-setup/researcher-setup-intro.md b/docs/admin/researcher-setup/researcher-setup-intro.md index 8f89ea6ec2..78f5c14cfe 100644 --- a/docs/admin/researcher-setup/researcher-setup-intro.md +++ b/docs/admin/researcher-setup/researcher-setup-intro.md @@ -18,7 +18,7 @@ To submit workloads with Run:ai, the Researcher must be provided with a _Project ## Provide access to the Run:ai User Interface -See [Setting up users](../runai-setup/authentication/users.md) for further information on how to provide access to users. +See [Setting up users](../authentication/users.md) for further information on how to provide access to users. ## Schedule an Onboarding Session diff --git a/docs/admin/runai-setup/cluster-setup/cluster-install.md b/docs/admin/runai-setup/cluster-setup/cluster-install.md index b2e70eb0de..497e3106cf 100644 --- a/docs/admin/runai-setup/cluster-setup/cluster-install.md +++ b/docs/admin/runai-setup/cluster-setup/cluster-install.md @@ -38,7 +38,7 @@ On the next page: ## Researcher Authentication -If you will be using the Run:ai [command-line interface](../../researcher-setup/cli-install.md) or sending [YAMLs directly](../../../developer/cluster-api/submit-yaml.md) to Kubernetes, you must now set up [Researcher Access Control](../authentication/researcher-authentication.md). +If you will be using the Run:ai [command-line interface](../../researcher-setup/cli-install.md) or sending [YAMLs directly](../../../developer/cluster-api/submit-yaml.md) to Kubernetes, you must now set up [Researcher Access Control](../../authentication/researcher-authentication.md). ## Cluster Table @@ -87,7 +87,7 @@ To perform these tasks. See [Set Node Roles](../config/node-roles.md). ## Next Steps -* Set up Run:ai Users [Working with Users](../../runai-setup/authentication/users.md). +* Set up Run:ai Users [Working with Users](../../authentication/users.md). * Set up Projects for Researchers [Working with Projects](../../aiinitiatives/org/projects.md). * Set up Researchers to work with the Run:ai Command-line interface (CLI). See [Installing the Run:ai Command-line Interface](../../researcher-setup/cli-install.md) on how to install the CLI for users. * Review [advanced setup and maintenance](../config/overview.md) scenarios. diff --git a/docs/admin/runai-setup/cluster-setup/dgx-bundle.md b/docs/admin/runai-setup/cluster-setup/dgx-bundle.md index cbe6eba41e..f33cf4758b 100644 --- a/docs/admin/runai-setup/cluster-setup/dgx-bundle.md +++ b/docs/admin/runai-setup/cluster-setup/dgx-bundle.md @@ -65,8 +65,8 @@ Save the URL for future use. Post installation, you will want to: -* (Mandatory) Set up [Researcher Access Control](../authentication/researcher-authentication.md). Without this, the Job Submit form will not work. -* Set up Run:ai Users [Working with Users](../../runai-setup/authentication/users.md). +* (Mandatory) Set up [Researcher Access Control](../../authentication/researcher-authentication.md). Without this, the Job Submit form will not work. +* Set up Run:ai Users [Working with Users](../../authentication/users.md). * Set up Projects for Researchers [Working with Projects](../../aiinitiatives/org/projects.md). ## Troubleshooting diff --git a/docs/admin/runai-setup/config/non-root-containers.md b/docs/admin/runai-setup/config/non-root-containers.md index 934f734202..54890b6e8e 100644 --- a/docs/admin/runai-setup/config/non-root-containers.md +++ b/docs/admin/runai-setup/config/non-root-containers.md @@ -60,7 +60,7 @@ A best practice is to store the user identifier (UID) and the group identifier ( To perform this, you must: -* Set up [single sign-on](../authentication/authentication-overview.md). Perform the steps for UID/GID integration. +* Set up [single sign-on](../../authentication/authentication-overview.md). Perform the steps for UID/GID integration. * Run: `runai login` and enter your credentials * Use the flag --run-as-user diff --git a/docs/admin/runai-setup/config/overview.md b/docs/admin/runai-setup/config/overview.md index 16a76f0f7b..4e79fd8708 100644 --- a/docs/admin/runai-setup/config/overview.md +++ b/docs/admin/runai-setup/config/overview.md @@ -9,8 +9,8 @@ This section provides a list of installation-related articles dealing with a wid | Article | Purpose | |---------------------------------------------------------|-----------| | [Designating Specific Role Nodes](node-roles.md) | Set one or more designated Run:ai system nodes or limit Run:ai monitoring and scheduling to specific nodes in the cluster. | -| [Setup Project-based Researcher Access Control](../authentication/researcher-authentication.md) | Enable Run:ai access control is at the __Project__ level. | -| [Single sign-on](../authentication/authentication-overview.md) | Integrate with the organization's Identity Provider to provide single sign-on for Run:ai | +| [Setup Project-based Researcher Access Control](../../authentication/researcher-authentication.md) | Enable Run:ai access control is at the __Project__ level. | +| [Single sign-on](../../authentication/authentication-overview.md) | Integrate with the organization's Identity Provider to provide single sign-on for Run:ai | | [Review Kubernetes Access provided to Run:ai](access-roles.md) | In Restrictive Kubernetes environments such as when using OpenShift, understand and control what Kubernetes roles are provided to Run:ai | | [External access to Containers](allow-external-access-to-containers.md) | Understand the available options for Researchers to access containers from the outside | | [User Identity in Container](non-root-containers.md) | The identity of the user in the container determines its access to cluster resources. The document explains multiple way on how to propagate the user identity into the container. | diff --git a/docs/admin/runai-setup/self-hosted/k8s/next-steps.md b/docs/admin/runai-setup/self-hosted/k8s/next-steps.md index 2a5f7c0abd..6d3a71175d 100644 --- a/docs/admin/runai-setup/self-hosted/k8s/next-steps.md +++ b/docs/admin/runai-setup/self-hosted/k8s/next-steps.md @@ -4,7 +4,7 @@ title: Self Hosted installation over Kubernetes - Next Steps # Next Steps -* Create additional [I Users](../../../runai-setup/authentication/users.md). -* Set up [Project-based Researcher Access Control](../../authentication/researcher-authentication.md). +* Create additional [I Users](../../../authentication/users.md). +* Set up [Project-based Researcher Access Control](../../../authentication/researcher-authentication.md). * Set up Researchers to work with the Run:ai Command-line interface (CLI). See [Installing the Run:ai Command-line Interface](../../../researcher-setup/cli-install.md) on how to install the CLI for users. * Review [advanced setup and maintenace](../../config/overview.md) scenarios. diff --git a/docs/admin/runai-setup/self-hosted/k8s/project-management.md b/docs/admin/runai-setup/self-hosted/k8s/project-management.md index 96293260f8..3dae532faa 100644 --- a/docs/admin/runai-setup/self-hosted/k8s/project-management.md +++ b/docs/admin/runai-setup/self-hosted/k8s/project-management.md @@ -3,7 +3,7 @@ title: Self Hosted installation over Kubernetes - Create Projects --- ## Introduction -The Administrator creates Run:ai Projects via the [Run:ai user interface](../../../aiinitiatives/org/projects.md#adding-a-new-project). When enabling [Researcher Authentication](../../authentication/researcher-authentication.md) you also assign users to Projects. +The Administrator creates Run:ai Projects via the [Run:ai user interface](../../../aiinitiatives/org/projects.md#adding-a-new-project). When enabling [Researcher Authentication](../../../authentication/researcher-authentication.md) you also assign users to Projects. Run:ai Projects are implemented as Kubernetes namespaces. When creating a new Run:ai Project, Run:ai does the following automatically: diff --git a/docs/admin/runai-setup/self-hosted/ocp/next-steps.md b/docs/admin/runai-setup/self-hosted/ocp/next-steps.md index 60fcb25fab..84f76438d7 100644 --- a/docs/admin/runai-setup/self-hosted/ocp/next-steps.md +++ b/docs/admin/runai-setup/self-hosted/ocp/next-steps.md @@ -4,7 +4,7 @@ title: Self Hosted installation over OpenShift - Next Steps # Next Steps -* Create additional [Run:ai Users](../../../runai-setup/authentication/users.md). -* Set up [Project-based Researcher Access Control](../../authentication/researcher-authentication.md). +* Create additional [Run:ai Users](../../../authentication/users.md). +* Set up [Project-based Researcher Access Control](../../../authentication/researcher-authentication.md). * Set up Researchers to work with the Run:ai Command-line interface (CLI). See [Installing the Run:ai Command-line Interface](../../../researcher-setup/cli-install.md) on how to install the CLI for users. * Review [advanced setup and maintenace](../../config/overview.md) scenarios. diff --git a/docs/admin/runai-setup/self-hosted/ocp/project-management.md b/docs/admin/runai-setup/self-hosted/ocp/project-management.md index 6d6ed97d39..233fa36081 100644 --- a/docs/admin/runai-setup/self-hosted/ocp/project-management.md +++ b/docs/admin/runai-setup/self-hosted/ocp/project-management.md @@ -3,7 +3,7 @@ title: Self Hosted installation over OpenShift - Create Projects --- ## Introduction -The Administrator creates Run:ai Projects via the [Run:ai User Interface](../../../aiinitiatives/org/projects.md#adding-a-new-project). When enabling [Researcher Authentication](../../authentication/researcher-authentication.md) you also assign users to Projects. +The Administrator creates Run:ai Projects via the [Run:ai User Interface](../../../aiinitiatives/org/projects.md#adding-a-new-project). When enabling [Researcher Authentication](../../../authentication/researcher-authentication.md) you also assign users to Projects. Run:ai Projects are implemented as Kubernetes namespaces. When creating a new Run:ai Project, Run:ai does the following automatically: diff --git a/docs/admin/troubleshooting/troubleshooting.md b/docs/admin/troubleshooting/troubleshooting.md index c6405a6a95..c1bd740216 100644 --- a/docs/admin/troubleshooting/troubleshooting.md +++ b/docs/admin/troubleshooting/troubleshooting.md @@ -166,7 +166,7 @@ For a self-hosted installation, check Linux clock synchronization as described above. Use the [Run:ai pre-install script](../runai-setup/cluster-setup/cluster-prerequisites.md#pre-install-script) to test this automatically. ??? "Single-sign-on issues" - For single-sign-on issues, see the troubleshooting section in the [single-sign-on](../runai-setup/authentication/authentication-overview.md) configuration documents. + For single-sign-on issues, see the troubleshooting section in the [single-sign-on](../authentication/authentication-overview.md) configuration documents. ## User Interface Submit Job Issues @@ -181,7 +181,7 @@ __Resolution for 401 HTTP Error__ * The Cluster certificate provided as part of the installation is valid and trusted (not self-signed). - * [Researcher Authentication](../runai-setup/authentication/researcher-authentication.md) has not been properly configured. Try running `runai login` from the Command-line interface. Alternatively, run: `kubectl get pods -n kube-system`, identify the api-server pod and review its logs. + * [Researcher Authentication](../authentication/researcher-authentication.md) has not been properly configured. Try running `runai login` from the Command-line interface. Alternatively, run: `kubectl get pods -n kube-system`, identify the api-server pod and review its logs. __Resolution for 403 HTTP Error__ @@ -211,7 +211,7 @@ __Root Cause:__ SSO is on and researcher authentication is not properly configured as such. - __Resolution:__ Verify API Server settings as described in [Researcher Authentication configuration](../runai-setup/authentication/researcher-authentication.md). + __Resolution:__ Verify API Server settings as described in [Researcher Authentication configuration](../authentication/researcher-authentication.md). ??? "Job form is not opening on OpenShift" diff --git a/docs/developer/deprecated/k8s-api/launch-job-via-yaml.md b/docs/developer/deprecated/k8s-api/launch-job-via-yaml.md index 467af83c83..c6261e145f 100644 --- a/docs/developer/deprecated/k8s-api/launch-job-via-yaml.md +++ b/docs/developer/deprecated/k8s-api/launch-job-via-yaml.md @@ -28,7 +28,7 @@ Internally, Run:ai Projects are implemented as Kubernetes namespaces. The script * ``. The name of the Job. * ``. The name of the docker image to use. Example: `gcr.io/run-ai-demo/quickstart`. -* ``. The name of the user submitting the Job. The name is used for display purposes only when Run:ai is installed in an [unauthenticated mode](../../../admin/runai-setup/authentication/researcher-authentication.md). +* ``. The name of the user submitting the Job. The name is used for display purposes only when Run:ai is installed in an [unauthenticated mode](../../../admin/authentication/researcher-authentication.md). * ``. An integer number of GPUs you request to be allocated for the Job. Examples: 1, 2. * ``. The name of the Project's namespace. This is usually `runai-`. diff --git a/docs/developer/deprecated/researcher-rest-api/overview.md b/docs/developer/deprecated/researcher-rest-api/overview.md index 791a0281cc..0f4c9fffe0 100644 --- a/docs/developer/deprecated/researcher-rest-api/overview.md +++ b/docs/developer/deprecated/researcher-rest-api/overview.md @@ -22,7 +22,7 @@ This `` can be found in the Run:ai User Interface, under `Clus ## Authentication -* By default, researcher APIs are unauthenticated. To protect researcher API, you must [configure researcher authentication](../../../admin/runai-setup/authentication/researcher-authentication.md). +* By default, researcher APIs are unauthenticated. To protect researcher API, you must [configure researcher authentication](../../../admin/authentication/researcher-authentication.md). * Once configured, you must create a _Client Application_ to make API requests. Use the client application and secret, to obtain a time-bound bearer token (``). For details, see [Calling REST APIs](../../rest-auth.md). * Use the token for subsequent API calls. diff --git a/docs/developer/rest-auth.md b/docs/developer/rest-auth.md index 0f5ea0d74c..e657ffb7de 100644 --- a/docs/developer/rest-auth.md +++ b/docs/developer/rest-auth.md @@ -19,9 +19,9 @@ Run:ai APIs are accessed using *bearer tokens*. A token can be obtained in sever ### Access rules for the Application In order for you API requests to be accepted, you will need to set access rules for the application. -To assign roles to an application, see [Create or Delete rules](../admin/runai-setup/access-control/rbac.md#create-or-delete-rules). +To assign roles to an application, see [Create or Delete rules](../admin/authentication/rbac.md#create-or-delete-rules). -Use the [Roles](../admin/runai-setup/access-control/rbac.md#roles) table to assign the correct roles to the application. +Use the [Roles](../admin/authentication/rbac.md#roles) table to assign the correct roles to the application. ## Request an API Token diff --git a/docs/home/index.md b/docs/home/index.md deleted file mode 100644 index 80327713f0..0000000000 --- a/docs/home/index.md +++ /dev/null @@ -1,9 +0,0 @@ ---- -title: Overview -summary: -authors: - - -date: ---- - -This is an overview of the what's new. diff --git a/docs/home/whats-new-2-15.md b/docs/home/whats-new-2-15.md index 937c37a990..51fad71592 100644 --- a/docs/home/whats-new-2-15.md +++ b/docs/home/whats-new-2-15.md @@ -73,7 +73,7 @@ date: 2023-Dec-3 #### Authorization -* Run:ai has now revised and updated the *Role Based Access Control (RBAC)* mechanism, expanding the scope of Kubernetes. Using the new *RBAC* mechanism makes it easier for administrators to manage access policies across multiple clusters and to define specific access rules over specific scopes for specific users and groups. Along with the revised *RBAC* mechanism, new user interface views are introduced to support the management of users, groups, and access rules. For more information, see [Role based access control](../admin/runai-setup/access-control/rbac.md#role-based-access-control). +* Run:ai has now revised and updated the *Role Based Access Control (RBAC)* mechanism, expanding the scope of Kubernetes. Using the new *RBAC* mechanism makes it easier for administrators to manage access policies across multiple clusters and to