Consolidate GKE deployment script (#985)

* Consolidate GKE deployment script, update required variables with OAuth2 credentials

* Restore comments from create_k8s_secrets.sh

* Ignore namespace/secret creation errors

* Add script title comments

* Remove OAuth2 credentials, must be separately injected into environment

docs/gke/configs/deploy.sh

@@ -0,0 +1,78 @@
+#!/usr/bin/env bash
+
+##
+# This utility script can be used to deploy Kubeflow end-to-end.
+# A few variables are required and can be set in `env-kubeflow.sh`.
+# Detailed instructions can be found at https://www.kubeflow.org/docs/getting-started-gke.
+# In summary, update `cluster-kubeflow.yaml`, load required variables
+# into environment (optionally from `env-kubeflow.sh`) and execute the script.
+# Usage:
+#   $ . env-kubeflow.sh
+#   $ ./deploy.sh
+#
+
+set -e
+
+# Required Variables
+export PROJECT=${PROJECT:-}
+export DEPLOYMENT_NAME=${DEPLOYMENT_NAME:-}
+export ZONE=${ZONE:-}
+export CONFIG_FILE=${CONFIG_FILE:-}
+export CLIENT_ID=${CLIENT_ID:-}
+export CLIENT_SECRET=${CLIENT_SECRET:-}
+
+if [ -z "${PROJECT}" ] || \
+   [ -z "${DEPLOYMENT_NAME}" ] || \
+   [ -z "${ZONE}" ] || \
+   [ -z "${CONFIG_FILE}" ] || \
+   [ -z "${CLIENT_ID}" ] || \
+   [ -z "${CLIENT_SECRET}" ]; then
+  echo 'Required variables missing. Please check again!'
+  exit 1
+fi
+
+if [[ ! -f "${CONFIG_FILE}" ]]; then
+  echo "Config file ${CONFIG_FILE} does not exist!"
+  exit 1
+fi
+
+# Computed Variables
+export PROJECT_NUMBER=`gcloud projects describe ${PROJECT} --format='value(project_number)'`
+export SA_EMAIL=${DEPLOYMENT_NAME}-admin@${PROJECT}.iam.gserviceaccount.com
+export USER_EMAIL=${DEPLOYMENT_NAME}-user@${PROJECT}.iam.gserviceaccount.com
+export USER_SECRET_NAME=${DEPLOYMENT_NAME}-user
+export K8S_ADMIN_NAMESPACE=kubeflow-admin
+export K8S_NAMESPACE=kubeflow
+
+# Enable GCloud APIs
+gcloud services enable deploymentmanager.googleapis.com
+gcloud services enable servicemanagement.googleapis.com
+
+# Set IAM Admin Policy
+gcloud projects add-iam-policy-binding ${PROJECT} \
+   --member serviceAccount:${PROJECT_NUMBER}@cloudservices.gserviceaccount.com \
+   --role roles/resourcemanager.projectIamAdmin
+
+# Run Deployment Manager
+gcloud deployment-manager --project=${PROJECT} deployments create ${DEPLOYMENT_NAME} --config=${CONFIG_FILE}
+
+# TODO(jlewi): We should name the secrets more consistently based on the service account name.
+# We will need to update the component configs though
+gcloud --project=${PROJECT} iam service-accounts keys create ${SA_EMAIL}.json --iam-account ${SA_EMAIL}
+gcloud --project=${PROJECT} iam service-accounts keys create ${USER_EMAIL}.json --iam-account ${USER_EMAIL}
+
+# Set credentials for kubectl context
+gcloud --project=${PROJECT} container clusters get-credentials --zone=${ZONE} ${DEPLOYMENT_NAME}
+
+# Ignore errors from now onwards. If secret/namespace already exists just keep going.
+unset -e
+
+# The namespace kubeflow may not exist yet because the bootstrapper can't run until the admin-gcp-sa
+# secret is created.
+kubectl create namespace ${K8S_NAMESPACE}
+
+# We want the secret name to be the same by default for all clusters so that users don't have to set it manually.
+kubectl create secret generic --namespace=${K8S_ADMIN_NAMESPACE} admin-gcp-sa --from-file=admin-gcp-sa.json=./${SA_EMAIL}.json
+kubectl create secret generic --namespace=${K8S_NAMESPACE} admin-gcp-sa --from-file=admin-gcp-sa.json=./${SA_EMAIL}.json
+kubectl create secret generic --namespace=${K8S_NAMESPACE} user-gcp-sa --from-file=user-gcp-sa.json=./${USER_EMAIL}.json
+kubectl create secret generic --namespace=${K8S_NAMESPACE} kubeflow-oauth --from-literal=CLIENT_ID=${CLIENT_ID} --from-literal=CLIENT_SECRET=${CLIENT_SECRET}

docs/gke/configs/env-kubeflow.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 #
 # Script that defines various environment variables.
 # This is script defines values for all the variables used in
@@ -18,6 +18,3 @@ export ZONE=us-east1-d
 
 # Set config file to the YAML file defining your deployment manager configs.
 export CONFIG_FILE=cluster-kubeflow.yaml
-
-# Get the project number
-export PROJECT_NUMBER=`gcloud projects describe ${PROJECT} --format='value(project_number)'`