Add TLS certification after creating cluster (kubeflow#317)

* project creation * remove project_creation * add kuber-rsa to worker image * add kube-rsa to image * remove blank line
Linchin · Feb 28, 2019 · 060df44 · 060df44
1 parent cb2c60a
commit 060df44
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 2 deletions.
diff --git a/images/Dockerfile b/images/Dockerfile
@@ -50,9 +50,11 @@ RUN cd /tmp && \
     tar -C /usr/local -xzf go.tar.gz
 
 # Install gcloud
-ENV PATH=/usr/local/go/bin:/google-cloud-sdk/bin:/workspace:${PATH} \
+ENV PATH=/root/go/bin:/usr/local/go/bin:/google-cloud-sdk/bin:/workspace:${PATH} \
     CLOUDSDK_CORE_DISABLE_PROMPTS=1
 
+RUN go get github.com/kelseyhightower/kube-rsa
+
 RUN wget -q https://dl.google.com/dl/cloudsdk/channels/rapid/google-cloud-sdk.tar.gz && \
     tar xzf google-cloud-sdk.tar.gz -C / && \
     rm google-cloud-sdk.tar.gz && \
@@ -142,7 +144,7 @@ RUN cd /tmp/ && \
 RUN pip3 install pipenv==2018.10.9
 RUN cd /tmp/ && pipenv install --system --three
 
-RUN pip install yq 
+RUN pip install yq
 
 COPY checkout.sh /usr/local/bin
 RUN chmod a+x /usr/local/bin/checkout.sh

diff --git a/py/kubeflow/testing/create_kf_instance.py b/py/kubeflow/testing/create_kf_instance.py
@@ -155,6 +155,13 @@ def main(): # pylint: disable=too-many-locals,too-many-statements
             "--zone", args.zone,
             "--update-labels", ",".join(label_args)],
            cwd=app_dir)
+  util.run(["gcloud", "container", "clusters", "get-credentials", name,
+            "--zone", args.zone,
+            "--protject", args.project])
+  tls_endpoint = "--host=%s.endpoints.kubeflow-ci.cloud.goog" % name
+  util.run(["kube-rsa", tls_endpoint])
+  util.run(["kubectl", "-n", "kubeflow", "create", "secret", "tls",
+           "envoy-ingress-tls", "--cert=ca.pem", "--key=ca-key.pem"])
 
 if __name__ == "__main__":
   main()