define specific access rules over specific scopes for specific users and groups. Along with the revised *RBAC* mechanism, new user interface views are introduced to support the management of users, groups, and access rules. For more information, see [Role based access control](../admin/authentication/rbac.md#role-based-access-control). #### Policies diff --git a/docs/home/whats-new-2-16.md b/docs/home/whats-new-2-16.md index 6904de8331..e67f1cf2e4 100644 --- a/docs/home/whats-new-2-16.md +++ b/docs/home/whats-new-2-16.md @@ -54,7 +54,7 @@ date: 2023-Dec-4 #### Authentication and Authorization -* SSO users who have logged into the system will now be visible in the *Users* table. In addition, added a column to the *Users* table for the type of user that was created (Local or SSO). For more information, see [Adding, Updating, and Deleting Users](../admin/runai-setup/authentication/users.md). +* SSO users who have logged into the system will now be visible in the *Users* table. In addition, added a column to the *Users* table for the type of user that was created (Local or SSO). For more information, see [Adding, Updating, and Deleting Users](../admin/authentication/users.md). #### Policies diff --git a/docs/home/whats-new-2-17.md b/docs/home/whats-new-2-17.md index 642e35b560..0c24c32110 100644 --- a/docs/home/whats-new-2-17.md +++ b/docs/home/whats-new-2-17.md @@ -103,7 +103,7 @@ date: 2024-Apr-14 * View and edit the identity provider settings for SAML 2.0 * Upload or download the SAML 2.0 identity provider metadata XML file. -For more information, see [SSO UI configuration](../admin/runai-setup/authentication/authentication-overview.md#single-sign-on-sso). +For more information, see [SSO UI configuration](../admin/authentication/authentication-overview.md#single-sign-on-sso). Added support for Single Sign On using OpenShift v4 (OIDC based). When using OpenShift, you must first define OAuthClient which interacts with OpenShift's OAuth server to authenticate users and request access tokens. For more information, see [Single Sign-On](../admin/runai-setup/authentication/authentication-overview.md#single-sign-on-sso). +* Added support for Single Sign On using OpenShift v4 (OIDC based). When using OpenShift, you must first define OAuthClient which interacts with OpenShift's OAuth server to authenticate users and request access tokens. For more information, see [Single Sign-On](../admin/authentication/authentication-overview.md#single-sign-on-sso). -* Added OIDC scopes to authentication requests. OIDC Scopes are used to specify what access privileges are being requested for access tokens. The scopes associated with the access tokens determine what resource are available when they are used to access OAuth 2.0 protected endpoints. Protected endpoints may perform different actions and return different information based on the scope values and other parameters used when requesting the presented access token. For more information, see [UI configuration](../admin/runai-setup/authentication/authentication-overview.md#single-sign-on-sso). +* Added OIDC scopes to authentication requests. OIDC Scopes are used to specify what access privileges are being requested for access tokens. The scopes associated with the access tokens determine what resource are available when they are used to access OAuth 2.0 protected endpoints. Protected endpoints may perform different actions and return different information based on the scope values and other parameters used when requesting the presented access token. For more information, see [UI configuration](../admin/authentication/authentication-overview.md#single-sign-on-sso). #### Ownership protection diff --git a/graveyard/project-setup.md b/graveyard/project-setup.md index 7959fe6c3b..c2d9bbdc30 100644 --- a/graveyard/project-setup.md +++ b/graveyard/project-setup.md @@ -69,7 +69,7 @@ As an administrator, you may want to disconnect the two parameters. So, for exam ## Assign Access Rules to a Project +When [Researcher Authentication](../authentication/researcher-authentication.md) is enabled, the Project