New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Updates to iap component to support private clusters #1396
Updates to iap component to support private clusters #1396
Conversation
components/iap-enabler/Dockerfile
Outdated
@@ -0,0 +1,3 @@ | |||
FROM google/cloud-sdk:alpine | |||
|
|||
RUN apk add --update jq |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should also move the curl to install kubectl (and bump it to 1.11) from the shell script to the Dockerfile.
kubeflow/core/setup_iap.sh
Outdated
[ -z ${CLIENT_ID} ] && echo Error CLIENT_ID must be set && exit 1 | ||
[ -z ${CLIENT_SECRET} ] && echo Error CLIENT_SECRET must be set && exit 1 | ||
[ -z ${NAMESPACE} ] && echo Error NAMESPACE must be set && exit 1 | ||
[ -z ${SERVICE} ] && echo Error SERVICE must be set && exit 1 | ||
|
||
apk add --update jq | ||
curl https://storage.googleapis.com/kubernetes-release/release/v1.9.4/bin/linux/amd64/kubectl > /usr/local/bin/kubectl && chmod +x /usr/local/bin/kubectl |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Add this curl to the Dockerfile and delete from this script.
@@ -9,7 +9,6 @@ | |||
[ -z ${NAMESPACE} ] && echo Error NAMESPACE must be set && exit 1 | |||
[ -z ${SERVICE} ] && echo Error SERVICE must be set && exit 1 | |||
|
|||
apk add --update jq | |||
curl https://storage.googleapis.com/kubernetes-release/release/v1.9.4/bin/linux/amd64/kubectl > /usr/local/bin/kubectl && chmod +x /usr/local/bin/kubectl |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Add this curl to the Dockerfile and delete from this script. Also bump it to v1.11.0.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just a couple suggestions, otherwise looks good to me.
Done |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/LGTM
components/iap-enabler/README.md
Outdated
@@ -0,0 +1,10 @@ | |||
# IAP Enabler | |||
|
|||
IAP Enabler is a docker image which is used to enable iap. We build this and push it to gcr so that it can be used in private GKE clusters |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we use BackendConfig now to enable IAP. I think this is only used to set the timeout on the loadbalancer.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll rebase this once #1327 gets merged
nit: please update PR description to describe changes that are needed. |
This is updated and ready for review |
@ankushagarwal it looks like we now omit installing the Certificate resource for private clusters, should we also omit installing the cert-manager component for private clusters since it won't be used? |
I've added it to docs here : https://master.kubeflow.org/docs/started/getting-started-gke/ |
Great! /LGTM |
[APPROVALNOTIFIER] This PR is APPROVED Approval requirements bypassed by manually added approval. This pull-request has been approved by: The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
* Remove v1alpha3 files * Modify SDK * Change dict() to object
* Migrate AWS manifest to v3 pattern * Clean up tests files * Add istio namespace to istio ingress * Update KFP pipeline test case for aws stack
Docs changes are here : kubeflow/website#173
privateGKECluster
andingressSetupImage
flags to iap prototype/cc @jlewi @danisla
This change is