form will contain an additional *Access Control* tab. The tab will allow you to assign Researchers to their Projects. --> To assign *Access rules* to the project: diff --git a/graveyard/whats-new-2-10.md b/graveyard/whats-new-2-10.md index 2aae42663b..01ec25905f 100644 --- a/graveyard/whats-new-2-10.md +++ b/graveyard/whats-new-2-10.md @@ -132,7 +132,7 @@ This feature provides configuration for credentials that are used to unlock prot **SSO custom URL logout** -This feature configures a custom logout URL in your tenant. For configuration information, see [SSO UI Configuration](../admin/runai-setup/authentication/sso.md#logout-url). +This feature configures a custom logout URL in your tenant. For configuration information, see [SSO UI Configuration](../admin/authentication/sso.md#logout-url). **Department Administrator** @@ -140,11 +140,11 @@ The new role of *Department Administrator* adds a layer of delegation in the adm **Enable SSO Using OIDC** -Added an additional SSO configuration option using OIDC as the identity provider. For configuration information, see [SSO UI Configuration](../admin/runai-setup/authentication/sso.md#step-1-ui-configuration). +Added an additional SSO configuration option using OIDC as the identity provider. For configuration information, see [SSO UI Configuration](../admin/authentication/sso.md#step-1-ui-configuration). **Inactivity timeout** -Added inactivity timeout for automated logout. The inactivity timeout is configured in minutes. For configuration information, see [Inactivity timeout](../admin/runai-setup/authentication/authentication-overview.md#inactivity-timeout). +Added inactivity timeout for automated logout. The inactivity timeout is configured in minutes. For configuration information, see [Inactivity timeout](../admin/authentication/authentication-overview.md#inactivity-timeout). ### Researcher tools diff --git a/graveyard/whats-new-2-14.md b/graveyard/whats-new-2-14.md index d77dc8c6f3..c858510c6f 100644 --- a/graveyard/whats-new-2-14.md +++ b/graveyard/whats-new-2-14.md @@ -4,7 +4,7 @@ ### Role based access control -* Run:ai has updated the authorization by expanding the scope of Kubernetes. This makes it easier for administrators to manage access policies across multiple clusters. Run:ai RBAC allows you to manage hierarchy levels within a cluster using *Departments*, giving administrators more flexibility in controlling access. For more information, see [Role based access control](../admin/runai-setup/access-control/rbac.md#role-based-access-control). +* Run:ai has updated the authorization by expanding the scope of Kubernetes. This makes it easier for administrators to manage access policies across multiple clusters. Run:ai RBAC allows you to manage hierarchy levels within a cluster using *Departments*, giving administrators more flexibility in controlling access. For more information, see [Role based access control](../admin/authentication/rbac.md#role-based-access-control). diff --git a/graveyard/whats-new-2021.md b/graveyard/whats-new-2021.md index a09bc0df75..d5480d3d1c 100644 --- a/graveyard/whats-new-2021.md +++ b/graveyard/whats-new-2021.md @@ -1,6 +1,6 @@ ## December 8th 2021 -To comply with organizational policies and enhance the Run:ai platform security, Run:ai now supports Single Sign-On (SSO). This functionality is currently in beta and is available for new customer tenants only. For further details on SSO see [Single Sign-On](../admin/runai-setup/authentication/sso.md). +To comply with organizational policies and enhance the Run:ai platform security, Run:ai now supports Single Sign-On (SSO). This functionality is currently in beta and is available for new customer tenants only. For further details on SSO see [Single Sign-On](../admin/authentication/sso.md). To optimize resource management and utilization of Nvidia GPUs based on Ampere architecture, such as A100, Run:ai now supports dynamic creation and allocation of MIG partitions. This functionality is currently in beta. For further details on the dynamic allocation of MIG partitions see [Dynamic MIG](../../Researcher/scheduling/fractions/#dynamic-mig). diff --git a/graveyard/whats-new-2022.md b/graveyard/whats-new-2022.md index 9182c1f06f..f2ec3a25be 100644 --- a/graveyard/whats-new-2022.md +++ b/graveyard/whats-new-2022.md @@ -9,7 +9,7 @@ ## June 2022 Run:ai Version 2.6 (Cloud update only) * The login screen now provides the capability to recover a password. -* With single-sign-on, you can now (optionally) map the user's first and last name from the organizational directory. See [single-sign-on prerequisites](../admin/runai-setup/authentication/sso.md#prerequisites) +* With single-sign-on, you can now (optionally) map the user's first and last name from the organizational directory. See [single-sign-on prerequisites](../admin/authentication/sso.md#prerequisites) * A new user role of __ML Engineer__. The role allows the user to view and manage inference deployments and cluster resources. * [Clearer documentation](../admin/researcher-setup/cli-install.md#install-runai-cli) on how to perform port-forwarding when accessing the Run:ai cluster from Windows. * Using the Run:ai user interface it is now possible to clone an existing Job. The clone operation will open a Job form and allow you to change parameters before re-submitting. @@ -29,7 +29,7 @@ * To send logs to Run:ai customer support there is a utility to package all logs into one tar file. Version 2.5 brings a new method that __automatically sends all new logs to Run:ai support__ servers for a set amount of time. See [collecting logs](../index.md#collect-logs-to-send-to-support) for more information. * It is now possible to mount an __S3 bucket__ into a Run:ai Job. The option is only available via the command-line interface. For more information see [runai submit](../Researcher/cli-reference/runai-submit.md). * User interface improvements: The top navigation bar of the Run:ai user interface has been improved and now allows users to easily access everything related to the account, as well as multiple helpful links to the product documentation, CLI and APIs. -* [Researcher Authentication](../admin/runai-setup/authentication/researcher-authentication.md) configuration is now mandatory. +* [Researcher Authentication](../admin/authentication/researcher-authentication.md) configuration is now mandatory. ### Newly Supported Versions @@ -82,7 +82,7 @@ Other features: ## February 2022 Run:ai Version 2.2 (Cloud update only) -* When enabling Single-Sign, you can now use _role groups_. With groups, you no longer need to provide roles to individuals. Rather, you can create a group in the organization's directory and assign its members with specific Run:ai Roles such as Administrator, Researcher, and the like. For more information see [single-sign-on](../admin/runai-setup/authentication/sso.md). +* When enabling Single-Sign, you can now use _role groups_. With groups, you no longer need to provide roles to individuals. Rather, you can create a group in the organization's directory and assign its members with specific Run:ai Roles such as Administrator, Researcher, and the like. For more information see [single-sign-on](../admin/authentication/sso.md). * REST API has changed. The new API relies on `Applications`. See [Calling REST APIs](../developer/rest-auth.md) for more information. * Added a new user role `Research Manager`. The role automatically assigns the user as a Researcher to all projects, including future projects. diff --git a/mkdocs.yml b/mkdocs.yml index ad95d05907..370f1b5cd0 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -103,16 +103,19 @@ plugins: 'admin/runai-setup/advanced/dr.md' : 'admin/runai-setup/config/dr.md' 'admin/runai-setup/advanced/node-downtime.md' : 'admin/runai-setup/maintenance/node-downtime.md' 'admin/runai-setup/advanced/alert-monitoring.md' : 'admin/runai-setup/maintenance/alert-monitoring.md' - 'admin/runai-setup/config/researcher-authentication.md' : 'admin/runai-setup/authentication/researcher-authentication.md' + 'admin/runai-setup/config/researcher-authentication.md' : 'admin/authentication/researcher-authentication.md' 'admin/runai-setup/cluster-setup/cluster-troubleshooting.md' : 'admin/troubleshooting/troubleshooting.md' 'admin/runai-setup/cluster-setup/nvidia.md' : 'admin/runai-setup/cluster-setup/cluster-prerequisites.md' 'admin/runai-setup/self-hosted/ocp/ocp-dependencies.md' : 'admin/runai-setup/self-hosted/ocp/preparations.md' - 'admin/runai-setup/cluster-setup/researcher-authentication.md' : 'admin/runai-setup/authentication/authentication-overview.md' - 'admin/runai-setup/authentication/sso.md' : 'admin/runai-setup/authentication/authentication-overview.md' + 'admin/runai-setup/cluster-setup/researcher-authentication.md' : 'admin/authentication/authentication-overview.md' + 'admin/runai-setup/authentication/sso.md' : 'admin/authentication/authentication-overview.md' 'admin/researcher-setup/cli-troubleshooting.md' : 'admin/troubleshooting/troubleshooting.md' 'developer/deprecated/inference/submit-via-yaml.md' : 'developer/cluster-api/other-resources.md' 'admin/admin-ui-setup/project-setup.md' : 'admin/aiinitiatives/org/projects.md' 'admin/admin-ui-setup/department-setup.md' : 'admin/aiinitiatives/org/departments.md' + 'admin/admin-ui-setup/admin-ui-users.md' : 'admin/authentication/users.md' + 'admin/runai-setup/authentication/authentication-overview.md' : 'admin/authentication/authentication-overview.md' + 'admin/runai-setup/authentication/researcher-authentication.md' : 'admin/authentication/researcher-authentication.md' nav: - Home: - 'Overview': 'index.md' @@ -176,18 +179,6 @@ nav: - 'Backup & Restore' : 'admin/runai-setup/config/dr.md' - 'High Availability' : 'admin/runai-setup/config/ha.md' - 'Scaling' : 'admin/runai-setup/config/large-clusters.md' - - 'Authentication & Authorization' : - - 'Overview' : 'admin/runai-setup/authentication/authentication-overview.md' - - 'Single Sign-On' : - - 'Setup SSO with SAML' : 'admin/runai-setup/authentication/sso/saml.md' - - 'Setup SSO with OpenID Connect' : 'admin/runai-setup/authentication/sso/openidconnect.md' - - 'Setup SSO with OpenShift' : 'admin/runai-setup/authentication/sso/openshift.md' - - 'Users' : 'admin/runai-setup/authentication/users.md' - - 'Applications' : 'admin/runai-setup/authentication/applications.md' - - 'Roles' : 'admin/runai-setup/authentication/roles.md' - - 'Access Rules' : 'admin/runai-setup/authentication/accessrules.md' - - 'Access control' : 'admin/runai-setup/access-control/rbac.md' - - 'Researcher Authentication' : 'admin/runai-setup/authentication/researcher-authentication.md' - 'Notifications System': - 'Email and System Notifications': 'admin/runai-setup/notifications/notifications.md' - 'Maintenance' : @@ -202,6 +193,19 @@ nav: - 'Setup cluster wide PVC' : 'admin/researcher-setup/cluster-wide-pvc.md' - 'Group Nodes' : 'admin/researcher-setup/limit-to-node-group.md' # - 'Messaging setup' : 'admin/researcher-setup/email-messaging.md' + - 'Authentication & Authorization' : + - 'Overview' : 'admin/authentication/authentication-overview.md' + - 'Single Sign-On' : + - 'Setup SSO with SAML' : 'admin/authentication/sso/saml.md' + - 'Setup SSO with OpenID Connect' : 'admin/authentication/sso/openidconnect.md' + - 'Setup SSO with OpenShift' : 'admin/authentication/sso/openshift.md' + - 'Users' : 'admin/authentication/users.md' + - 'Applications' : 'admin/authentication/applications.md' + - 'Roles' : 'admin/authentication/roles.md' + - 'Access Rules' : 'admin/authentication/accessrules.md' + - 'Access control' : 'admin/authentication/rbac.md' + - 'Researcher Authentication' : 'admin/authentication/researcher-authentication.md' + - 'Managing AI Intiatives' : - 'Overview' : 'admin/aiinitiatives/overview.md' - 'Managing your Organization' : @@ -213,7 +217,7 @@ nav: # - 'Node Pools' : 'admin/aiinitiatives/resources/node-pools.md' - 'User Interface' : - 'Overview' : 'admin/admin-ui-setup/overview.md' - - 'Users' : 'admin/admin-ui-setup/admin-ui-users.md' +# - 'Users' : 'admin/admin-ui-setup/admin-ui-users.md' # - 'Projects' : 'admin/admin-ui-setup/project-setup.md' # - 'Departments' : 'admin/admin-ui-setup/department-setup.md' - 'Dashboard Analysis' : 'admin/admin-ui-setup/dashboard-analysis.md'